Introduction on intrusion detection systems : focus on hierarchical analysis

In today\u27s fast paced computing world security is a main concern. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. This paper will examine various intrusion detection systems. The task of intrusion detection is to monitor usage of a system and detect and malicious activity, therefore, the architecture is a key component when studying intrusion detection systems. This thesis will also analyze various neural networks for statistical anomaly intrusion detection systems. The thesis will focus on the Hierarchical Intrusion Detection system (HIDE) architecture. The HIDE system detects network based attack as anomalies using statistical preprocessing and neural network classification. The thesis will conclude with studies conducted on the HIDE architecture. The studies conducted on the HIDE architecture indicate how the hierarchical multi-tier anomaly intrusion detection system is an effective one

Towards an effective intrusion response engine combined with intrusion detection in ad hoc networks

In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks

An intrusion detection system for packet and flow based networks using deep neural network approach

Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest data set available at online, formatted with packet based, flow based data and some additional metadata. The data set is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multi-class classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature

A cognitive based Intrusion detection system

Intrusion detection is one of the primary mechanisms to provide computer networks with security. With an increase in attacks and growing dependence on various fields such as medicine, commercial, and engineering to give services over a network, securing networks have become a significant issue. The purpose of Intrusion Detection Systems (IDS) is to make models which can recognize regular communications from abnormal ones and take necessary actions. Among different methods in this field, Artificial Neural Networks (ANNs) have been widely used. However, ANN-based IDS, has two main disadvantages: 1- Low detection precision. 2- Weak detection stability. To overcome these issues, this paper proposes a new approach based on Deep Neural Network (DNN. The general mechanism of our model is as follows: first, some of the data in dataset is properly ranked, afterwards, dataset is normalized with Min-Max normalizer to fit in the limited domain. Then dimensionality reduction is applied to decrease the amount of both useless dimensions and computational cost. After the preprocessing part, Mean-Shift clustering algorithm is the used to create different subsets and reduce the complexity of dataset. Based on each subset, two models are trained by Support Vector Machine (SVM) and deep learning method. Between two models for each subset, the model with a higher accuracy is chosen. This idea is inspired from philosophy of divide and conquer. Hence, the DNN can learn each subset quickly and robustly. Finally, to reduce the error from the previous step, an ANN model is trained to gain and use the results in order to be able to predict the attacks. We can reach to 95.4 percent of accuracy. Possessing a simple structure and less number of tunable parameters, the proposed model still has a grand generalization with a high level of accuracy in compared to other methods such as SVM, Bayes network, and STL.Comment: 18 pages, 6 figure

An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks

A Network Intrusion Detection System is a critical component of every internet-connected system due to likely attacks from both external and internal sources. Such Security systems are used to detect network born attacks such as flooding, denial of service attacks, malware, and twin-evil intruders that are operating within the system. Neural networks have become an increasingly popular solution for network intrusion detection. Their capability of learning complex patterns and behaviors make them a suitable solution for differentiating between normal traffic and network attacks. In this paper, we have applied a deep autoencoded dense neural network algorithm for detecting intrusion or attacks in 5G and IoT network. We evaluated the algorithm with the benchmark Aegean Wi-Fi Intrusion dataset. Our results showed an excellent performance with an overall detection accuracy of 99.9% for Flooding, Impersonation and Injection type of attacks. We also presented a comparison with recent approaches used in literature which showed a substantial improvement in terms of accuracy and speed of detection with the proposed algorithm

An overview of neural networks use in anomaly intrusion detection systems

With the increasing number of computers being connected to the Internet, security of an information system has never been more urgent. Because no system can be absolutely secure, the timely and accurate detection of intrusions is necessary. This is the reason of an entire area of research, called Intrusion Detection Systems (IDS). Anomaly systems detect intrusions by searching for an abnormal system activity. But the main problem of anomaly detection IDS is that; it is very difficult to build, because of the difficulty in defining what is normal and what is abnormal. Neural network with its ability of learning has become one of the most promising techniques to solve this problem. This paper presents an overview of neural networks and their use in building anomaly intrusion systems

Detecting attacks to computer networks using a multi-layer perceptron artificial neural network

In this paper, we present concepts in artificial neural networks (ANN) to help detect intrusion attacks against network computers, and introduce and compare a multi-layer perceptron ANN (MLPANN) with Snort, an open-source tool for intrusion detection systems (IDS). To conduct these comparison experiments, we inserted malicious traffic into the MLPANN to train our ANN, with results indicating that our ANN detected 99% of these input attacks