An Efficient Mixed Attribute Outlier Detection Method for Identifying Network Intrusions

2020 ◽  
Vol 14 (3) ◽  
pp. 115-133
Author(s):  
J. Rene Beulah ◽  
D. Shalini Punithavathani
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Vital Role ◽  
Training Data ◽  
Detection Systems ◽  
Normal Behavior ◽  
Network Intrusions ◽  
Testing Data ◽  
Selection Phase

Intrusion detection systems (IDS) play a vital role in protecting information systems from intruders. Anomaly-based IDS has established its effectiveness in identifying new and unseen attacks. It learns the normal usage pattern of a network and any event that significantly deviates from the normal behavior is signaled as an intrusion. The crucial challenge in anomaly-based IDS is to reduce false alarm rate. In this article, a clustering-based outlier detection (CBOD) approach is proposed for classifying normal and intrusive patterns. The proposed scheme operates in three modules: an improved hybrid feature selection phase that extracts the most relevant features, a training phase that learns the normal pattern in the training data by forming clusters, and a testing phase that identifies outliers in the testing data. The proposed method is applied for NSL-KDD benchmark dataset and the experimental results yielded a 97.84% detection rate (DR), a 1.88% false alarm rate (FAR), and a 97.96% classification accuracy (ACC). This proposal appears to be promising in terms of DR, FAR and ACC.

scholarly journals Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1375
Author(s):  
Celestine Iwendi ◽  
Joseph Henry Anajemba ◽  
Cresantus Biamba ◽  
Desire Ngabo
Keyword(s):  
Genetic Algorithm ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Web Security ◽  
Intrusion Detection Systems ◽  
High Detection Rate ◽  
Detection Systems ◽  
Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

scholarly journals Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

2012 ◽  
Vol 2012 ◽  
pp. 1-10 ◽  
Author(s):  
S. Ganapathy ◽  
P. Yogesh ◽  
A. Kannan
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Intelligent Agent ◽  
Support Vector ◽  
Detection Accuracy ◽  
Data Set ◽  
Agent Based ◽  
Multiclass Svm

Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set.

ODARM

2010 ◽  
pp. 40-56
Author(s):  
Fu Xiao ◽  
Xie Li
Keyword(s):  
Intrusion Detection ◽  
Outlier Detection ◽  
Domain Knowledge ◽  
Reduction Rate ◽  
Main Idea ◽  
False Positives ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Data Mining Technique ◽  
Detection Systems

Intrusion Detection Systems (IDSs) are widely deployed with increasing of unauthorized activities and attacks. However they often overload security managers by triggering thousands of alerts per day. And up to 99% of these alerts are false positives (i.e. alerts that are triggered incorrectly by benign events). This makes it extremely difficult for managers to correctly analyze security state and react to attacks. In this chapter the authors describe a novel system for reducing false positives in intrusion detection, which is called ODARM (an Outlier Detection-Based Alert Reduction Model). Their model based on a new data mining technique, outlier detection that needs no labeled training data, no domain knowledge and little human assistance. The main idea of their method is using frequent attribute values mined from historical alerts as the features of false positives, and then filtering false alerts by the score calculated based on these features. In order to filter alerts in real time, they also design a two-phrase framework that consists of the learning phrase and the online filtering phrase. Now they have finished the prototype implementation of our model. And through the experiments on DARPA 2000, they have proved that their model can effectively reduce false positives in IDS alerts. And on real-world dataset, their model has even higher reduction rate.

scholarly journals The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽  
2020 ◽  
Vol 20 (9) ◽  
pp. 2559 ◽  
Author(s):  
Celestine Iwendi ◽  
Suleman Khan ◽  
Joseph Henry Anajemba ◽  
Mohit Mittal ◽  
Mamdouh Alenezi ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection System ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Ensemble Models ◽  
Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

scholarly journals Incorporating Background Checks with Sentiment Analysis to Identify Violence Risky Chinese Microblogs

2019 ◽  
Vol 11 (9) ◽  
pp. 200
Author(s):  
Yun-Fei Jia ◽  
Shan Li ◽  
Renbiao Wu
Keyword(s):  
False Alarm ◽  
Sentiment Analysis ◽  
False Alarm Rate ◽  
Training Data ◽  
Support Vector ◽  
The Internet ◽  
Violence Risk ◽  
Multiple Perspectives ◽  
Speech Detection ◽  
Background Checks

Based on Web 2.0 technology, more and more people tend to express their attitude or opinions on the Internet. Radical ideas, rumors, terrorism, or violent contents are also propagated on the Internet, causing several incidents of social panic every year in China. In fact, most of this content comprises joking or emotional catharsis. To detect this with conventional techniques usually incurs a large false alarm rate. To address this problem, this paper introduces a technique that combines sentiment analysis with background checks. State-of-the-art sentiment analysis usually depends on training datasets in a specific topic area. Unfortunately, for some domains, such as violence risk speech detection, there is no definitive training data. In particular, topic-independent sentiment analysis of short Chinese text has been rarely reported in the literature. In this paper, the violence risk of the Chinese microblogs is calculated from multiple perspectives. First, a lexicon-based method is used to retrieve violence-related microblogs, and then a similarity-based method is used to extract sentiment words. Semantic rules and emoticons are employed to obtain the sentiment polarity and sentiment strength of short texts. Second, the activity risk is calculated based on the characteristics of part of speech (PoS) sequence and by semantic rules, and then a threshold is set to capture the key users. Finally, the risk is confirmed by historical speeches and the opinions of the friend-circle of the key users. The experimental results show that the proposed approach outperforms the support vector machine (SVM) method on a topic-independent corpus and can effectively reduce the false alarm rate.

Machine Learning Techniques for Intrusion Detection

2020 ◽  
pp. 47-65
Author(s):  
Tameem Ahmad ◽  
Mohd Asad Anwar ◽  
Misbahul Haque
Keyword(s):  
Random Forest ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Clustering Algorithms ◽  
Training Data ◽  
Hybrid Classifier ◽  
Random Forest Classification ◽  
Forest Classification

This chapter proposes a hybrid classifier technique for network Intrusion Detection System by implementing a method that combines Random Forest classification technique with K-Means and Gaussian Mixture clustering algorithms. Random-forest will build patterns of intrusion over a training data in misuse-detection, while anomaly-detection intrusions will be identiðed by the outlier-detection mechanism. The implementation and simulation of the proposed method for various metrics are carried out under varying threshold values. The effectiveness of the proposed method has been carried out for metrics such as precision, recall, accuracy rate, false alarm rate, and detection rate. The various existing algorithms are analyzed extensively. It is observed experimentally that the proposed method gives superior results compared to the existing simpler classifiers as well as existing hybrid classifier techniques. The proposed hybrid classifier technique outperforms other common existing classifiers with an accuracy of 99.84%, false alarm rate as 0.09% and the detection rate as 99.7%.

Normalized residual-based constant false-alarm rate outlier detection

2016 ◽  
Vol 69 ◽  
pp. 1-7 ◽  
Author(s):  
Xiaohu Ru ◽  
Zheng Liu ◽  
Zhitao Huang ◽  
Wenli Jiang
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Constant False Alarm Rate

scholarly journals On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks

2022 ◽  
Vol 12 (2) ◽  
pp. 852
Author(s):  
Jesús Díaz-Verdejo ◽  
Javier Muñoz-Calle ◽  
Antonio Estepa Alonso ◽  
Rafael Estepa Alonso ◽  
Germán Madinabeitia
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Real Life ◽  
Intrusion Detection Systems ◽  
Operational Environment ◽  
Detection Systems ◽  
Web Attacks ◽  
Trade Offs

Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort’s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.

scholarly journals An Intelligent Agent Based Intrusion Detection System Using Fuzzy Rough Set Based Outlier Detection

2011 ◽  
pp. 91-94
Author(s):  
N. Jaisankar ◽  
M Ganapathy ◽  
A Kannan ◽  
K Anand
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Rough Set ◽  
Intelligent Agent ◽  
Experimental Result ◽  
Fuzzy Rough Set ◽  
Data Set ◽  
Agent Based

Since existing Intrusion Detection Systems (IDS) including misuse detection and anomoly detection are generally incapable of detecting new type of attacks. However, all these systems are capable of detecting intruders with high false alarm rate. It is an urgent need to develop IDS with very high Detection rate and with low False alarm rate. To satisfy this need we propose a new intelligent agent based IDS using Fuzzy Rough Set based outlier detection and Fuzzy Rough set based SVM. In this proposed model we intorduced two different inteligent agents namely feature selection agent to select the required feature set using fuzzy rough sets and decision making agent manager for making final decision. Moreover, we have introduced fuzzy rough set based outlier detection algorithm to detect outliers. We have also adopted Fuzzy Rough based SVM in our system to classify and detect anomalies efficiently. Finally, we have used KDD Cup 99 data set for our experiment, the experimental result show that the proposed intelligent agent based model improves the overall accuracy and reduces the false alarm rate.

Sign in / Sign up

Export Citation Format

Share Document