scholarly journals Synthetic Minority Oversampling Technique for Optimizing Classification Tasks in Botnet and Intrusion-Detection-System Datasets

2020 ◽  
Vol 10 (3) ◽  
pp. 794 ◽  
Author(s):  
David Gonzalez-Cuautle ◽  
Aldo Hernandez-Suarez ◽  
Gabriel Sanchez-Perez ◽  
Linda Karina Toscano-Medina ◽  
Jose Portillo-Portillo ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Learning Algorithm ◽  
Search Algorithm ◽  
Detection System ◽  
Optimization Procedure ◽  
Algorithm Optimization ◽  
Detection Systems ◽  
Lack Of Information ◽  
Supervised Learning Algorithms ◽  
The Impact

Presently, security is a hot research topic due to the impact in daily information infrastructure. Machine-learning solutions have been improving classical detection practices, but detection tasks employ irregular amounts of data since the number of instances that represent one or several malicious samples can significantly vary. In highly unbalanced data, classification models regularly have high precision with respect to the majority class, while minority classes are considered noise due to the lack of information that they provide. Well-known datasets used for malware-based analyses like botnet attacks and Intrusion Detection Systems (IDS) mainly comprise logs, records, or network-traffic captures that do not provide an ideal source of evidence as a result of obtaining raw data. As an example, the numbers of abnormal and constant connections generated by either botnets or intruders within a network are considerably smaller than those from benign applications. In most cases, inadequate dataset design may lead to the downgrade of a learning algorithm, resulting in overfitting and poor classification rates. To address these problems, we propose a resampling method, the Synthetic Minority Oversampling Technique (SMOTE) with a grid-search algorithm optimization procedure. This work demonstrates classification-result improvements for botnet and IDS datasets by merging synthetically generated balanced data and tuning different supervised-learning algorithms.

MODELLING OF AN INTRUSION DETECTION SYSTEM USING C4.5 MACHINE LEARNING ALGORITHM

2021 ◽  
Vol 4 (4) ◽  
pp. 454-459
Author(s):  
Oyenike Mary Olanrewaju ◽  
Faith Oluwatosin Echobu ◽  
Abubakar Mogaji
Keyword(s):  
Intrusion Detection ◽  
Security Policy ◽  
Learning Algorithm ◽  
Detection System ◽  
Knowledge Discovery In Databases ◽  
Protocol Violation ◽  
Detection Model ◽  
Software Applications ◽  
Detection Systems ◽  
Proposed Model

The increasing growth of wireless networking and new mobile computing devices has caused boundaries between trusted and malicious users to be blurred. The shift in security priorities from the network perimeter to information protection and user resources security is an open area for research which is concerned with the protection of user information’s confidentiality, integrity and availability. Intrusion detection systems are programs or software applications embedded in sophisticated devices to monitor the activities on networks or systems for security, policy or protocol violation or malicious activities detection. In this work, an intrusion detection model was proposed using C4.5 algorithm which was implemented with WEKA tool and RAPID MINER. The model showed good performance when trained and tested with validation techniques. Implementation of the proposed model was conducted on the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) dataset, an improved version of KDD 99 dataset, which showed that the proposed model approach has an average detection rate of 99.62% and reduced false alarm rate of 0.38%.

scholarly journals Network Intrusion Detection Systems Design: A Machine Learning Approach

2019 ◽  
Author(s):  
Manuel Gonçalves da Silva Neto ◽  
Danielo G. Gomes
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Learning Algorithm ◽  
Detection System ◽  
Systems Design ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Detection Systems ◽  
Network Intrusion

With the increasing popularization of computer network-based technologies, security has become a daily concern, and intrusion detection systems (IDS) play an essential role in the supervision of computer networks. An employed approach to combat network intrusions is the development of intrusion detection systems via machine learning techniques. The intrusion detection performance of these systems depends highly on the quality of the IDS dataset used in their design and the decision making for the most suitable machine learning algorithm becomes a difficult task. The proposed paper focuses on evaluate and accurate the model of intrusion detection system of different machine learning algorithms on two resampling techniques using the new CICIDS2017 dataset where Decision Trees, MLPs, and Random Forests on Stratified 10-Fold gives high stability in results with Precision, Recall, and F1-Scores of 98% and 99% with low execution times.

Intrusion Detection System for Malicious Traffic Using Evolutionary Search Algorithm

2020 ◽  
Vol 13 ◽  
Author(s):  
Samar Al-Saqqa ◽  
Mustafa Al-Fayoumi ◽  
Malik Qasaimeh
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Search Algorithm ◽  
Detection System ◽  
Feature Subset Selection ◽  
Intrusion Detection Systems ◽  
Feature Subset ◽  
Evolutionary Search ◽  
Detection Systems

Introduction: Intrusion detection systems play a key role in system security by identifying potential attacks and giving appropriate responses. As new attacks are always emerging, intrusion detection systems must adapt to these attacks, and more work is continuously needed to develop and propose new methods and techniques that can improve efficient and effective adaptive intrusion systems. Feature selection is one of the challenging areas that need more work because of its importance and impact on the performance of intrusion detection systems. This paper applies evolutionary search algorithm in feature subset selection for intrusion detection systems. Methods: The evolutionary search algorithm for the feature subset selection is applied and two classifiers are used, Naïve Bayes and decision tree J48, to evaluate system performance before and after features selection. NSL-KDD dataset and its subsets are used in all evaluation experiments. Results: The results show that feature selection using the evolutionary search algorithm enhances the intrusion detection system with respect to detection accuracy and detection of unknown attacks. Furthermore, time performance is achieved by reducing training time, which is reflected positively in overall system performance. Discussion: The evolutionary search applied to select IDS algorithm features can be developed by modifying and enhancing mutation and crossover operators and applying new enhanced techniques in the selection process, which can give better results and enhance the performance of intrusion detection for rare and complicated attacks. Conclusion: The evolutionary search algorithm is applied to find the best subset of features for the intrusion detection system. In conclusion, it is a promising approach to be used as a feature selection method for intrusion detection. The results showed better performance for the intrusion detection system in terms of accuracy and detection rate.

scholarly journals An Adversarial Approach for Intrusion Detection Systems Using Jacobian Saliency Map Attacks (JSMA) Algorithm

Computers ◽  
2020 ◽  
Vol 9 (3) ◽  
pp. 58
Author(s):  
Ayyaz Ul Haq Qureshi ◽  
Hadi Larijani ◽  
Mehdi Yousefi ◽  
Ahsan Adeel ◽  
Nhamoinesu Mtetwa
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Intelligent Systems ◽  
Detection System ◽  
Saliency Map ◽  
Intrusion Detection Systems ◽  
Specific Information ◽  
Detection Systems ◽  
Digital World ◽  
The Impact

In today’s digital world, the information systems are revolutionizing the way we connect. As the people are trying to adopt and integrate intelligent systems into daily lives, the risks around cyberattacks on user-specific information have significantly grown. To ensure safe communication, the Intrusion Detection Systems (IDS) were developed often by using machine learning (ML) algorithms that have the unique ability to detect malware against network security violations. Recently, it was reported that the IDS are prone to carefully crafted perturbations known as adversaries. With the aim to understand the impact of such attacks, in this paper, we have proposed a novel random neural network-based adversarial intrusion detection system (RNN-ADV). The NSL-KDD dataset is utilized for training. For adversarial attack crafting, the Jacobian Saliency Map Attack (JSMA) algorithm is used, which identifies the feature which can cause maximum change to the benign samples with minimum added perturbation. To check the effectiveness of the proposed adversarial scheme, the results are compared with a deep neural network which indicates that RNN-ADV performs better in terms of accuracy, precision, recall, F1 score and training epochs.

scholarly journals An IoT-Focused Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets

Sensors ◽  
2021 ◽  
Vol 21 (2) ◽  
pp. 656
Author(s):  
Xavier Larriva-Novo ◽  
Víctor A. Villagrá ◽  
Mario Vega-Barbas ◽  
Diego Rivera ◽  
Mario Sanz Rodrigo
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
High Performance ◽  
Learning Algorithm ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Statistical Characteristics ◽  
Detection Techniques ◽  
Traffic Characteristics ◽  
Benchmark Datasets

Security in IoT networks is currently mandatory, due to the high amount of data that has to be handled. These systems are vulnerable to several cybersecurity attacks, which are increasing in number and sophistication. Due to this reason, new intrusion detection techniques have to be developed, being as accurate as possible for these scenarios. Intrusion detection systems based on machine learning algorithms have already shown a high performance in terms of accuracy. This research proposes the study and evaluation of several preprocessing techniques based on traffic categorization for a machine learning neural network algorithm. This research uses for its evaluation two benchmark datasets, namely UGR16 and the UNSW-NB15, and one of the most used datasets, KDD99. The preprocessing techniques were evaluated in accordance with scalar and normalization functions. All of these preprocessing models were applied through different sets of characteristics based on a categorization composed by four groups of features: basic connection features, content characteristics, statistical characteristics and finally, a group which is composed by traffic-based features and connection direction-based traffic characteristics. The objective of this research is to evaluate this categorization by using various data preprocessing techniques to obtain the most accurate model. Our proposal shows that, by applying the categorization of network traffic and several preprocessing techniques, the accuracy can be enhanced by up to 45%. The preprocessing of a specific group of characteristics allows for greater accuracy, allowing the machine learning algorithm to correctly classify these parameters related to possible attacks.

scholarly journals Hybrid classification model to detect advanced intrusions using data mining techniques

2018 ◽  
Vol 7 (2.4) ◽  
pp. 10
Author(s):  
V Mala ◽  
K Meena
Keyword(s):  
Data Mining ◽  
Learning Algorithm ◽  
Detection System ◽  
Classification Model ◽  
Detection Methods ◽  
Data Mining Techniques ◽  
Detection Systems ◽  
Intruder Detection ◽  
Hybrid Classification ◽  
Using Data

Traditional signature based approach fails in detecting advanced malwares like stuxnet, flame, duqu etc. Signature based comparison and correlation are not up to the mark in detecting such attacks. Hence, there is crucial to detect these kinds of attacks as early as possible. In this research, a novel data mining based approach were applied to detect such attacks. The main innovation lies on Misuse signature detection systems based on supervised learning algorithm. In learning phase, labeled examples of network packets systems calls are (gave) provided, on or after which algorithm can learn about the attack which is fast and reliable to known. In order to detect advanced attacks, unsupervised learning methodologies were employed to detect the presence of zero day/ new attacks. The main objective is to review, different intruder detection methods. To study the role of Data Mining techniques used in intruder detection system. Hybrid –classification model is utilized to detect advanced attacks.

scholarly journals An analytical survey on the role of machine learning algorithms in case of intrusion detection

2020 ◽  
Vol 5 (19) ◽  
pp. 32-35
Author(s):  
Anand Vijay ◽  
Kailash Patidar ◽  
Manoj Yadav ◽  
Rishi Kushwah
Keyword(s):  
Artificial Intelligence ◽  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Handling Mechanism ◽  
The Impact

In this paper an analytical survey on the role of machine learning algorithms in case of intrusion detection has been presented and discussed. This paper shows the analytical aspects in the development of efficient intrusion detection system (IDS). The related study for the development of this system has been presented in terms of computational methods. The discussed methods are data mining, artificial intelligence and machine learning. It has been discussed along with the attack parameters and attack types. This paper also elaborates the impact of different attack and handling mechanism based on the previous papers.

scholarly journals An Intrusion Detection System for Smart Grid Neighborhood Area Network

2021 ◽  
Author(s):  
Nasim Beigi Mohammadi
Keyword(s):  
Intrusion Detection ◽  
Smart Grid ◽  
Intrusion Detection System ◽  
Detection System ◽  
Area Network ◽  
Wormhole Attack ◽  
Detection Systems ◽  
Wireless Mesh ◽  
First Time ◽  
Neighborhood Area Network

Smart grid is expected to improve the efficiency, reliability and economics of current energy systems. Using two-way flow of electricity and information, smart grid builds an automated, highly distributed energy delivery network. In this thesis, we present the requirements for intrusion detection systems in smart grid, neighborhood area network (NAN) in particular. We propose an intrusion detection system (IDS) that considers the constraints and requirements of the NAN. It captures the communication and computation overhead constraints as well as the lack of a central point to install the IDS. The IDS is distributed on some nodes which are powerful in terms of memory, computation and the degree of connectivity. Our IDS uses an analytical approach for detecting Wormhole attack. We simulate wireless mesh NANs in OPNET Modeler and for the first time, we integrate our analytical model in Maple from MapleSoft with our OPNET simulation model.

Sign in / Sign up

Export Citation Format

Share Document