From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio

Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.Comment: 14 Pages, IJNS

Performance Evaluation of an Intelligent and Optimized Machine Learning Framework for Attack Detection

In current decades, the size and complexity of network traffic data have risen significantly, which increases the likelihood of network penetration. One of today's largest advanced security concerns is the botnet. They are the mechanisms behind several online assaults, including Distribute Denial of Service (DDoS), spams, rebate fraudulence, phishing as well as malware attacks. Several methodologies have been created over time to address these issues. Existing intrusion detection techniques have trouble in processing data from speedy networks and are unable to identify recently launched assaults. Ineffective network traffic categorization has been slowed down by repetitive and pointless characteristics. By identifying the critical attributes and removing the unimportant ones using a feature selection approach could indeed reduce the feature space dimensionality and resolve the problem.Therefore, this articledevelops aninnovative network attack recognitionmodel combining an optimization strategy with machine learning framework namely, Grey Wolf with Artificial Bee Colony optimization-based Support Vector Machine (GWABC-SVM) model. The efficient selection of attributes is accomplished using a novel Grey wolf with artificial bee colony optimization approach and finally the Botnet DDoS attack detection is accomplished through Support Vector machine.This articleconducted an experimental assessment of the machine learning approachesfor UNBS-NB 15 and KDD99 databases for Botnet DDoS attack identification. The proposed optimized machine learning (ML) based network attack detection framework is evaluated in the last phase for its effectiveness in detecting the possible threats. The main advantage of employing SVM is that it offers a wide range of possibilities for intrusion detection program development for difficult complicated situations like cloud computing. In comparison to conventional ML-based models, the suggested technique has a better detection rate of 99.62% and is less time-consuming and robust