Barnacles Mating Optimizer with Hopfield Neural Network Based Intrusion Detection in Internet of Things Environment

Owing to the development and expansion of energy-aware sensing devices and autonomous and intelligent systems, the Internet of Things (IoT) has gained remarkable growth and found uses in several day-to-day applications. Currently, the Internet of Things (IoT) network is gradually developing ubiquitous connectivity amongst distinct new applications namely smart homes, smart grids, smart cities, and several others. The developing network of smart devices and objects allows people to make smart decisions with machine to machine (M2M) communications. One of the real-world security and IoT-related challenges was vulnerable to distinct attacks which poses several security and privacy challenges. Thus, an IoT provides effective and efficient solutions. An Intrusion Detection System (IDS) is a solution for addressing security and privacy challenges with identifying distinct IoT attacks. This study develops a new Barnacles Mating Optimizer with Hopfield Neural Network based Intrusion Detection (BMOHNN-ID) in IoT environment. The presented BMOHNN-ID technique majorly concentrates on the detection and classification of intrusions from IoT environments. In order to attain this, the BMOHNN-ID technique primarily pre-processes the input data for transforming it into a compatible format. Next, the HNN model was employed for the effectual recognition and classification of intrusions from IoT environments. Moreover, the BMO technique was exploited to optimally modify the parameters related to the HNN model. When a list of possible susceptibilities of every device is ordered, every device is profiled utilizing data related to every device. It comprises routing data, the reported hostname, network flow, and topology. This data was offered to the external modules for digesting the data via REST API model. The experimental values assured that the BMOHNN-ID model has gained effectual intrusion classification performance over the other models

TOWARDS A HOLISTIC EFFICIENT STACKING ENSEMBLE INTRUSION DETECTION SYSTEM USING NEWLY GENERATED HETEROGENEOUS DATASETS

With the exponential growth of network-based applications globally, there has been a transformation in organizations\u27 business models. Furthermore, cost reduction of both computational devices and the internet have led people to become more technology dependent. Consequently, due to inordinate use of computer networks, new risks have emerged. Therefore, the process of improving the speed and accuracy of security mechanisms has become crucial.Although abundant new security tools have been developed, the rapid-growth of malicious activities continues to be a pressing issue, as their ever-evolving attacks continue to create severe threats to network security. Classical security techniquesfor instance, firewallsare used as a first line of defense against security problems but remain unable to detect internal intrusions or adequately provide security countermeasures. Thus, network administrators tend to rely predominantly on Intrusion Detection Systems to detect such network intrusive activities. Machine Learning is one of the practical approaches to intrusion detection that learns from data to differentiate between normal and malicious traffic. Although Machine Learning approaches are used frequently, an in-depth analysis of Machine Learning algorithms in the context of intrusion detection has received less attention in the literature.Moreover, adequate datasets are necessary to train and evaluate anomaly-based network intrusion detection systems. There exist a number of such datasetsas DARPA, KDDCUP, and NSL-KDDthat have been widely adopted by researchers to train and evaluate the performance of their proposed intrusion detection approaches. Based on several studies, many such datasets are outworn and unreliable to use. Furthermore, some of these datasets suffer from a lack of traffic diversity and volumes, do not cover the variety of attacks, have anonymized packet information and payload that cannot reflect the current trends, or lack feature set and metadata.This thesis provides a comprehensive analysis of some of the existing Machine Learning approaches for identifying network intrusions. Specifically, it analyzes the algorithms along various dimensionsnamely, feature selection, sensitivity to the hyper-parameter selection, and class imbalance problemsthat are inherent to intrusion detection. It also produces a new reliable dataset labeled Game Theory and Cyber Security (GTCS) that matches real-world criteria, contains normal and different classes of attacks, and reflects the current network traffic trends. The GTCS dataset is used to evaluate the performance of the different approaches, and a detailed experimental evaluation to summarize the effectiveness of each approach is presented. Finally, the thesis proposes an ensemble classifier model composed of multiple classifiers with different learning paradigms to address the issue of detection accuracy and false alarm rate in intrusion detection systems

Strengthening intrusion detection system for adversarial attacks:Improved handling of imbalance classification problem

Most defence mechanisms such as a network-based intrusion detection system (NIDS) are often sub-optimal for the detection of an unseen malicious pattern. In response, a number of studies attempt to empower a machine-learning-based NIDS to improve the ability to recognize adversarial attacks. Along this line of research, the present work focuses on non-payload connections at the TCP stack level, which is generalized and applicable to different network applications. As a compliment to the recently published investigation that searches for the most informative feature space for classifying obfuscated connections, the problem of class imbalance is examined herein. In particular, a multiple-clustering-based undersampling framework is proposed to determine the set of cluster centroids that best represent the majority class, whose size is reduced to be on par with that of the minority. Initially, a pool of centroids is created using the concept of ensemble clustering that aims to obtain a collection of accurate and diverse clusterings. From that, the final set of representatives is selected from this pool. Three different objective functions are formed for this optimization driven process, thus leading to three variants of FF-Majority, FF-Minority and FF-Overall. Based on the thorough evaluation of a published dataset, four classification models and different settings, these new methods often exhibit better predictive performance than its baseline, the single-clustering undersampling counterpart and state-of-the-art techniques. Parameter analysis and implication for analyzing an extreme case are also provided as a guideline for future applications

Classification of Adversarial Attacks Using Ensemble Clustering Approach

As more business transactions and information services have been implemented via communication networks, both personal and organization assets encounter a higher risk of attacks. To safeguard these, a perimeter defence like NIDS (network-based intrusion detection system) can be effective for known intrusions. There has been a great deal of attention within the joint community of security and data science to improve machine-learning based NIDS such that it becomes more accurate for adversarial attacks, where obfuscation techniques are applied to disguise patterns of intrusive traffics. The current research focuses on non-payload connections at the TCP (transmission control protocol) stack level that is applicable to different network applications. In contrary to the wrapper method introduced with the benchmark dataset, three new filter models are proposed to transform the feature space without knowledge of class labels. These ECT (ensemble clustering based transformation) techniques, i.e., ECT-Subspace, ECT-Noise and ECT-Combined, are developed using the concept of ensemble clustering and three different ensemble generation strategies, i.e., random feature subspace, feature noise injection and their combinations. Based on the empirical study with published dataset and four classification algorithms, new models usually outperform that original wrapper and other filter alternatives found in the literature. This is similarly summarized from the first experiment with basic classification of legitimate and direct attacks, and the second that focuses on recognizing obfuscated intrusions. In addition, analysis of algorithmic parameters, i.e., ensemble size and level of noise, is provided as a guideline for a practical use

Detecting Prominent Features and Classifying Network Traffic for Securing Internet of Things Based on Ensemble Methods

abstract: Rapid growth of internet and connected devices ranging from cloud systems to internet of things have raised critical concerns for securing these systems. In the recent past, security attacks on different kinds of devices have evolved in terms of complexity and diversity. One of the challenges is establishing secure communication in the network among various devices and systems. Despite being protected with authentication and encryption, the network still needs to be protected against cyber-attacks. For this, the network traffic has to be closely monitored and should detect anomalies and intrusions. Intrusion detection can be categorized as a network traffic classification problem in machine learning. Existing network traffic classification methods require a lot of training and data preprocessing, and this problem is more serious if the dataset size is huge. In addition, the machine learning and deep learning methods that have been used so far were trained on datasets that contain obsolete attacks. In this thesis, these problems are addressed by using ensemble methods applied on an up to date network attacks dataset. Ensemble methods use multiple learning algorithms to get better classification accuracy that could be obtained when the corresponding learning algorithm is applied alone. This dataset for network traffic classification has recent attack scenarios and contains over fifteen attacks. This approach shows that ensemble methods can be used to classify network traffic and detect intrusions with less training times of the model, and lesser pre-processing without feature selection. In addition, this thesis also shows that only with less than ten percent of the total features of input dataset will lead to similar accuracy that is achieved on whole dataset. This can heavily reduce the training times and classification duration in real-time scenarios.Dissertation/ThesisMasters Thesis Computer Science 201

Heuristic Optimization Algorithm with Ensemble Learning Model for Intelligent Intrusion Detection and Classification

Intrusion Detection (ID) for network security prevents and detects malicious behaviours or unauthorized activities that occurs in the network. An ID System (IDS) refers to a safety tool that monitors events or network traffic for responding to and identifying illegal access attempts or malevolent activities. IDS had a vital role in network security by finding and alerting security teams or administrators about security breaches or potential intrusions. Machine Learning (ML) methods are utilized for ID by training methods for recognizing behaviours and patterns linked with intrusions. Deep Learning (DL) methods are implemented to learn complicated representations and patterns in network data. DL methods have witnessed promising outcomes in identifying network intrusions by automatically learning discriminatory features from raw network traffic. This article presents a new Teaching and Learning based Optimization with Ensemble Learning Model for Intelligent Intrusion Detection and Classification (TLBOEL-IDC) technique. The presented TLBOEL-IDC method mainly detects and classifies the intrusions in the network. To attain this, the TLBOEL-IDC method primarily preprocesses the input networking data. Besides, the TLBOEL-IDC technique involves the design of an ensemble classifier by the integration of three DL models called Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Bidirectional LSTM (BLSTM). Moreover, the hyperparameter tuning of the DL models takes place using the TLBO approach that improves the overall ID outputs. The simulation assessment of the TLBOEL-IDC approach takes place on a benchmark dataset and the outputs are measured under various factors. The comparative evaluation emphasized the best accomplishment of the TLBOEL-IDC technique over other present models by means of diverse metrics