Toward Network-based DDoS Detection in Software-defined Networks

To combat susceptibility of modern computing systems to cyberattack, identifying and disrupting malicious traffic without human intervention is essential. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress

Research on Intrusion Detection of Database based on Rough Set

AbstractIn this article, we apply the rough set theory to database intrusion detection and monitor the data in real time with intrusion detection. While theory based on rough set will judge the attacks according to the rules and respond to the sample data of intrusion detection after preprocessing them

Unsupervised Real-Time Network Intrusion and Anomaly Detection by Memristor Based Autoencoder

Custom low power hardware systems for real-time network security and anomaly detection are in high demand, as these would allow for adequate protection in battery-powered network devices, such as edge devices and the internet of the things. This paper presents a memristor based system for real-time intrusion detection, as well as an anomaly detection based on autoencoders. Intrusion detection is performed by training only on a single autoencoder, and the overall detection accuracy of this system is 92.91%, with a malicious packet detection accuracy of 98.89%. The system described in this paper is also capable of using two autoencoders to perform anomaly detection using real-time online learning. Using this system, we show that the system flags anomalous data, but over time the system stops flagging a particular datatype if its presence is abundant. Utilizing memristors in these designs allows us to present extremely low power systems for intrusion and anomaly detection while sacrificing little accuracy.https://ecommons.udayton.edu/stander_posters/2850/thumbnail.jp

SSHCure: a flow-based SSH intrusion detection system

SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data

Threshold Verification Technique for Network Intrusion Detection System

Internet has played a vital role in this modern world, the possibilities and opportunities offered are limitless. Despite all the hype, Internet services are liable to intrusion attack that could tamper the confidentiality and integrity of important information. An attack started with gathering the information of the attack target, this gathering of information activity can be done as either fast or slow attack. The defensive measure network administrator can take to overcome this liability is by introducing Intrusion Detection Systems (IDSs) in their network. IDS have the capabilities to analyze the network traffic and recognize incoming and on-going intrusion. Unfortunately the combination of both modules in real time network traffic slowed down the detection process. In real time network, early detection of fast attack can prevent any further attack and reduce the unauthorized access on the targeted machine. The suitable set of feature selection and the correct threshold value, add an extra advantage for IDS to detect anomalies in the network. Therefore this paper discusses a new technique for selecting static threshold value from a minimum standard features in detecting fast attack from the victim perspective. In order to increase the confidence of the threshold value the result is verified using Statistical Process Control (SPC). The implementation of this approach shows that the threshold selected is suitable for identifying the fast attack in real time.Comment: 8 Pages, International Journal of Computer Science and Information Securit

RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

Mining in a Data-flow Environment: Experience in Network Intrusion Detection

We discuss the KDD process in "data-flow" environments, where unstructured and time dependent data can be processed into various levels of structured and semantically-rich forms for analysis tasks. Using network intrusion detection as a concrete application example, we describe how to construct models that are both accurate in describing the underlying concepts, and efficient when used to analyze data in real-time. We present procedures for analyzing frequent patterns from lower level data and constructing appropriate features to formulate higher level data. The features generated from various levels of data have different computational costs (in time and space). We show that in order to minimize the time required in using the classification models in a real-time environment, we can exploit the "necessary conditions" associated with the low-cost features to determine whether some high-cost features need to be computed and the corresponding classification rules need to be checked. We have applied our tools to the problem of building network intrusion detection models. We report our experiments using the network data provided as part of the 1998 DARPA Intrusion Detection Evaluation program. We also discuss our experience in using the mined models in NFR, a real-time network intrusion detection system

Integrating real-time analysis with the dendritic cell algorithm through segmentation

As an immune inspired algorithm, the Dendritic Cell Algorithm (DCA) has been applied to a range of problems, particularly in the area of intrusion detection. Ideally, the intrusion detection should be performed in real-time, to continuously detect misuses as soon as they occur. Consequently, the analysis process performed by an intrusion detection system must operate in real-time or near-to real-time. The analysis process of the DCA is currently performed offline, therefore to improve the algorithm's performance we suggest the development of a real-time analysis component. The initial step of the development is to apply segmentation to the DCA. This involves segmenting the current output of the DCA into slices and performing the analysis in various ways. Two segmentation approaches are introduced and tested in this paper, namely antigen based segmentation (ABS) and time based segmentation (TBS). The results of the corresponding experiments suggest that applying segmentation produces different and significantly better results in some cases, when compared to the standard DCA without segmentation. Therefore, we conclude that the segmentation is applicable to the DCA for the purpose of real-time analysis

Performance Evaluation and Validation of Intelligent Security Mechanism in Software Defined Network

Network attacks are discovered using intrusion detection systems (IDS), one of the most crucial security solutions. Machine learning techniques-based intrusion detection approaches have been rapidly created as a result of the widespread use of standard machine learning algorithms in the security field. Unfortunately, as technology has advanced and there have been faults in the machine learning-based intrusion detection system, the system has consistently failed to fulfill the standards for cyber security. Generative adversarial networks (GANs) have drawn a lot of interest recently and have been utilized widely in anomaly detection due to their enormous capacity for learning difficult high-dimensional real time data distribution. Traditional machine learning algorithms for intrusion detection have a number of drawbacks that deep learning techniques can significantly mitigate. With the help of a real time dataset, this work suggests employing GANs and its variants to detect network intrusions in SDN. The feasibility and comparison results are also presented. For different kinds of datasets, the BiGAN outcomes outperform the GAN