An Intrusion Detection System Based on a Simplified Residual Network

Yuelei Xiao; Xing Xiao

doi:10.3390/info10110356

An Intrusion Detection System Based on a Simplified Residual Network

Information ◽

10.3390/info10110356 ◽

2019 ◽

Vol 10 (11) ◽

pp. 356 ◽

Cited By ~ 2

Author(s):

Yuelei Xiao ◽

Xing Xiao

Keyword(s):

Intrusion Detection ◽

Detection System ◽

Experimental Results ◽

Small Scale ◽

Residual Network ◽

Detection Systems ◽

Rectified Linear Unit ◽

Parametric Rectified Linear Unit ◽

Low Dimensional ◽

Residual Block

Residual networks (ResNets) are prone to over-fitting for low-dimensional and small-scale datasets. And the existing intrusion detection systems (IDSs) fail to provide better performance, especially for remote-to-local (R2L) and user-to-root (U2R) attacks. To overcome these problems, a simplified residual network (S-ResNet) is proposed in this paper, which consists of several cascaded, simplified residual blocks. Compared with the original residual block, the simplified residual block deletes a weight layer and two batch normalization (BN) layers, adds a pooling layer, and replaces the rectified linear unit (ReLU) function with the parametric rectified linear unit (PReLU) function. Based on the S-ResNet, a novel IDS was proposed in this paper, which includes a data preprocessing module, a random oversampling module, a S-Resnet layer, a full connection layer and a Softmax layer. The experimental results on the NSL-KDD dataset show that the IDS based on the S-ResNet has a higher accuracy, recall and F1-score than the equal scale ResNet-based IDS, especially for R2L and U2R attacks. And the former has faster convergence velocity than the latter. It proves that the S-ResNet reduces the complexity of the network and effectively prevents over-fitting; thus, it is more suitable for low-dimensional and small-scale datasets than ResNet. Furthermore, the experimental results on the NSL-KDD datasets also show that the IDS based on the S-ResNet achieves better performance in terms of accuracy and recall compared to the existing IDSs, especially for R2L and U2R attacks.

Download Full-text

A Fraud Detection System Based on Anomaly Intrusion Detection Systems for E-Commerce Applications

Computer and Information Science ◽

10.5539/cis.v7n2p117 ◽

2014 ◽

Vol 7 (2) ◽

Cited By ~ 4

Author(s):

Daniel Massa ◽

Raul Valverde

Keyword(s):

Intrusion Detection ◽

Detection System ◽

Fraud Detection ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Anomaly Intrusion Detection

Download Full-text

An Intrusion Detection System for Smart Grid Neighborhood Area Network

10.32920/ryerson.14656977.v1 ◽

2021 ◽

Author(s):

Nasim Beigi Mohammadi

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Detection System ◽

Area Network ◽

Wormhole Attack ◽

Detection Systems ◽

Wireless Mesh ◽

First Time ◽

Neighborhood Area Network

Smart grid is expected to improve the efficiency, reliability and economics of current energy systems. Using two-way flow of electricity and information, smart grid builds an automated, highly distributed energy delivery network. In this thesis, we present the requirements for intrusion detection systems in smart grid, neighborhood area network (NAN) in particular. We propose an intrusion detection system (IDS) that considers the constraints and requirements of the NAN. It captures the communication and computation overhead constraints as well as the lack of a central point to install the IDS. The IDS is distributed on some nodes which are powerful in terms of memory, computation and the degree of connectivity. Our IDS uses an analytical approach for detecting Wormhole attack. We simulate wireless mesh NANs in OPNET Modeler and for the first time, we integrate our analytical model in Maple from MapleSoft with our OPNET simulation model.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

Comprehensive Examination of Network Intrusion Detection Models on Data Science

International Journal of Information Retrieval Research ◽

10.4018/ijirr.2021100102 ◽

2021 ◽

Vol 11 (4) ◽

pp. 14-40

Author(s):

Shyla ◽

Vishal Bhatnagar

Keyword(s):

Intrusion Detection ◽

Data Science ◽

Detection System ◽

High Detection Rate ◽

Detection Systems ◽

Network Intrusion ◽

Comprehensive Examination ◽

Security Infrastructure ◽

Science Methodology ◽

Best Fit

The increased requirement of data science in recent times has given rise to the concept of data security, which has become a major issue; thus, the amalgamation of data science methodology with intrusion detection systems as a field of research has acquired a lot of prominence. The level of access to the information system and its visibility to user pursuit was required to operate securely. Intrusion detection has been gaining popularity in the area of data science to incorporate the overall information security infrastructure, where regular operations depend upon shared use of information. The problems are to build an intrusion detection system efficient enough for detecting attacks and to reduce the false positives with a high detection rate. In this paper, the authors analyse various techniques of intrusion detection combined with data science, which will help in understanding the best fit technique under different circumstances.

Download Full-text

A Review of Intrusion Detection Systems in Cloud Computing

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch003 ◽

2019 ◽

pp. 54-83

Author(s):

Chiba Zouhair ◽

Noreddine Abghour ◽

Khalid Moussaid ◽

Amina El Omri ◽

Mohamed Rida

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Detection System ◽

Security Requirements ◽

Intrusion Detection Systems ◽

Cloud Environment ◽

Detection Techniques ◽

Detection Systems ◽

Cloud Architecture ◽

Data Source

Security is a major challenge faced by cloud computing (CC) due to its open and distributed architecture. Hence, it is vulnerable and prone to intrusions that affect confidentiality, availability, and integrity of cloud resources and offered services. Intrusion detection system (IDS) has become the most commonly used component of computer system security and compliance practices that defends cloud environment from various kinds of threats and attacks. This chapter presents the cloud architecture, an overview of different intrusions in the cloud, the challenges and essential characteristics of cloud-based IDS (CIDS), and detection techniques used by CIDS and their types. Then, the authors analyze 24 pertinent CIDS with respect to their various types, positioning, detection time, and data source. The analysis also gives the strength of each system and limitations in order to evaluate whether they carry out the security requirements of CC environment or not.

Download Full-text

A Survey on Intrusion Detection System for Software Defined Networks (SDN)

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch023 ◽

2021 ◽

pp. 467-489

Author(s):

Yogita Hande ◽

Akkalashmi Muddana

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Intrusion Detection ◽

Network Architecture ◽

Detection System ◽

Learning Approach ◽

Distinctive Features ◽

Detection Systems ◽

Security Challenges ◽

Deep Learning Model

Presently, the advances of the internet towards a wide-spread growth and the static nature of traditional networks has limited capacity to cope with organizational business needs. The new network architecture software defined networking (SDN) appeared to address these challenges and provides distinctive features. However, these programmable and centralized approaches of SDN face new security challenges which demand innovative security mechanisms like intrusion detection systems (IDS's). The IDS of SDN are designed currently with a machine learning approach; however, a deep learning approach is also being explored to achieve better efficiency and accuracy. In this article, an overview of the SDN with its security concern and IDS as a security solution is explained. A survey of existing security solutions designed to secure the SDN, and a comparative study of various IDS approaches based on a deep learning model and machine learning methods are discussed in the article. Finally, we describe future directions for SDN security.

Download Full-text

The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽

10.3390/s20092559 ◽

2020 ◽

Vol 20 (9) ◽

pp. 2559 ◽

Cited By ~ 9

Author(s):

Celestine Iwendi ◽

Suleman Khan ◽

Joseph Henry Anajemba ◽

Mohit Mittal ◽

Mamdouh Alenezi ◽

...

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Detection System ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Ensemble Models ◽

Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

Download Full-text

A Survey on Intrusion Detection System for Software Defined Networks (SDN)

International Journal of Business Data Communications and Networking ◽

10.4018/ijbdcn.2020010103 ◽

2020 ◽

Vol 16 (1) ◽

pp. 28-47 ◽

Cited By ~ 5

Author(s):

Yogita Hande ◽

Akkalashmi Muddana

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Intrusion Detection ◽

Network Architecture ◽

Detection System ◽

Learning Approach ◽

Distinctive Features ◽

Detection Systems ◽

Security Challenges ◽

Machine Learning Approach

Download Full-text

Synthetic Minority Oversampling Technique for Optimizing Classification Tasks in Botnet and Intrusion-Detection-System Datasets

Applied Sciences ◽

10.3390/app10030794 ◽

2020 ◽

Vol 10 (3) ◽

pp. 794 ◽

Cited By ~ 5

Author(s):

David Gonzalez-Cuautle ◽

Aldo Hernandez-Suarez ◽

Gabriel Sanchez-Perez ◽

Linda Karina Toscano-Medina ◽

Jose Portillo-Portillo ◽

...

Keyword(s):

Intrusion Detection ◽

Learning Algorithm ◽

Search Algorithm ◽

Detection System ◽

Optimization Procedure ◽

Algorithm Optimization ◽

Detection Systems ◽

Lack Of Information ◽

Supervised Learning Algorithms ◽

The Impact

Presently, security is a hot research topic due to the impact in daily information infrastructure. Machine-learning solutions have been improving classical detection practices, but detection tasks employ irregular amounts of data since the number of instances that represent one or several malicious samples can significantly vary. In highly unbalanced data, classification models regularly have high precision with respect to the majority class, while minority classes are considered noise due to the lack of information that they provide. Well-known datasets used for malware-based analyses like botnet attacks and Intrusion Detection Systems (IDS) mainly comprise logs, records, or network-traffic captures that do not provide an ideal source of evidence as a result of obtaining raw data. As an example, the numbers of abnormal and constant connections generated by either botnets or intruders within a network are considerably smaller than those from benign applications. In most cases, inadequate dataset design may lead to the downgrade of a learning algorithm, resulting in overfitting and poor classification rates. To address these problems, we propose a resampling method, the Synthetic Minority Oversampling Technique (SMOTE) with a grid-search algorithm optimization procedure. This work demonstrates classification-result improvements for botnet and IDS datasets by merging synthetically generated balanced data and tuning different supervised-learning algorithms.

Download Full-text

Fusion of Feature Selection and Random Forest for an Anomaly-Based Intrusion Detection System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8332 ◽

2019 ◽

Vol 16 (8) ◽

pp. 3603-3607 ◽

Cited By ~ 1

Author(s):

Shraddha Khonde ◽

V. Ulagamuthalvi

Keyword(s):

Feature Selection ◽

Random Forest ◽

Intrusion Detection ◽

Real Time ◽

Intrusion Detection System ◽

New Technologies ◽

Detection System ◽

Sensitive Data ◽

Detection Systems ◽

New Type

Considering current network scenario hackers and intruders has become a big threat today. As new technologies are emerging fast, extensive use of these technologies and computers, what plays an important role is security. Most of the computers in network can be easily compromised with attacks. Big issue of concern is increase in new type of attack these days. Security to the sensitive data is very big threat to deal with, it need to consider as high priority issue which should be addressed immediately. Highly efficient Intrusion Detection Systems (IDS) are available now a days which detects various types of attacks on network. But we require the IDS which is intelligent enough to detect and analyze all type of new threats on the network. Maximum accuracy is expected by any of this intelligent intrusion detection system. An Intrusion Detection System can be hardware or software that analyze and monitors all activities of network to detect malicious activities happened inside the network. It also informs and helps administrator to deal with malicious packets, which if enters in network can harm more number of computers connected together. In our work we have implemented an intellectual IDS which helps administrator to analyze real time network traffic. IDS does it by classifying packets entering into the system as normal or malicious. This paper mainly focus on techniques used for feature selection to reduce number of features from KDD-99 dataset. This paper also explains algorithm used for classification i.e., Random Forest which works with forest of trees to classify real time packet as normal or malicious. Random forest makes use of ensembling techniques to give final output which is derived by combining output from number of trees used to create forest. Dataset which is used while performing experiments is KDD-99. This dataset is used to train all trees to get more accuracy with help of random forest. From results achieved we can observe that random forest algorithm gives more accuracy in distributed network with reduced false alarm rate.

Download Full-text