907 research outputs found

    A Validity-Based Approach for Feature Selection in Intrusion Detection Systems

    Get PDF
    Intrusion detection systems are tools that detect and remedy the presence of malicious activities. Intrusion detection systems face many challenges in terms of accurate analysis and evaluation. One such challenge is the involvement of many features during analysis, which leads to high data volume and ultimately excessive computational overhead. This research surrounds the development of a new intrusion detection system by employing an entropy-based measure called v-measure to select significant features and reduce dimensionality. After the development of the intrusion detection system, this feature reduction technique was tested on public datasets by applying machine learning classifiers such as Decision Tree, Random Forest, and AdaBoost algorithms. We have compared the results of the features selected with other feature selection techniques for correct classification of attacks. The findings demonstrated dimension and data volume reduction while maintaining low false positive rate, low false negative rate, and high detection rate

    An efficient network intrusion detection and classification system

    Get PDF
    Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains. © 2022 by the authors. Licensee MDPI, Basel, Switzerland

    Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

    Get PDF
    A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio

    Integration of Fuzzy with Incremental Import Vector Machine for Intrusion Detection

    Get PDF
    IDM design and implementation remain a difficult undertaking and an unsolved research topic. Multi-dimensional irrelevant characteristics and duplicate information are included in the network dataset. To boost the effectiveness of IDM, a novel hybrid model is developed that combines Fuzzy Genetic Algorithms with Increment Import Vector Machines (FGA-I2VM), which works with huge amounts of both normal and aberrant network data with high detecting accuracy and low false alarm rates. The algorithms chosen for IDM in this stage are machine learning algorithms, which learn, find, and adapt patterns to changing situations over time. Pre-processing is the most essential stage in any IDM, and feature selection is utilized for pre-processing, which is the act of picking a collection or subset of relevant features for the purpose of creating a solution model. Information Gain (IG) is utilized in this FGA-I2VM model to pick features from the dataset for I2VM classification. To train the I2VM classifier, FGA uses three sets of operations to produce a new set of inhabitants with distinct patterns: cross over operation, selection, and finally mutation. The new population is then put into the Import Vector Machine, a strong classifier that has been used to solve a wide range of pattern recognition issues. FGA are quick, especially considering their capacity to discover global optima. Another advantage of FGA is their naturally parallel nature of assessing the individuals within a population. As a classifier, I2VM has self-tuning properties that allow patterns to attain global optimums. The FGA-efficacy I2VM model’s is complemented by information gain, which improves speed and detection accuracy while having a low computing cos

    Deep Neural Networks based Meta-Learning for Network Intrusion Detection

    Full text link
    The digitization of different components of industry and inter-connectivity among indigenous networks have increased the risk of network attacks. Designing an intrusion detection system to ensure security of the industrial ecosystem is difficult as network traffic encompasses various attack types, including new and evolving ones with minor changes. The data used to construct a predictive model for computer networks has a skewed class distribution and limited representation of attack types, which differ from real network traffic. These limitations result in dataset shift, negatively impacting the machine learning models' predictive abilities and reducing the detection rate against novel attacks. To address the challenges, we propose a novel deep neural network based Meta-Learning framework; INformation FUsion and Stacking Ensemble (INFUSE) for network intrusion detection. First, a hybrid feature space is created by integrating decision and feature spaces. Five different classifiers are utilized to generate a pool of decision spaces. The feature space is then enriched through a deep sparse autoencoder that learns the semantic relationships between attacks. Finally, the deep Meta-Learner acts as an ensemble combiner to analyze the hybrid feature space and make a final decision. Our evaluation on stringent benchmark datasets and comparison to existing techniques showed the effectiveness of INFUSE with an F-Score of 0.91, Accuracy of 91.6%, and Recall of 0.94 on the Test+ dataset, and an F-Score of 0.91, Accuracy of 85.6%, and Recall of 0.87 on the stringent Test-21 dataset. These promising results indicate the strong generalization capability and the potential to detect network attacks.Comment: Pages: 15, Figures: 10 and Tables:
    • …
    corecore