A novel Approach Using “Supervised and Unsupervised learning” to prevent the Adequacy of Intrusion Detection Systems

Countering digital dangers, particularly assault detection, is a testing region of research in the field of data affirmation. Intruders utilize polymorphic instruments to disguise the assault payload and dodge the detection methods. Many supervised and unsupervised learning comes closer from the field of machine learning and example acknowledgments have been utilized to expand the adequacy of intrusion detection systems (IDSs). Supervised learning approaches utilize just marked examples to prepare a classifier, however getting adequate named tests is lumbering, and requires the endeavors of area specialists. Notwithstanding, un-marked examples can without much of a stretch be acquired in some genuine issues. Contrasted with super-vised learning approaches, semi-supervised learning (SSL) addresses this issue by considering expansive number of unlabeled examples together with the marked examples to fabricate a superior classifier. In today’s age security is a big issue and every day when we are on the internet we are exposed to a huge number of threats where our personal information can be leaked. The information security and the Intrusion Detection System (IDS) play a critical role in the internet. IDS isan essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality, and system availability against possible threats. In this paper, we are proposing a modified Elitist approach where the value of fitness is multiplied by the times a variable which is determined on the basis of the value of Kappa (K).

Download Full-text

The Use of Artificial-Intelligence-Based Ensembles for Intrusion Detection: A Review

Applied Computational Intelligence and Soft Computing ◽

10.1155/2012/850160 ◽

2012 ◽

Vol 2012 ◽

pp. 1-20 ◽

Cited By ~ 15

Author(s):

Gulshan Kumar ◽

Krishan Kumar

Keyword(s):

Artificial Intelligence ◽

Intrusion Detection ◽

Supervised Learning ◽

Ensemble Learning ◽

Classification Performance ◽

Intrusion Detection Systems ◽

Future Directions ◽

Comprehensive Review ◽

Detection Systems ◽

Combination Methods

In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI-) based techniques play prominent role in development of ensemble for intrusion detection (ID) and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular) during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1) architecture & approach followed; (2) different methods utilized in different phases of ensemble learning; (3) other measures used to evaluate classification performance of the ensembles. The paper also provides the future directions of the research in this area. The paper will help the better understanding of different directions in which research of ensembles has been done in general and specifically: field of intrusion detection systems (IDSs).

Download Full-text

Intrusion Detection of Cyber-Physical Attacks in Manufacturing Systems: A Review

Volume 2B: Advanced Manufacturing ◽

10.1115/imece2019-10135 ◽

2019 ◽

Author(s):

Mingtao Wu ◽

Young B. Moon

Keyword(s):

Intrusion Detection ◽

Manufacturing Systems ◽

High Volume ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Detection Methods ◽

False Alarms ◽

Alert Correlation ◽

Acoustic Image ◽

Detection Systems

Abstract Cyber-physical manufacturing system is the vision of future manufacturing systems where physical components are fully integrated through various networks and the Internet. The integration enables the access to computation resources that can improve efficiency, sustainability and cost-effectiveness. However, its openness and connectivity also enlarge the attack surface for cyber-attacks and cyber-physical attacks. A critical challenge in defending those attacks is that current intrusion detection methods cannot timely detect cyber-physical attacks. Studies showed that the physical detection provides a higher accuracy and a shorter respond time compared to network-based or host-based intrusion detection systems. Moreover, alert correlation and management methods help reducing the number of alerts and identifying the root cause of the attack. In this paper, the intrusion detection research relevant to cyber-physical manufacturing security is reviewed. The physical detection methods — using side-channel data, including acoustic, image, acceleration, and power consumption data to disclose attacks during the manufacturing process — are analyzed. Finally, the alert correlation methods — that manage the high volume of alerts generated from intrusion detection systems via logical relationships to reduce the data redundancy and false alarms — are reviewed. The study show that the cyber-physical attacks are existing and rising concerns in industry. Also, the increasing efforts in cyber-physical intrusion detection and correlation research can be utilized to secure the future manufacturing systems.

Download Full-text

Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Entropy ◽

10.3390/e23060776 ◽

2021 ◽

Vol 23 (6) ◽

pp. 776

Author(s):

Marcin Niemiec ◽

Rafał Kościej ◽

Bartłomiej Gdowski

Keyword(s):

Intrusion Detection ◽

Heuristic Algorithm ◽

Detection Algorithm ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Thresholds ◽

Detection Systems ◽

Different Types ◽

Ongoing Development ◽

Network Environments

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

Download Full-text

Intrusion detection systems in the Internet of things: A comprehensive investigation

Computer Networks ◽

10.1016/j.comnet.2019.05.014 ◽

2019 ◽

Vol 160 ◽

pp. 165-191 ◽

Cited By ~ 29

Author(s):

Somayye Hajiheidari ◽

Karzan Wakil ◽

Maryam Badri ◽

Nima Jafari Navimipour

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

The Internet ◽

Comprehensive Investigation ◽

Detection Systems ◽

The Internet Of Things

Download Full-text

Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches

2010 International Conference of Soft Computing and Pattern Recognition ◽

10.1109/socpar.2010.5686163 ◽

2010 ◽

Cited By ~ 6

Author(s):

Hadi Sarvari ◽

Mohammad Mehdi Keikha

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

Learning Approaches ◽

Detection Systems

Download Full-text

An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

Sustainability ◽

10.3390/su131810057 ◽

2021 ◽

Vol 13 (18) ◽

pp. 10057

Author(s):

Imran ◽

Faisal Jamil ◽

Dohyeun Kim

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Accuracy ◽

Learning Mechanism ◽

Detection Systems ◽

Network Applications ◽

Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Download Full-text

ANOMALY DETECTION USING MACHINE LEARNING APPROACHES

Azerbaijan Journal of High Performance Computing ◽

10.32010/26166127.2020.3.2.196.206 ◽

2020 ◽

Vol 3 (2) ◽

pp. 196-206

Author(s):

Mausumi Das Nath ◽

◽

Tapalina Bhattasali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Vital Role ◽

Machine Learning Algorithms ◽

Intrusion Detection Systems ◽

Abnormal Behavior ◽

Support Vector ◽

Learning Approaches ◽

Detection Systems ◽

Internet Users

Due to the enormous usage of the Internet, users share resources and exchange voluminous amounts of data. This increases the high risk of data theft and other types of attacks. Network security plays a vital role in protecting the electronic exchange of data and attempts to avoid disruption concerning finances or disrupted services due to the unknown proliferations in the network. Many Intrusion Detection Systems (IDS) are commonly used to detect such unknown attacks and unauthorized access in a network. Many approaches have been put forward by the researchers which showed satisfactory results in intrusion detection systems significantly which ranged from various traditional approaches to Artificial Intelligence (AI) based approaches.AI based techniques have gained an edge over other statistical techniques in the research community due to its enormous benefits. Procedures can be designed to display behavior learned from previous experiences. Machine learning algorithms are used to analyze the abnormal instances in a particular network. Supervised learning is essential in terms of training and analyzing the abnormal behavior in a network. In this paper, we propose a model of Naïve Bayes and SVM (Support Vector Machine) to detect anomalies and an ensemble approach to solve the weaknesses and to remove the poor detection results

Download Full-text

On the Performance of Machine Learning Models for Anomaly-Based Intelligent Intrusion Detection Systems for the Internet of Things

IEEE Internet of Things Journal ◽

10.1109/jiot.2021.3103829 ◽

2021 ◽

pp. 1-1

Author(s):

Ghada Abdelmoumin ◽

Danda B. Rawat ◽

Abdul Rahman

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

The Internet ◽

Learning Models ◽

Detection Systems ◽

The Internet Of Things ◽

Machine Learning Models

Download Full-text

Threat Hunting in Windows Using Big Security Log Data

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch007 ◽

2020 ◽

pp. 168-188 ◽

Cited By ~ 1

Author(s):

Mohammad Rasool Fatemi ◽

Ali A. Ghorbani

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Methods ◽

Sources Of Information ◽

Detection Systems ◽

System Logs ◽

Analysis System ◽

Anomaly Detection System

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

Download Full-text

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Security and Communication Networks ◽

10.1155/2017/7536381 ◽

2017 ◽

Vol 2017 ◽

pp. 1-9 ◽

Cited By ~ 2

Author(s):

Ru Zhang ◽

Yanyu Huo ◽

Jianyi Liu ◽

Fangyu Weng

Keyword(s):

Intrusion Detection ◽

Transfer Matrix ◽

Fuzzy Clustering ◽

Attack Detection ◽

New Method ◽

Intrusion Detection Systems ◽

The Internet ◽

Actual Situation ◽

Detection Systems ◽

Attack Models

The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

Download Full-text