A two-stage classifier approach for network intrusion detection

Network Intrusion Detection Systems (NIDS) are essential to combat security threats in network environments. These systems monitor and detect malicious behavior to provide automated methods of identifying and dealing with attacks or security breaches in a network. Machine learning is a promising approach in the development of effective NIDS. One of the problems faced in the development of such systems is that the datasets used in the construction of classifiers are typically imbalanced. This is because the classification categories do not have relatively equal representation in the datasets. This study investigates a two-stage classifier approach to NIDS based on imbalanced intrusion detection datasets by separating the training and detection of minority and majority intrusion classes. The purpose of this is to allow flexibility in the classification process, for example, two different classifiers can be used for detecting minority and majority classes respectively. In this paper, we performed experiments using the random forests classifier and the contemporary UNSW-NB15 dataset was used to evaluate the effectiveness of the proposed approach

Neural swarm virus

The dramatic improvements in computational intelligence techniques over recent years have influenced many domains. Hence, it is reasonable to expect that virus writers will taking advantage of these techniques to defeat existing security solution. In this article, we outline a possible dynamic swarm smart malware, its structure, and functionality as a background for the forthcoming anti-malware solution. We propose how to record and visualize the behavior of the virus when it propagates through the file system. Neural swarm virus prototype, designed here, simulates the swarm system behavior and integrates the neural network to operate more efficiently. The virus’s behavioral information is stored and displayed as a complex network to reflect the communication and behavior of the swarm. In this complex network, every vertex is then individual virus instances. Additionally, the virus instances can use certain properties associated with the network structure to discovering target and executing a payload on the right object. © Springer Nature Switzerland AG 2020