Support Vector Machine Based Intrusion Detection Method Combined with Nonlinear Dimensionality Reduction Algorithm

Network security is one of the most important issues in the field of computer science. The network intrusion may bring disaster to the network users. It is therefore critical to monitor the network intrusion to prevent the computers from attacking. The intrusion pattern identification is the key point in the intrusion detection. The use of the support vector machine (SVM) can provide intelligent intrusion detection even using a small amount of training sample data. However, the intrusion detection efficiency is still influenced by the input features of the ANN. This is because the original feature space always contains a certain number of redundant data. To solve this problem, a new network intrusion detection method based on nonlinear dimensionality reduction and least square support vector machines (LS-SVM) is proposed in this work. The Isometric Mapping (Isomap) was employed to reduce the dimensionality of the original intrusion feature vector. Then the LS-SVM detection model with proper input features was applied to the intrusion pattern recognition. The efficiency of the proposed method was evaluated with the real intrusion data. The analysis results show that the proposed approach has good intrusion detection rate, and is superior to the traditional LSSVM method with a 5.8 % increase of the detection precision

Intrusion detection with Parameterized Methods for Wireless Sensor Networks

Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types

ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System

Security of computers and the networks that connect them is increasingly becoming of great significance. Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to the fact that it is more and more improbable to a system administrator to recognize and manually intervene to stop an attack, there is an increasing recognition that ID systems should have a lot to earn on following its basic principles on the behavior of complex natural systems, namely in what refers to self-organization, allowing for a real distributed and collective perception of this phenomena. With that aim in mind, the present work presents a self-organized ant colony based intrusion detection system (ANTIDS) to detect intrusions in a network infrastructure. The performance is compared among conventional soft computing paradigms like Decision Trees, Support Vector Machines and Linear Genetic Programming to model fast, online and efficient intrusion detection systems.Comment: 13 pages, 3 figures, Swarm Intelligence and Patterns (SIP)- special track at WSTST 2005, Muroran, JAPA

A hierarchical Intrusion Detection System using support vector machine for SDN network in cloud data center

Software-Defined Networks (SDN) has emerged as a dominant programmable network architecture for cloud based data centers. Its centralised programmable control plane decoupled from the data plane with a global view of the network state provides new opportunities to implement innovate security mechanisms. This research leverages this features of SDN and presents the architecture of a hierarchical and lightweight Intrusion Detection System (IDS) for software enabled networks by exploiting the concept of SDN flows. It combines advantages of a flow-based IDS and a packet-based IDS in order to provide a high detection rate without degrading network performances. The flow-based IDS uses an anomaly detection algorithm based on Support Vector Machines (SVM) trained with DARPA Intrusion Detection Dataset . This first line of defence detects any intrusions on the network. When an attack is detected, the malicious flow is mirrored to a packet-based IDS, for further examination and actions. The results show that this scheme provides good detection rates and performances with minimal extra overhead

A Hybrid Classification Framework for Network Intrusion Detection with High Accuracy and Low Latency

Network intrusion detection (NIDS) is a crucial task aimed at safeguarding computer networks against malicious attacks. Traditional NIDS methods can be categorized as either misuse-based or anomaly-based, each having its unique set of limitations. Misuse-based approaches excel in identifying known attacks but fall short when dealing with new or unidentified attack patterns. On the other hand, anomaly-based methods are more adept at identifying novel attacks but tend to produce a substantial number of false positives. To enhance the overall performance of NIDS systems, hybrid classification techniques are employed, leveraging the strengths of both misuse-based and anomaly-based methods. In this research, we present a novel hybrid classification approach for NIDS that excels in both speed and accuracy. Our approach integrates a blend of machine learning algorithms, including decision trees, support vector machines, and deep neural networks. We conducted comprehensive evaluations of our approach using various network intrusion datasets, achieving state-of-the-art results in terms of accuracy and prediction speed

Enabling intrusion detection systems with dueling double deep Q-learning

Purpose – In this research, the authors demonstrate the advantage of reinforcement learning (RL) based intrusion detection systems (IDS) to solve very complex problems (e.g. selecting input features, considering scarce resources and constrains) that cannot be solved by classical machine learning. The authors include a comparative study to build intrusion detection based on statistical machine learning and representational learning, using knowledge discovery in databases (KDD) Cup99 and Installation Support Center of Expertise (ISCX) 2012. Design/methodology/approach – The methodology applies a data analytics approach, consisting of data exploration and machine learning model training and evaluation. To build a network-based intrusion detection system, the authors apply dueling double deep Q-networks architecture enabled with costly features, k-nearest neighbors (K-NN), support-vector machines (SVM) and convolution neural networks (CNN). Findings – Machine learning-based intrusion detection are trained on historical datasets which lead to model drift and lack of generalization whereas RL is trained with data collected through interactions. RL is bound to learn from its interactions with a stochastic environment in the absence of a training dataset whereas supervised learning simply learns from collected data and require less computational resources. Research limitations/implications – All machine learning models have achieved high accuracy values and performance. One potential reason is that both datasets are simulated, and not realistic. It was not clear whether a validation was ever performed to show that data were collected from real network traffics. Practical implications – The study provides guidelines to implement IDS with classical supervised learning, deep learning and RL. Originality/value – The research applied the dueling double deep Q-networks architecture enabled with costly features to build network-based intrusion detection from network traffics. This research presents a comparative study of reinforcement-based instruction detection with counterparts built with statistical and representational machine learning

New Distributed Framework for Cyber Attack Detection and Classification

With the fast growing cyber activity day by day, the threat from cyber attacks has increased enormously. The timely detection of these cyber attacks has been a major concern to many governments and organizations all over the world. A number of cyber attack detection systems have been developed in the past decade. However, most of them tend to suffer from two main issues: high computational complexity and low detection accuracy. In this thesis, a new distributed framework is proposed for cyber attack detection. Besides detecting the attacks, the proposed system also classifies the attacks into different categories so that corresponding proper counteraction can be taken in time. The proposed system uses multiple sensors which are deployed at various parts of the network, thus providing a complete view of the network. The traditional centralized processing approach, in which all the sensors transmit their entire data to a central decision making unit, has high computational complexity and requires huge bandwidth. Hence, the proposed system employs distributed processing, where each sensor processes the observed data and generates a local decision. All the local decisions from all the sensors are then transmitted to the fusion center, which generates a final decision based on all the available local decisions. At each sensor, multiple supervised binary classifiers are employed. Support vector machines, which are one of the best, are used as the classifiers. A new fast and efficient training approach for support vector machines is proposed, which greatly reduces the computational complexity of training the support vector machines without significantly affecting the classification performance. Effective fusion rules, at each sensor and at the fusion center, are proposed using the Dempster-Shafer theory. The proposed cyber attack detection system is evaluated using the popular 1999 KDD intrusion detection dataset, which is a version of the 1998 DARPA intrusion detection evaluation program data.School of Electrical & Computer Engineerin