Metaheuristic-Based Neural Network Training And Feature Selector For Intrusion Detection

Intrusion Detection (ID) in the context of computer networks is an essential technique in modern defense-in-depth security strategies. As such, Intrusion Detection Systems (IDSs) have received tremendous attention from security researchers and professionals. An important concept in ID is anomaly detection, which amounts to the isolation of normal behavior of network traffic from abnormal (anomaly) events. This isolation is essentially a classification task, which led researchers to attempt the application of well-known classifiers from the area of machine learning to intrusion detection. Neural Networks (NNs) are one of the most popular techniques to perform non-linear classification, and have been extensively used in the literature to perform intrusion detection. However, the training datasets usually compose feature sets of irrelevant or redundant information, which impacts the performance of classification, and traditional learning algorithms such as backpropagation suffer from known issues, including slow convergence and the trap of local minimum. Those problems lend themselves to the realm of optimization. Considering the wide success of swarm intelligence methods in optimization problems, the main objective of this thesis is to contribute to the improvement of intrusion detection technology through the application of swarm-based optimization techniques to the basic problems of selecting optimal packet features, and optimal training of neural networks on classifying those features into normal and attack instances. To realize these objectives, the research in this thesis follows three basic stages, succeeded by extensive evaluations

Performance Evaluation of Network Anomaly Detection Systems

Nowadays, there is a huge and growing concern about security in information and communication technology (ICT) among the scientific community because any attack or anomaly in the network can greatly affect many domains such as national security, private data storage, social welfare, economic issues, and so on. Therefore, the anomaly detection domain is a broad research area, and many different techniques and approaches for this purpose have emerged through the years. Attacks, problems, and internal failures when not detected early may badly harm an entire Network system. Thus, this thesis presents an autonomous profile-based anomaly detection system based on the statistical method Principal Component Analysis (PCADS-AD). This approach creates a network profile called Digital Signature of Network Segment using Flow Analysis (DSNSF) that denotes the predicted normal behavior of a network traffic activity through historical data analysis. That digital signature is used as a threshold for volume anomaly detection to detect disparities in the normal traffic trend. The proposed system uses seven traffic flow attributes: Bits, Packets and Number of Flows to detect problems, and Source and Destination IP addresses and Ports, to provides the network administrator necessary information to solve them. Via evaluation techniques, addition of a different anomaly detection approach, and comparisons to other methods performed in this thesis using real network traffic data, results showed good traffic prediction by the DSNSF and encouraging false alarm generation and detection accuracy on the detection schema. The observed results seek to contribute to the advance of the state of the art in methods and strategies for anomaly detection that aim to surpass some challenges that emerge from the constant growth in complexity, speed and size of today’s large scale networks, also providing high-value results for a better detection in real time.Atualmente, existe uma enorme e crescente preocupação com segurança em tecnologia da informação e comunicação (TIC) entre a comunidade científica. Isto porque qualquer ataque ou anomalia na rede pode afetar a qualidade, interoperabilidade, disponibilidade, e integridade em muitos domínios, como segurança nacional, armazenamento de dados privados, bem-estar social, questões econômicas, e assim por diante. Portanto, a deteção de anomalias é uma ampla área de pesquisa, e muitas técnicas e abordagens diferentes para esse propósito surgiram ao longo dos anos. Ataques, problemas e falhas internas quando não detetados precocemente podem prejudicar gravemente todo um sistema de rede. Assim, esta Tese apresenta um sistema autônomo de deteção de anomalias baseado em perfil utilizando o método estatístico Análise de Componentes Principais (PCADS-AD). Essa abordagem cria um perfil de rede chamado Assinatura Digital do Segmento de Rede usando Análise de Fluxos (DSNSF) que denota o comportamento normal previsto de uma atividade de tráfego de rede por meio da análise de dados históricos. Essa assinatura digital é utilizada como um limiar para deteção de anomalia de volume e identificar disparidades na tendência de tráfego normal. O sistema proposto utiliza sete atributos de fluxo de tráfego: bits, pacotes e número de fluxos para detetar problemas, além de endereços IP e portas de origem e destino para fornecer ao administrador de rede as informações necessárias para resolvê-los. Por meio da utilização de métricas de avaliação, do acrescimento de uma abordagem de deteção distinta da proposta principal e comparações com outros métodos realizados nesta tese usando dados reais de tráfego de rede, os resultados mostraram boas previsões de tráfego pelo DSNSF e resultados encorajadores quanto a geração de alarmes falsos e precisão de deteção. Com os resultados observados nesta tese, este trabalho de doutoramento busca contribuir para o avanço do estado da arte em métodos e estratégias de deteção de anomalias, visando superar alguns desafios que emergem do constante crescimento em complexidade, velocidade e tamanho das redes de grande porte da atualidade, proporcionando também alta performance. Ainda, a baixa complexidade e agilidade do sistema proposto contribuem para que possa ser aplicado a deteção em tempo real

Discovering anomalies in big data: a review focused on the application of metaheuristics and machine learning techniques

With the increase in available data from computer systems and their security threats, interest in anomaly detection has increased as well in recent years. The need to diagnose faults and cyberattacks has also focused scientific research on the automated classification of outliers in big data, as manual labeling is difficult in practice due to their huge volumes. The results obtained from data analysis can be used to generate alarms that anticipate anomalies and thus prevent system failures and attacks. Therefore, anomaly detection has the purpose of reducing maintenance costs as well as making decisions based on reports. During the last decade, the approaches proposed in the literature to classify unknown anomalies in log analysis, process analysis, and time series have been mainly based on machine learning and deep learning techniques. In this study, we provide an overview of current state-of-the-art methodologies, highlighting their advantages and disadvantages and the new challenges. In particular, we will see that there is no absolute best method, i.e., for any given dataset a different method may achieve the best result. Finally, we describe how the use of metaheuristics within machine learning algorithms makes it possible to have more robust and efficient tools

Improving power theft detection using efficient clustering and ensemble classification

One of the main concerns of power generation systems around the world is power theft. This research proposes a framework that merges clustering and classification together in order to power theft detection. Due to the fact that most datasets do not have abnormal samples or are few, we have added abnormal samples to the original datasets using artificial attacks to create balance in the datasets and increase the correct detection rate. We improved the crow search algorithm (CSA) and used the weight feature of Crows to improve performance of clustering phase. Also, to create balance between diversification and intensification, we calculated the awareness probability parameter (AP) dynamically at iterations of the algorithm. To evaluate the performance, we used the cross validation technique have used the stacking technique in its training phase. The results of extensive experiments on three reference datasets showed high performance to detect power theft. The evaluation results showed that if the data is collected correctly and sufficiently, this framework can effectively detect power theft in any actual power grid. Also, for new attacks, if their patterns can be detected from the data, it is easily possible to implement these types of attacks

Barnacles Mating Optimizer with Hopfield Neural Network Based Intrusion Detection in Internet of Things Environment

Owing to the development and expansion of energy-aware sensing devices and autonomous and intelligent systems, the Internet of Things (IoT) has gained remarkable growth and found uses in several day-to-day applications. Currently, the Internet of Things (IoT) network is gradually developing ubiquitous connectivity amongst distinct new applications namely smart homes, smart grids, smart cities, and several others. The developing network of smart devices and objects allows people to make smart decisions with machine to machine (M2M) communications. One of the real-world security and IoT-related challenges was vulnerable to distinct attacks which poses several security and privacy challenges. Thus, an IoT provides effective and efficient solutions. An Intrusion Detection System (IDS) is a solution for addressing security and privacy challenges with identifying distinct IoT attacks. This study develops a new Barnacles Mating Optimizer with Hopfield Neural Network based Intrusion Detection (BMOHNN-ID) in IoT environment. The presented BMOHNN-ID technique majorly concentrates on the detection and classification of intrusions from IoT environments. In order to attain this, the BMOHNN-ID technique primarily pre-processes the input data for transforming it into a compatible format. Next, the HNN model was employed for the effectual recognition and classification of intrusions from IoT environments. Moreover, the BMO technique was exploited to optimally modify the parameters related to the HNN model. When a list of possible susceptibilities of every device is ordered, every device is profiled utilizing data related to every device. It comprises routing data, the reported hostname, network flow, and topology. This data was offered to the external modules for digesting the data via REST API model. The experimental values assured that the BMOHNN-ID model has gained effectual intrusion classification performance over the other models

Network anomaly detection research: a survey

Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies

Networks, Communication, and Computing Vol. 2

Networks, communications, and computing have become ubiquitous and inseparable parts of everyday life. This book is based on a Special Issue of the Algorithms journal, and it is devoted to the exploration of the many-faceted relationship of networks, communications, and computing. The included papers explore the current state-of-the-art research in these areas, with a particular interest in the interactions among the fields