A survey of intrusion detection system technologies

This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting Supervisory Control And Data Acquisition (SCADA) and Cloud networks. Also by providing a review of varied studies ranging from issues in configuration and specific problems to custom techniques and cutting edge studies a reference can be provided to others interested in learning about and developing IDS solutions. Intrusion Detection is an area of much required study to provide solutions to satisfy evolving services and networks and systems that support them. This paper aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection

Leveraging Machine Learning for Network Intrusion Detection in Social Internet Of Things (SIoT) Systems

This research investigates the application of machine learning models for network intrusion detection in the context of Social Internet of Things (SIoT) systems. We evaluate Convolutional Neural Network with Generative Adversarial Network (CNN+GAN), Generative Adversarial Network (GAN), and Logistic Regression models using the CIC IoT Dataset 2023. CNN+GAN emerges as a promising approach, exhibiting superior performance in accurately identifying diverse intrusion types. Our study emphasizes the significance of advanced machine learning techniques in enhancing SIoT security by effectively detecting anomalous behaviours within socially interconnected environments. The findings provide practical insights for selecting suitable intrusion detection methods and highlight the need for ongoing research to address evolving intrusion scenarios and vulnerabilities in SIoT ecosystems

A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques. © 2019 by the authors. Licensee MDPI, Basel, Switzerland

Intelligent intrusion detection using radial basis function neural network

Recently we witness a booming and ubiquity evolving of internet connectivity all over the world leading to dramatic amount of network activities and large amount of data and information transfer. Massive data transfer composes a fertile ground to hackers and intruders to launch cyber-attacks and various types of penetrations. As a consequence, researchers around the globe have devoted a large room for researches that can handle different types of attacks efficiently through building various types of intrusion detection systems capable to handle different types of attacks, known and unknown (novel) ones as well as have the capability to deal with large amount of traffic and data transferring. In this paper, we present an intelligent intrusion detection system based on radial basis function capable to handle all types of attacks and intrusions with high detection accuracy and precision through addressing the intrusion detection problem in the framework of interpolation and adaptive network theories

Detecting Unknown Attacks in IoT Environments: An Open Set Classifier for Enhanced Network Intrusion Detection

The widespread integration of Internet of Things (IoT) devices across all facets of life has ushered in an era of interconnectedness, creating new avenues for cybersecurity challenges and underscoring the need for robust intrusion detection systems. However, traditional security systems are designed with a closed-world perspective and often face challenges in dealing with the ever-evolving threat landscape, where new and unfamiliar attacks are constantly emerging. In this paper, we introduce a framework aimed at mitigating the open set recognition (OSR) problem in the realm of Network Intrusion Detection Systems (NIDS) tailored for IoT environments. Our framework capitalizes on image-based representations of packet-level data, extracting spatial and temporal patterns from network traffic. Additionally, we integrate stacking and sub-clustering techniques, enabling the identification of unknown attacks by effectively modeling the complex and diverse nature of benign behavior. The empirical results prominently underscore the framework's efficacy, boasting an impressive 88\% detection rate for previously unseen attacks when compared against existing approaches and recent advancements. Future work will perform extensive experimentation across various openness levels and attack scenarios, further strengthening the adaptability and performance of our proposed solution in safeguarding IoT environments.Comment: 6 Pages, 5 figure

A Machine Learning Approach to Network Intrusion Detection System Using K Nearest Neighbor and Random Forest

The evolving area of cybersecurity presents a dynamic battlefield for cyber criminals and security experts. Intrusions have now become a major concern in the cyberspace. Different methods are employed in tackling these threats, but there has been a need now more than ever to updating the traditional methods from rudimentary approaches such as manually updated blacklists and whitelists. Another method involves manually creating rules, this is usually one of the most common methods to date. A lot of similar research that involves incorporating machine learning and artificial intelligence into both host and network-based intrusion systems recently. Doing this originally presented problems of low accuracy, but the growth in the area of machine learning over the last decade has led to vast improvements in machine learning algorithms and their requirements. This research applies k nearest neighbours with 10-fold cross validation and random forest machine learning algorithms to a network-based intrusion detection system in order to improve the accuracy of the intrusion detection system. This project focused on specific feature selection improve the increase the detection accuracy using the K-fold cross validation algorithm on the random forest algorithm on approximately 126,000 samples of the NSL-KDD dataset

TOWARDS A HOLISTIC EFFICIENT STACKING ENSEMBLE INTRUSION DETECTION SYSTEM USING NEWLY GENERATED HETEROGENEOUS DATASETS

With the exponential growth of network-based applications globally, there has been a transformation in organizations\u27 business models. Furthermore, cost reduction of both computational devices and the internet have led people to become more technology dependent. Consequently, due to inordinate use of computer networks, new risks have emerged. Therefore, the process of improving the speed and accuracy of security mechanisms has become crucial.Although abundant new security tools have been developed, the rapid-growth of malicious activities continues to be a pressing issue, as their ever-evolving attacks continue to create severe threats to network security. Classical security techniquesfor instance, firewallsare used as a first line of defense against security problems but remain unable to detect internal intrusions or adequately provide security countermeasures. Thus, network administrators tend to rely predominantly on Intrusion Detection Systems to detect such network intrusive activities. Machine Learning is one of the practical approaches to intrusion detection that learns from data to differentiate between normal and malicious traffic. Although Machine Learning approaches are used frequently, an in-depth analysis of Machine Learning algorithms in the context of intrusion detection has received less attention in the literature.Moreover, adequate datasets are necessary to train and evaluate anomaly-based network intrusion detection systems. There exist a number of such datasetsas DARPA, KDDCUP, and NSL-KDDthat have been widely adopted by researchers to train and evaluate the performance of their proposed intrusion detection approaches. Based on several studies, many such datasets are outworn and unreliable to use. Furthermore, some of these datasets suffer from a lack of traffic diversity and volumes, do not cover the variety of attacks, have anonymized packet information and payload that cannot reflect the current trends, or lack feature set and metadata.This thesis provides a comprehensive analysis of some of the existing Machine Learning approaches for identifying network intrusions. Specifically, it analyzes the algorithms along various dimensionsnamely, feature selection, sensitivity to the hyper-parameter selection, and class imbalance problemsthat are inherent to intrusion detection. It also produces a new reliable dataset labeled Game Theory and Cyber Security (GTCS) that matches real-world criteria, contains normal and different classes of attacks, and reflects the current network traffic trends. The GTCS dataset is used to evaluate the performance of the different approaches, and a detailed experimental evaluation to summarize the effectiveness of each approach is presented. Finally, the thesis proposes an ensemble classifier model composed of multiple classifiers with different learning paradigms to address the issue of detection accuracy and false alarm rate in intrusion detection systems

An Online Anomaly-Detection Neural Networks-based Clustering for Adaptive Intrusion Detection Systems

In the evolving nature of today’s world of network security, threats have become more and more sophisticated. Although different security solutions such as firewalls and antivirus software have been deployed to protect systems, external attackers are still capable of intruding into computer networks. This is where intrusion detection systems come into play as an additional security layer. Despite the large volume of research conducted in the field of intrusion detection, finding a perfect solution of intrusion detection systems for critical applications is still a major challenge. This is mainly due to the continuous emergence of security threats which can bypass the outdated intrusion detection systems. The main objective of this thesis is to propose an adaptive design of intrusion detection systems which offers the capability of detecting known and novel attacks and being updated according to new trends of data patterns provided by security experts in a cost-effective manner. The proposed intrusion detection system uses an anomaly-based technique and is constructed on the basis of Extreme Learning Machine method which is a variant of neural networks. In this work, two novel approaches are also proposed to enhance the speed of partial updates for the learning model according to new information fed into the system. The performance of the proposed intrusion detection system is evaluated as a network-based solution using NSL-KDD data set. The evaluation results indicate that the system provides an average detection rate of 81 % while having a false positive rate of 3 % in detecting known and novel attacks. In addition, the obtained results show that the system is capable of adapting to the new input information and data injected into the system by a human security expert