Introduction on intrusion detection systems : focus on hierarchical analysis

In today\u27s fast paced computing world security is a main concern. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. This paper will examine various intrusion detection systems. The task of intrusion detection is to monitor usage of a system and detect and malicious activity, therefore, the architecture is a key component when studying intrusion detection systems. This thesis will also analyze various neural networks for statistical anomaly intrusion detection systems. The thesis will focus on the Hierarchical Intrusion Detection system (HIDE) architecture. The HIDE system detects network based attack as anomalies using statistical preprocessing and neural network classification. The thesis will conclude with studies conducted on the HIDE architecture. The studies conducted on the HIDE architecture indicate how the hierarchical multi-tier anomaly intrusion detection system is an effective one

An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks

A Network Intrusion Detection System is a critical component of every internet-connected system due to likely attacks from both external and internal sources. Such Security systems are used to detect network born attacks such as flooding, denial of service attacks, malware, and twin-evil intruders that are operating within the system. Neural networks have become an increasingly popular solution for network intrusion detection. Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. In this paper, we have applied a deep autoencoded dense neural network algorithm for detecting intrusion or attacks in 5G and IoT network. We evaluated the algorithm with the benchmark Aegean Wi-Fi Intrusion dataset. Our results showed an excellent performance with an overall detection accuracy of 99.9% for Flooding, Impersonation and Injection type of attacks. We also presented a comparison with recent approaches used in literature which showed a substantial improvement in terms of accuracy and speed of detection with the proposed algorithm

An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks

A Network Intrusion Detection System is a critical component of every internet-connected system due to likely attacks from both external and internal sources. Such Security systems are used to detect network born attacks such as flooding, denial of service attacks, malware, and twin-evil intruders that are operating within the system. Neural networks have become an increasingly popular solution for network intrusion detection. Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. In this paper, we have applied a deep autoencoded dense neural network algorithm for detecting intrusion or attacks in 5G and IoT network. We evaluated the algorithm with the benchmark Aegean Wi-Fi Intrusion dataset. Our results showed an excellent performance with an overall detection accuracy of 99.9% for Flooding, Impersonation and Injection type of attacks. We also presented a comparison with recent approaches used in literature which showed a substantial improvement in terms of accuracy and speed of detection with the proposed algorithm

A new approach for detecting intrusions based on the PCA neural networks

ABSTRACT Intrusion Detection System (IDS) is an effective tool that can help to prevent unauthorized access to network resources. A good intrusion detection system should have higher detection rate and lower false positive. A new classification system using Principal Component Analysis (PCA) neural networks for ID is proposed to detect intrusions from normal connections with satisfactory detection rate and false positive. Experiments and evaluations were performed with the KDD Cup 99 intrusion detection database. Comparison with other approach based on different evaluation parameters showed that proposed approach has noticeable performance with detection rate 99.596% and false positive 0.404% and can classify the network connections with satisfactory performance

Intrusion detection and classification with autoencoded deep neural network

A Network Intrusion Detection System is a critical component of every internet connected system due to likely attacks from both external and internal sources. A NIDS is used to detect network born attacks such as denial of service attacks, malware, and intruders that are operating within the system. Neural networks have become an increasingly popular solution for network intrusion detection. Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. In this paper, we have applied a deep autoencoded dense neural network algorithm for detecting intrusion or attacks in network connection and evaluated the algorithm with the benchmark NSL-KDD dataset. Our results showed an excellent performance with an overall detection accuracy of 99.3% for Probe, Remote to Local, Denial of Service and User to Root type of attacks. We also presented a comparison with recent approaches used in literature which showed a substantial improvement in terms of accuracy and speed of detection with the proposed algorithm

Development of a Reference Design for Intrusion Detection Using Neural Networks for a Smart Inverter

The purpose of this thesis is to develop a reference design for a base level implementation of an intrusion detection module using artificial neural networks that is deployed onto an inverter and runs on live data for cybersecurity purposes, leveraging the latest deep learning algorithms and tools. Cybersecurity in the smart grid industry focuses on maintaining optimal standards of security in the system and a key component of this is being able to detect cyberattacks. Although researchers and engineers aim to design such devices with embedded security, attacks can and do still occur. The foundation for eventually mitigating these attacks and achieving more robust security is to identify them reliably. Thus, a high-fidelity intrusion detection system (IDS) capable of identifying a variety of attacks must be implemented. This thesis provides an implementation of a behavior-based intrusion detection system that uses a recurrent artificial neural network deployed on hardware to detect cyberattacks in real time. Leveraging the growing power of artificial intelligence, the strength of this approach is that given enough data, it is capable of learning to identify highly complex patterns in the data that may even go undetected by humans. By intelligently identifying malicious activity at the fundamental behavior level, the IDS remains robust against new methods of attack. This work details the process of collecting and simulating data, selecting the particular algorithm, training the neural network, deploying the neural network onto hardware, and then being able to easily update the deployed model with a newly trained one. The full system is designed with a focus on modularity, such that it can be easily adapted to perform well on different use cases, different hardware, and fulfill changing requirements. The neural network behavior-based IDS is found to be a very powerful method capable of learning highly complex patterns and identifying intrusion from different types of attacks using a single unified algorithm, achieving up to 98% detection accuracy in distinguishing between normal and anomalous behavior. Due to the ubiquitous nature of this approach, the pipeline developed here can be applied in the future to build in more and more sophisticated detection abilities depending on the desired use case. The intrusion detection module is implemented in an ARM processor that exists at the communication layer of the inverter. There are four main components described in this thesis that explain the process of deploying an artificial neural network intrusion detection algorithm onto the inverter: 1) monitoring and collecting data through a front-end web based graphical user interface that interacts with a Digital Signal Processor that is connected to power-electronics, 2) simulating various malicious datasets based on attack vectors that violate the Confidentiality-Integrity-Availability security model, 3) training and testing the neural network to ensure that it successfully identifies normal behavior and malicious behavior with a high degree of accuracy, and lastly 4) deploying the machine learning algorithm onto the hardware and having it successfully classify the behavior as normal or malicious with the data feeding into the model running in real time. The results from the experimental setup will be analyzed, a conclusion will be made based upon the work, and lastly discussions of future work and optimizations will be discussed

An Architectural Design to Address the Impact of Adaptations on Intrusion Detection Systems

Many self-adaptive, autonomous systems rely on component technologies to report anomalies to planning processes that can choose adaptations. What if the analysis technologies themselves need to be adapted? We consider an intrusion detection system (IDS) supported by two component technologies that assist its decision making: a neural network that finds security anomalies and an attack graph that informs the IDS about system states of interest. The IDS’s purpose is to send alerts regarding security anomalies. Planning processes respond to alerts by selecting mitigation strategies. Mitigations are imposed system-wide and can result in adaptations to the analysis technology, such as the IDS. Thus, without adaptation it may reach a state of stagnation in its detection quality. In this paper, we describe an architectural design for an adaptive layer that works directly with an IDS. We examine two use cases involving different mitigation strategies and their impact on the IDS’s supporting components

New Anomaly Network Intrusion Detection System in Cloud Environment Based on Optimized Back Propagation Neural Network Using Improved Genetic Algorithm

Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over an open environment (Internet), this lead to different matters related to the security and privacy in cloud computing. Thus, defending network accessible Cloud resources and services from various threats and attacks is of great concern. To address this issue, it is essential to create an efficient and effective Network Intrusion System (NIDS) to detect both outsider and insider intruders with high detection precision in the cloud environment. NIDS has become popular as an important component of the network security infrastructure, which detects malicious activities by monitoring network traffic. In this work, we propose to optimize a very popular soft computing tool widely used for intrusion detection namely, Back Propagation Neural Network (BPNN) using an Improved Genetic Algorithm (IGA). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Since,  Learning rate and Momentum term are among the most relevant parameters that impact the performance of BPNN classifier, we have employed IGA to find the optimal or near-optimal values of these two parameters which ensure high detection rate, high accuracy and low false alarm rate. The CloudSim simulator 4.0 and DARPA’s KDD cup datasets 1999 are used for simulation. From the detailed performance analysis, it is clear that the proposed system called “ANIDS BPNN-IGA” (Anomaly NIDS based on BPNN and IGA) outperforms several state-of-art methods and it is more suitable for network anomaly detection

A Deep Learning-Based Framework for Feature Extraction and Classification of Intrusion Detection in Networks

An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as “the big three.” On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.publishedVersio