Feature selection, learning metrics and dimension reduction in training and classification processes in intrusion detection systems

This research presents an IDS prototype in Matlab that assess network traffic connections contained in the NSL-KDD dataset, comparing feature selection techniques available in FEAST toolbox, refining prior results applying dimension reduction technique ISOMAP. The classification process used a supervised learning technique called Support Vector Machines (SVM). The comparative analysis related to detection rates by attack category are conclusive that MRMR+PCA+SVM (selection, reduction and classification techniques) combined obtained more promising results, just using 5 of 41 available features in the dataset. The results obtained were: 85.42% normal traffic, 80.77% DoS, 90.41% Probe, 91.78% U2R and 83.25% R2L

Improved RBF Network Intrusion Detection Model Based on Edge Computing with Multi-algorithm Fusion

Edge computing is difficult to deploy a complete and reliable security strategy due to its distributed computing architecture and inherent heterogeneity of equipment and limited resources. When malicious attacks occur, the loss will be immeasurable. RBF neural network has strong nonlinear representation ability and fast learning convergence speed, which is suitable for intrusion detection of edge detection industrial control network. In this paper, an improved RBF network intrusion detection model based on multi-algorithm fusion is proposed. kernel principal component analysis (KPCA) is used to extract data dimension and simplify data representation. Then subtractive clustering algorithm(SCM) and grey wolf algorithm(GWO) are used to jointly optimize RBF neural network parameters to avoid falling into local optimum, reduce the calculation of model training and improve the detection accuracy. The algorithm can better adapt to the edge computing platform with weak computing ability and bearing capacity, and realize real-time data analysis.The experimental results of BATADAL data set and Gas data set show that the accuracy of the algorithm is over 99% and the training time of larger samples is shortened by 50 times for BATADAL data set. The results show that the improved RBF network is effective in improving the convergence speed and accuracy in intrusion detection

Improving Accuracy of Intrusion Detection Model Using PCA and optimized SVM

Intrusion detection is very essential for providing security to different network domains and is mostly used for locating and tracing the intruders. There are many problems with traditional intrusion detection models (IDS) such as low detection capability against unknown network attack, high false alarm rate and insufficient analysis capability. Hence the major scope of the research in this domain is to develop an intrusion detection model with improved accuracy and reduced training time. This paper proposes a hybrid intrusiondetection model by integrating the principal component analysis (PCA) and support vector machine (SVM). The novelty of the paper is the optimization of kernel parameters of the SVM classifier using automatic parameter selection technique. This technique optimizes the punishment factor (C) and kernel parameter gamma (γ), thereby improving the accuracy of the classifier and reducing the training and testing time. The experimental results obtained on the NSL KDD and gurekddcup dataset show that the proposed technique performs better with higher accuracy, faster convergence speed and better generalization. Minimum resources are consumed as the classifier input requires reduced feature set for optimum classification. A comparative analysis of hybrid models with the proposed model is also performed

Enhanced Deep Learning Intrusion Detection in IoT Heterogeneous Network with Feature Extraction

Heterogeneous network is one of the challenges that must be overcome in Internet of Thing Intrusion Detection System (IoT IDS). The difficulty of the IDS significantly is caused by various devices, protocols, and services, that make the network becomes complex and difficult to monitor. Deep learning is one algorithm for classifying data with high accuracy. This research work incorporated Deep Learning into IDS for IoT heterogeneous networks. There are two concerns on IDS with deep learning in heterogeneous IoT networks, i.e.: limited resources and excessive training time. Thus, this paper uses Principle Component Analysis (PCA) as features extraction method to deal with data dimensions so that resource usage and training time will be significantly reduced. The results of the evaluation show that PCA was successful reducing resource usage with less training time of the proposed IDS with deep learning in heterogeneous networks environment. Experiment results show the proposed IDS achieve overall accuracy above 99%

Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)

There are several ways to increase detection accuracy result on the intrusion detection systems (IDS), one way is feature extraction. The existing original features are filtered and then converted into features with lower dimension. This paper uses the Principal Components Analysis (PCA) for features extraction on intrusion detection system with the aim to improve the accuracy and precision of the detection. The impact of features extraction to attack detection was examined. Experiments on a network traffic dataset created from an Internet of Thing (IoT) testbed network topology were conducted and the results show that the accuracy of the detection reaches 100 percent

Metaverse-IDS: Deep learning-based intrusion detection system for Metaverse-IoT networks

Combining the metaverse and the Internet of Things (IoT) will lead to the development of diverse, virtual, and more advanced networks in the future. The integration of IoT networks with the metaverse will enable more meaningful connections between the 'real' and 'virtual' worlds, allowing for real-time data analysis, access, and processing. However, these metaverse-IoT networks will face numerous security and privacy threats. Intrusion Detection Systems (IDS) offer an effective means of early detection for such attacks. Nevertheless, the metaverse generates substantial volumes of data due to its interactive nature and the multitude of user interactions within virtual environments, posing a computational challenge for building an intrusion detection system. To address this challenge, this paper introduces an innovative intrusion detection system model based on deep learning. This model aims to detect most attacks targeting metaverse-IoT communications and combines two techniques: KPCA (Kernel Principal Component Analysis which was used for attack feature extraction and CNN (Convolutional Neural Networks for attack recognition and classification. The efficiency of this proposed IDS model is assessed using two widely recognized benchmark datasets, BoT-IoT and ToN-IoT, which contain various IoT attacks potentially targeting IoT communications. Experimental results confirmed the effectiveness of the proposed IDS model in identifying 12 classes of attacks relevant to metaverse-IoT, achieving a remarkable accuracy of and a False Negative Rate FNR less than . Furthermore, when compared with other models in the literature, our IDS model demonstrates superior performance in attack detection accuracy

A Study of Feature Reduction Techniques and Classification for Network Anomaly Detection

Due to the launch of new applications the behavior of internet traffic is changing. Hackers are always looking for sophisticated tools to launch attacks and damage the services. Researchers have been working on intrusion detection techniques involving machine learning algorithms for supervised and unsupervised detection of these attacks. However, with newly found attacks these techniques need to be refined. Handling data with large number of attributes adds to the problem. Therefore, dimensionality based feature reduction of the data is required. In this work three reduction techniques, namely, Principal Component Analysis (PCA), Artificial Neural Network (ANN), and Nonlinear Principal Component Analysis (NLPCA) have been studied and analyzed. Secondly, performance of four classifiers, namely, Decision Tree (DT), Support Vector Machine (SVM), K Nearest Neighbor (KNN) and Naïve Bayes (NB) has been studied for the actual and reduced datasets. In addition, novel performance measurement metrics, Classification Difference Measure (CDM), Specificity Difference Measure (SPDM), Sensitivity Difference Measure (SNDM), and F1 Difference Measure (F1DM) have been defined and used to compare the outcomes on actual and reduced datasets. Comparisons have been done using new Coburg Intrusion Detection Data Set (CIDDS-2017) dataset as well widely referred NSL-KDD dataset. Successful results were achieved for Decision Tree with 99.0 percent and 99.8 percent accuracy on CIDDS and NSLKDD datasets respectively

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio