Flow Based Classification for Specification Based Intrusion Detection in Software Defined Networking

Nithya Sampath;  Dinakaran M.

doi:10.4018/ijsi.2019040101

Flow Based Classification for Specification Based Intrusion Detection in Software Defined Networking

International Journal of Software Innovation ◽

10.4018/ijsi.2019040101 ◽

2019 ◽

Vol 7 (2) ◽

pp. 1-8

Author(s):

Nithya Sampath ◽

Dinakaran M.

Keyword(s):

Intrusion Detection ◽

Information Gain ◽

Detection System ◽

Software Defined Networking ◽

Network Attack ◽

Detection Systems ◽

Learning Techniques ◽

Proposed Model ◽

And Control

Software defined networking assures the space for network management, SDNs will possibly replace traditional networks by decoupling the data plane and control plane which provides security by means of a global visibility of the network state. This separation provides a solution for developing secure framework efficiently. Open flow protocol provides a programmatic control over the network traffic by writing rules, which acts as a network attack defence. A robust framework is proposed for intrusion detection systems by integrating the feature ranking using information gain for minimizing the irrelevant features for SDN, writing fuzzy-association flow rules and supervised learning techniques for effective classification of intruders. The experimental results obtained on the KDD dataset shows that the proposed model performs with a higher accuracy, and generates an effective intrusion detection system and reduces the ratio of attack traffic.

Download Full-text

Decision Tree: A Machine Learning for Intrusion Detection

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.f1234.0486s419 ◽

2019 ◽

Vol 8 (6S4) ◽

pp. 1126-1130

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Detection System ◽

Research Work ◽

Machine Learning Techniques ◽

Data Sets ◽

Legitimate User ◽

Learning Techniques ◽

Three Stages

The Intrusion is a major threat to unauthorized data or legal network using the legitimate user identity or any of the back doors and vulnerabilities in the network. IDS mechanisms are developed to detect the intrusions at various levels. The objective of the research work is to improve the Intrusion Detection System performance by applying machine learning techniques based on decision trees for detection and classification of attacks. The methodology adapted will process the datasets in three stages. The experimentation is conducted on KDDCUP99 data sets based on number of features. The Bayesian three modes are analyzed for different sized data sets based upon total number of attacks. The time consumed by the classifier to build the model is analyzed and the accuracy is done.

Download Full-text

Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation

EURASIP Journal on Information Security ◽

10.1186/s13635-019-0098-y ◽

2019 ◽

Vol 2019 (1) ◽

Cited By ~ 4

Author(s):

Jivitesh Sharma ◽

Charul Giri ◽

Ole-Christoffer Granmo ◽

Morten Goodwin

Keyword(s):

Intrusion Detection ◽

Extreme Learning Machine ◽

Detection System ◽

Binary Classification ◽

Detection Systems ◽

Weighted Extreme Learning Machine ◽

Three Stages ◽

Learning Machine ◽

Multi Class Classification

Abstract Recent advances in intrusion detection systems based on machine learning have indeed outperformed other techniques, but struggle with detecting multiple classes of attacks with high accuracy. We propose a method that works in three stages. First, the ExtraTrees classifier is used to select relevant features for each type of attack individually for each (ELM). Then, an ensemble of ELMs is used to detect each type of attack separately. Finally, the results of all ELMs are combined using a softmax layer to refine the results and increase the accuracy further. The intuition behind our system is that multi-class classification is quite difficult compared to binary classification. So, we divide the multi-class problem into multiple binary classifications. We test our method on the UNSW and KDDcup99 datasets. The results clearly show that our proposed method is able to outperform all the other methods, with a high margin. Our system is able to achieve 98.24% and 99.76% accuracy for multi-class classification on the UNSW and KDDcup99 datasets, respectively. Additionally, we use the weighted extreme learning machine to alleviate the problem of imbalance in classification of attacks, which further boosts performance. Lastly, we implement the ensemble of ELMs in parallel using GPUs to perform intrusion detection in real time.

Download Full-text

MODELLING OF AN INTRUSION DETECTION SYSTEM USING C4.5 MACHINE LEARNING ALGORITHM

FUDMA Journal of Sciences ◽

10.33003/fjs-2020-0404-502 ◽

2021 ◽

Vol 4 (4) ◽

pp. 454-459

Author(s):

Oyenike Mary Olanrewaju ◽

Faith Oluwatosin Echobu ◽

Abubakar Mogaji

Keyword(s):

Intrusion Detection ◽

Security Policy ◽

Learning Algorithm ◽

Detection System ◽

Knowledge Discovery In Databases ◽

Protocol Violation ◽

Detection Model ◽

Software Applications ◽

Detection Systems ◽

Proposed Model

The increasing growth of wireless networking and new mobile computing devices has caused boundaries between trusted and malicious users to be blurred. The shift in security priorities from the network perimeter to information protection and user resources security is an open area for research which is concerned with the protection of user information’s confidentiality, integrity and availability. Intrusion detection systems are programs or software applications embedded in sophisticated devices to monitor the activities on networks or systems for security, policy or protocol violation or malicious activities detection. In this work, an intrusion detection model was proposed using C4.5 algorithm which was implemented with WEKA tool and RAPID MINER. The model showed good performance when trained and tested with validation techniques. Implementation of the proposed model was conducted on the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) dataset, an improved version of KDD 99 dataset, which showed that the proposed model approach has an average detection rate of 99.62% and reduced false alarm rate of 0.38%.

Download Full-text

A New Deep Learning Approach for Anomaly Base IDS using Memetic Classifier

International Journal of Computers Communications & Control ◽

10.15837/ijccc.2017.5.2972 ◽

2017 ◽

Vol 12 (5) ◽

pp. 677 ◽

Cited By ~ 10

Author(s):

Shahriar Mohammadi ◽

Amin Namadchian

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Large Scale ◽

Detection System ◽

Intrusion Detection Systems ◽

Learning Approach ◽

Detection Systems ◽

Video Mining ◽

Proposed Model ◽

Evaluation Algorithm

A model of an intrusion-detection system capable of detecting attack in computer networks is described. The model is based on deep learning approach to learn best features of network connections and Memetic algorithm as final classifier for detection of abnormal traffic.One of the problems in intrusion detection systems is large scale of features. Which makes typical methods data mining method were ineffective in this area. Deep learning algorithms succeed in image and video mining which has high dimensionality of features. It seems to use them to solve the large scale of features problem of intrusion detection systems is possible. The model is offered in this paper which tries to use deep learning for detecting best features.An evaluation algorithm is used for produce final classifier that work well in multi density environments.We use NSL-KDD and Kdd99 dataset to evaluate our model, our findings showed 98.11 detection rate. NSL-KDD estimation shows the proposed model has succeeded to classify 92.72% R2L attack group.

Download Full-text

A New Ensemble-Based Intrusion Detection System for Internet of Things

Arabian Journal for Science and Engineering ◽

10.1007/s13369-021-06086-5 ◽

2021 ◽

Author(s):

Adeel Abbas ◽

Muazzam A. Khan ◽

Shahid Latif ◽

Maria Ajaz ◽

Awais Aziz Shah ◽

...

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Model ◽

Detection Systems ◽

Proposed Model ◽

Attack Patterns ◽

Multi Class Classification

AbstractThe domain of Internet of Things (IoT) has witnessed immense adaptability over the last few years by drastically transforming human lives to automate their ordinary daily tasks. This is achieved by interconnecting heterogeneous physical devices with different functionalities. Consequently, the rate of cyber threats has also been raised with the expansion of IoT networks which puts data integrity and stability on stake. In order to secure data from misuse and unusual attempts, several intrusion detection systems (IDSs) have been proposed to detect the malicious activities on the basis of predefined attack patterns. The rapid increase in such kind of attacks requires improvements in the existing IDS. Machine learning has become the key solution to improve intrusion detection systems. In this study, an ensemble-based intrusion detection model has been proposed. In the proposed model, logistic regression, naive Bayes, and decision tree have been deployed with voting classifier after analyzing model’s performance with some prominent existing state-of-the-art techniques. Moreover, the effectiveness of the proposed model has been analyzed using CICIDS2017 dataset. The results illustrate significant improvement in terms of accuracy as compared to existing models in terms of both binary and multi-class classification scenarios.

Download Full-text

An Improved Intrusion Detection System to Preserve Security in Cloud Environment

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020010105 ◽

2020 ◽

Vol 14 (1) ◽

pp. 67-80 ◽

Cited By ~ 1

Author(s):

Partha Ghosh ◽

Sumit Biswas ◽

Shivam Shakti ◽

Santanu Phadikar

Keyword(s):

Mutual Information ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Information Gain ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Minimal Loss ◽

Increasing Demand ◽

Do So

Cloud computing, also known as on-demand computing, provides different kinds of services for the users. As the name suggests, its increasing demand makes it prone to various intruders affecting the privacy and integrity of the data stored in the cloud. To cope with this situation, intrusion detection systems (IDS) are implemented in the cloud. An effective IDS constitutes of less time-consuming algorithm with less space complexity and higher accuracy. To do so, the number of features are reduced while maintaining minimal loss of information. In this paper, the authors have proposed a model by which the features are selected on the basis of mutual information gain among correlated features. To achieve this, they first group the features according to the correlativity. Then from each group, the features with the highest mutual information gain in their respective groups are selected. This led them to a reduced feature set which provides quick learning and thus produces a better IDS that would secure the data in the cloud.

Download Full-text

Support Based Graph Framework for Effective Intrusion Detection and Classification

10.21203/rs.3.rs-1035364/v1 ◽

2021 ◽

Author(s):

Rahul B Adhao ◽

Vinod K Pachghare

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Krill Herd ◽

Positive Rate ◽

Time Accuracy

Abstract Intrusion Detection System is one of the worthwhile areas for researchers for a long. Numbers of researchers have worked for increasing the efficiency of Intrusion Detection Systems. But still, many challenges are present in modern Intrusion Detection Systems. One of the major challenges is controlling the false positive rate. In this paper, we have presented an efficient soft computing framework for the classification of intrusion detection dataset to diminish a false positive rate. The proposed processing steps are described as; the input data is at first pre-processed by the normalization process. Afterward, optimal features are chosen for the dimensionality decrease utilizing krill herd optimization. Here, the effective feature assortment is utilized to enhance classification accuracy. Support value is then estimated from ideally chosen features and lastly, a support value-based graph is created for the powerful classification of data into intrusion or normal. The exploratory outcomes demonstrate that the presented technique outperforms the existing techniques regarding different performance examinations like execution time, accuracy, false-positive rate, and their intrusion detection model increases the detection rate and decreases the false rate.

Download Full-text

Binary Classification of Network-Generated Flow Data Using a Machine Learning Algorithm

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2021010102 ◽

2021 ◽

Vol 15 (1) ◽

pp. 26-43

Author(s):

Sikha Bagui ◽

Keenal M. Shah ◽

Yizhi Hu ◽

Subhash Bagui

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Information Gain ◽

Learning Algorithm ◽

Binary Classification ◽

Intrusion Detection Systems ◽

Machine Learning Algorithm ◽

Detection Systems ◽

Data Environment

This study proposes a model for building intrusion detection systems. The dataset used, CICIDS 2017, contains 14 different attacks with 85 features for each attack. This high dimensionality of the data is a major challenge when building efficient intrusion detection systems, especially in today's big data environment, since a lot of the features are redundant. The main goal in this paper was to reduce the number of features and present a detailed discussion of the important features. For feature selection, information gain was used in an iterative way, and for classification, a machine learning algorithm, the J48 decision tree algorithm, was used. The important features for the classification of each attack were identified, and the features that were important for classifying multiple attacks were also identified and discussed.

Download Full-text

A novel time efficient learning-based approach for smart intrusion detection system

Journal Of Big Data ◽

10.1186/s40537-021-00498-8 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

Sugandh Seth ◽

Gurvinder Singh ◽

Kuljit Kaur Chahal

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Gradient Boosting ◽

Detection Systems ◽

Network Parameters ◽

Proposed Model ◽

Precision Rate

Abstract Background The ever increasing sophistication of intrusion approaches has led to the dire necessity for developing Intrusion Detection Systems with optimal efficacy. However, existing Intrusion Detection Systems have been developed using outdated attack datasets, with more focus on prediction accuracy and less on prediction latency. The smart Intrusion Detection System framework evolution looks forward to designing and deploying security systems that use various parameters for analyzing current and dynamic traffic trends and are highly time-efficient in predicting intrusions. Aims This paper proposes a novel approach for a time-efficient and smart Intrusion Detection System. Method Herein, we propose a Hybrid Feature Selection approach that aims to reduce the prediction latency without affecting attack prediction performance by lowering the model's complexity. Light Gradient Boosting Machine (LightGBM), a fast gradient boosting framework, is used to build the model on the latest CIC-IDS 2018 dataset. Results The proposed feature selection reduces the prediction latency ranging from 44.52% to 2.25% and the model building time ranging from 52.68% to 17.94% in various algorithms on the CIC-IDS 2018 dataset. The proposed model with hybrid feature selection and LightGBM gives 97.73% accuracy, 96% sensitivity, 99.3% precision rate, and comparatively low prediction latency. The proposed model successfully achieved a raise of 1.5% in accuracy rate and 3% precision rate over the existing model. An in-depth analysis of network parameters is also performed, which gives a deep insight into the variation of network parameters during the benign and malicious sessions.

Download Full-text

Machine Learning Based Intrusion Detection System

Computational Methodologies for Electrical and Electronics Engineers - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-7998-3327-7.ch011 ◽

2021 ◽

pp. 140-149

Author(s):

Ashish Pandey ◽

Neelendra Badal

Keyword(s):

Machine Learning ◽

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Machine Learning Techniques ◽

Detection Systems ◽

Learning Techniques ◽

Passive Network

Security is one of the fundamental issues for both computer systems and computer networks. Intrusion detection system (IDS) is a crucial tool in the field of network security. There are a lot of scopes for research in this pervasive field. Intrusion detection systems are designed to uncover both known and unknown attacks. There are many methods used in intrusion detection system to guard computers and networks from attacks. These attacks can be active or passive, network based or host based, or any combination of it. Current research uses machine learning techniques to make intrusion detection systems more effective against any kind of attack. This survey examines designing methodology of intrusion detection system and its classification types. It also reviews the trend of machine learning techniques used from past decade. Related studies comprise performance of various classifiers on KDDCUP99 and NSL-KDD dataset.

Download Full-text