A Survey of Intrusion Detection Techniques in Computer Network

As advances in the networking technology help to connect distant corners of the globe and as the Internet continues to expand its influence as a medium for communication, the threat from attackers and criminal enterprises has also grown accordingly. The increasing occurrence of network attacks is a very big issue to the network services. So, Intrusion Detection System has become a necessary component of network security. It is used for detection of many known and unknown network vulnerabilities in wired networks. While the Internet service for any purpose is used, normally who are attacking on the computer network is not known by us. Those network attacks can cause network services slow, temporarily unavailable, or down for a long period of time. The concern on this work is to perusal various methods of networking attacks detection and compare them against these methods by considering their pros and cons

Securing M-voting Using Cloud Intrusion Detection and Prevention System: A New Dawn

Conference ProceedingsDemocracy has been transformed by the introduction of ICT, which is known as e-voting. E-voting is the use of computerised equipment to cast votes. Mvoting is a subset of e-voting and is the use of mobile phones to cast a vote outside the restricted electoral boundaries. M-voting has a feature that is different from other e-voting solutions: the mobile-phone. Mobile-phones are pervasive; they offer connection everywhere at any time. However, using a fast growing device such as mobile-phone as a tool to cast a vote can raise questions when coming to its security. This paper designed and developed a security solution termed a cloud intrusion detection and prevention system which endeavours to secure the voters’ mobile phone while casting their vote. The security system was developed using android version 6.0 for android phones and MySQL. Simulations were used to evaluate the system and results indicate that the proposed system is efficient, reliable and secure

Rough Set-hypergraph-based Feature Selection Approach for Intrusion Detection Systems

Immense growth in network-based services had resulted in the upsurge of internet users, security threats and cyber-attacks. Intrusion detection systems (IDSs) have become an essential component of any network architecture, in order to secure an IT infrastructure from the malicious activities of the intruders. An efficient IDS should be able to detect, identify and track the malicious attempts made by the intruders. With many IDSs available in the literature, the most common challenge due to voluminous network traffic patterns is the curse of dimensionality. This scenario emphasizes the importance of feature selection algorithm, which can identify the relevant features and ignore the rest without any information loss. In this paper, a novel rough set κ-Helly property technique (RSKHT) feature selection algorithm had been proposed to identify the key features for network IDSs. Experiments carried using benchmark KDD cup 1999 dataset were found to be promising, when compared with the existing feature selection algorithms with respect to reduct size, classifier’s performance and time complexity. RSKHT was found to be computationally attractive and flexible for massive datasets

Penerapan Random Forest dan Adaboost untuk Klasifikasi Serangan DDoS

Among the different types of attacks in the field of Information Technology, DDOS attacks are one of the biggest threats to internet sites and pose a devastating risk to the security of computer systems, mainly due to their potential impact. Hence why research in this area is growing rapidly, with researchers focusing on new ways to address intrusion detection and prevention. Machine learning and Artificial Intelligence are some of the latest additions to the list of technologies studied to perform intrusion detection classification. This study explores the behavior and application of DDoS datasets for machine learning in the context of intrusion detection. The flow in this study, first is to collect raw DDoS datasets from reputable sources. After the data is obtained, the final data set is created for modeling. Data management involves data cleansing, data type transformation and data exchange on data collection. The selection process is accompanied by a model. Two separate algorithms, random and adaboost, are used to train a model with a dataset. The model is validated and retrained with a k-fold cross. The model was eventually evaluated using invisible data. The result is determined by various output sizes. In the experiment, DDoS datasets were used: CICDDoS_2019 The intrusion detection performance of this dataset was analyzed using two machine learning models. The dataset is divided in an 80:20 ratio for model training, validation and testing. Machine learning models are selected systematically and carefully to ensure that experiments are conducted in the right way. The results were analyzed using a set of performance metrics, including accuracy, precision, recall, f-measure, and compute tim

Redes neuronales aplicadas al proceso de aprendizaje de un sistema de respuestas a intrusiones automático

La contribución de este artículo es el uso de métodos de aprendizaje automático en la arquitectura realizada dentro del proyecto RECLAMO en trabajos previos. La arquitectura se basa en un AIRS (sistema de respuestas a intrusiones automático) que infiere la respuesta más apropiada a un ataque, teniendo en cuenta el tipo de ataque, la información de contexto del sistema y la red, y la reputación del IDS que ha reportado la alerta. También, es imprescindible conocer el ratio de éxito y fracaso de las respuestas lanzadas ante un ataque, de tal manera que, además de tener un sistema adaptativo, se consiga la capacidad de autoaprendizaje. En este ámbito es donde las redes neuronales entran en juego, aportando la clasificación de éxito/fracaso de las respuestas

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns

There is a semantic gap between the high-level intents of network operators and the low-level configurations that achieve the intents. Previous works tried to bridge the gap using verification or synthesis techniques, both requiring formal specifications of the intended behavior which are rarely available or even known in the real world. This paper discusses an alternative approach for bridging the gap, namely to infer the high-level intents from the low-level network behavior. Specifically, we provide Anime, a framework and a tool that given a set of observed forwarding behavior, automatically infers a set of possible intents that best describe all observations. Our results show that Anime can infer high-quality intents from the low-level forwarding behavior with acceptable performance.Comment: SOSR 202

Analysis of Intelligent Classifiers and Enhancing the Detection Accuracy for Intrusion Detection System

In this paper we discuss and analyze some of the intelligent classifiers which allows for automatic detection and classification of networks attacks for any intrusion detection system. We will proceed initially with their analysis using the WEKA software to work with the classifiers on a well-known IDS (Intrusion Detection Systems) dataset like NSL-KDD dataset. The NSL-KDD dataset of network attacks was created in a military network by MIT Lincoln Labs. Then we will discuss and experiment some of the hybrid AI (Artificial Intelligence) classifiers that can be used for IDS, and finally we developed a Java software with three most efficient classifiers and compared it with other options. The outputs would show the detection accuracy and efficiency of the single and combined classifiers used