A new proactive feature selection model based on the enhanced optimization algorithms to detect DRDoS attacks

Cyberattacks have grown steadily over the last few years. The distributed reflection denial of service (DRDoS) attack has been rising, a new variant of distributed denial of service (DDoS) attack. DRDoS attacks are more difficult to mitigate due to the dynamics and the attack strategy of this type of attack. The number of features influences the performance of the intrusion detection system by investigating the behavior of traffic. Therefore, the feature selection model improves the accuracy of the detection mechanism also reduces the time of detection by reducing the number of features. The proposed model aims to detect DRDoS attacks based on the feature selection model, and this model is called a proactive feature selection model proactive feature selection (PFS). This model uses a nature-inspired optimization algorithm for the feature subset selection. Three machine learning algorithms, i.e., k-nearest neighbor (KNN), random forest (RF), and support vector machine (SVM), were evaluated as the potential classifier for evaluating the selected features. We have used the CICDDoS2019 dataset for evaluation purposes. The performance of each classifier is compared to previous models. The results indicate that the suggested model works better than the current approaches providing a higher detection rate (DR), a low false-positive rate (FPR), and increased accuracy detection (DA). The PFS model shows better accuracy to detect DRDoS attacks with 89.59%

Metaheuristic-Based Neural Network Training And Feature Selector For Intrusion Detection

Intrusion Detection (ID) in the context of computer networks is an essential technique in modern defense-in-depth security strategies. As such, Intrusion Detection Systems (IDSs) have received tremendous attention from security researchers and professionals. An important concept in ID is anomaly detection, which amounts to the isolation of normal behavior of network traffic from abnormal (anomaly) events. This isolation is essentially a classification task, which led researchers to attempt the application of well-known classifiers from the area of machine learning to intrusion detection. Neural Networks (NNs) are one of the most popular techniques to perform non-linear classification, and have been extensively used in the literature to perform intrusion detection. However, the training datasets usually compose feature sets of irrelevant or redundant information, which impacts the performance of classification, and traditional learning algorithms such as backpropagation suffer from known issues, including slow convergence and the trap of local minimum. Those problems lend themselves to the realm of optimization. Considering the wide success of swarm intelligence methods in optimization problems, the main objective of this thesis is to contribute to the improvement of intrusion detection technology through the application of swarm-based optimization techniques to the basic problems of selecting optimal packet features, and optimal training of neural networks on classifying those features into normal and attack instances. To realize these objectives, the research in this thesis follows three basic stages, succeeded by extensive evaluations

Zero-day Network Intrusion Detection using Machine Learning Approach

Zero-day network attacks are a growing global cybersecurity concern. Hackers exploit vulnerabilities in network systems, making network traffic analysis crucial in detecting and mitigating unauthorized attacks. However, inadequate and ineffective network traffic analysis can lead to prolonged network compromises. To address this, machine learning-based zero-day network intrusion detection systems (ZDNIDS) rely on monitoring and collecting relevant information from network traffic data. The selection of pertinent features is essential for optimal ZDNIDS performance given the voluminous nature of network traffic data, characterized by attributes. Unfortunately, current machine learning models utilized in this field exhibit inefficiency in detecting zero-day network attacks, resulting in a high false alarm rate and overall performance degradation. To overcome these limitations, this paper introduces a novel approach combining the anomaly-based extended isolation forest algorithm with the BAT algorithm and Nevergrad. Furthermore, the proposed model was evaluated using 5G network traffic, showcasing its effectiveness in efficiently detecting both known and unknown attacks, thereby reducing false alarms when compared to existing systems. This advancement contributes to improved internet security

An Effective Dual Level Flow Optimized AlexNet-BiGRU Model for Intrusion Detection in Cloud Computing

In recent years, several existing techniques have been developed to solve security issues in cloud systems. The proposed study intends to develop an effective deep-learning mechanism for detecting network intrusions. The proposed study involves three stages pre-processing, feature selection and classification. Initially, the available noises in the input data are eliminated by pre-processing via data cleaning, discretization and normalization. The large feature dimensionality of pre-processed data is reduced by selecting optimal features using the wild horse optimization-based feature selection (WHO-FS) model. The selected features are then input into a proposed dual-level flow optimized AlexNet-BiGRU detection model (DLFAB-IDS). Whereas the flow direction algorithm (FDA) approach optimally tunes the hyperparameters and helps to enhance the classification performance. In the proposed model, the intrusions are detected by AlexNet and the multiclass classification is performed through the BiGRU method. The proposed study used the NSL-KDD dataset, and the simulation was done by Python tool. The efficacy of a proposed model is measured by evaluating several performance metrics. The comparison over other existing techniques shows that the proposed model brings higher performance in terms of accuracy 96.81%, recall 95.84%, precision 96.24%, f1-score 96.75%, prediction time 0.43s and training time 152.84s

Network Intrusion Detection System:A systematic study of Machine Learning and Deep Learning approaches

The rapid advances in the internet and communication fields have resulted in ahuge increase in the network size and the corresponding data. As a result, manynovel attacks are being generated and have posed challenges for network secu-rity to accurately detect intrusions. Furthermore, the presence of the intruderswiththeaimtolaunchvariousattackswithinthenetworkcannotbeignored.Anintrusion detection system (IDS) is one such tool that prevents the network frompossible intrusions by inspecting the network traffic, to ensure its confidential-ity, integrity, and availability. Despite enormous efforts by the researchers, IDSstillfaceschallengesinimprovingdetectionaccuracywhilereducingfalsealarmrates and in detecting novel intrusions. Recently, machine learning (ML) anddeep learning (DL)-based IDS systems are being deployed as potential solutionsto detect intrusions across the network in an efficient manner. This article firstclarifiestheconceptofIDSandthenprovidesthetaxonomybasedonthenotableML and DL techniques adopted in designing network-based IDS (NIDS) sys-tems. A comprehensive review of the recent NIDS-based articles is provided bydiscussing the strengths and limitations of the proposed solutions. Then, recenttrends and advancements of ML and DL-based NIDS are provided in terms ofthe proposed methodology, evaluation metrics, and dataset selection. Using theshortcomings of the proposed methods, we highlighted various research chal-lenges and provided the future scope for the research in improving ML andDL-based NIDS

A novel intrusion detection system for internet of things devices and data

As we enter the new age of the Internet of Things (IoT) and wearable gadgets, sensors, and embedded devices are extensively used for data aggregation and its transmission. The extent of the data processed by IoT networks makes it vulnerable to outside attacks. Therefore, it is important to design an intrusion detection system (IDS) that ensures the security, integrity, and confidentiality of IoT networks and their data. State-of-the-art IDSs have poor detection capabilities and incur high communication and device overhead, which is not ideal for IoT applications requiring secured and real-time processing. This research presents a teaching-learning-based optimization enabled intrusion detection system (TLBO-IDS) which effectively protects IoT networks from intrusion attacks and also ensures low overhead at the same time. The proposed TLBO-IDS can detect analysis attacks, fuzzing attacks, shellcode attacks, worms, denial of service (Dos) attacks, exploits, and backdoor intrusion attacks. TLBO-IDS is extensively tested and its performance is compared with state-of-the-art algorithms. In particular, TLBO-IDS outperforms the bat algorithm and genetic algorithm (GA)

BAT Algorithm-Based Multi-Class Crop Leaf Disease Prediction Bootstrap Model

In the task of identification of infected agriculture plants, the leaf-based disease identification technique is especially effective in better understand crop disease among various techniques to detect infection. Recognition of an infected leaf image from healthy images gets encumbered when the model is required to detect the type of leaf disease. This paper presents a BAT-based crop disease prediction bootstrap model (BCDPBM) that identifies the health of the leaf and performs disease prediction. The BAT algorithm in the proposed model increases the capability of the Gaussian mixture model for foreground region detection. Furthermore, in the work, the co-occurrence matrix feature and histogram feature are extracted for the training of the bootstrap model. Hence, leaf foreground detection by the BAT algorithm with the Gaussian mixture improves the feature extraction quality for bootstrap learning. The proposed model utilizes a dataset of real leaf images for conducting experiments. The results of the model are compared with different existing models across various parameters. The results show the prediction accuracy enhancement of multiclass leaf disease using the BCDPBM model

Reliable Machine Learning Model for IIoT Botnet Detection

Due to the growing number of Internet of Things (IoT) devices, network attacks like denial of service (DoS) and floods are rising for security and reliability issues. As a result of these attacks, IoT devices suffer from denial of service and network disruption. Researchers have implemented different techniques to identify attacks aimed at vulnerable Internet of Things (IoT) devices. In this study, we propose a novel features selection algorithm FGOA-kNN based on a hybrid filter and wrapper selection approaches to select the most relevant features. The novel approach integrated with clustering rank the features and then applies the Grasshopper algorithm (GOA) to minimize the top-ranked features. Moreover, a proposed algorithm, IHHO, selects and adapts the neural network’s hyper parameters to detect botnets efficiently. The proposed Harris Hawks algorithm is enhanced with three improvements to improve the global search process for optimal solutions. To tackle the problem of population diversity, a chaotic map function is utilized for initialization. The escape energy of hawks is updated with a new nonlinear formula to avoid the local minima and better balance between exploration and exploitation. Furthermore, the exploitation phase of HHO is enhanced using a new elite operator ROBL. The proposed model combines unsupervised, clustering, and supervised approaches to detect intrusion behaviors. The N-BaIoT dataset is utilized to validate the proposed model. Many recent techniques were used to assess and compare the proposed model’s performance. The result demonstrates that the proposed model is better than other variations at detecting multiclass botnet attacks

A Predictive Model for Network Intrusion Detection System Using Deep Neural Network

Network Intrusion Detection System (NIDS) is an important part of Cyber safety and security. It plays a key role in all networked ICT systems in detecting rampant attacks such as Denial of Service (DoS) and ransom ware attacks. Existing methods are inadequate in terms of accuracy detection of attacks. However, the requirement for high accuracy detection of attacks using Deep Neural Network requires expensive computing resources which in turn make most organisations, and individuals shy away from it. This study therefore aims at designing a predictive model for network intrusion detection using deep neural networks with very limited computing resources. The study adopted Cross Industry Standard Process for Data Mining (CRISP-DM) as one of the formal methodologies and python was used for both testing and training, using crucial parameters such as the learning rate, number of epochs, neurons and hidden layers which greatly determined the accuracy level of the DNN algorithm. These parameters were experimented with values that are lesser compared to previous studies, training and evaluation were also done on the KDD99 data-set. The varying values of accuracy obtained from this study on four models with different numbers of layers of 50-epochs and learning rate of 0.01 achieved competitive results in comparison with the previous research of 100-1000 epochs and learning rate of 0.1. Therefore, the model with two layers attained same accuracy of 0.955 as the model with three layers from the previous study out of the four models tested in this study. Also, the models with three and four layers in this study attained an accuracy of 0.956, which is 0.001greater than the previous study's models. Keywords: Network-Based IDS, Host-Based IDS, Deep Neural Network, Denial of Service, Knowledge Discovery Datase