A New Model of Intrusion Detection Based on Data Warehouse and Data Mining

2011 ◽  
Vol 383-390 ◽  
pp. 303-307 ◽  
Author(s):  
Bei Qi ◽  
Yun Feng Dong
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Data Warehouse ◽  
Network Traffic ◽  
Traffic Monitoring ◽  
Experimental Result ◽  
Double Layers ◽  
New Model ◽  
Network Intrusion ◽  
Security Of Network

Now, security of network is threaten from double layers inside and outside network, the inherent defect of firewall technology makes the intrusion detection and network traffic analysis as the main means of defense, aiding firewall. Now network intrusion detection have problem of higher false alarm rate, we apply the data warehouse and the data mining in intrusion detection and the technology of network traffic monitoring and analysis, propose a new model of intrusion detection based on the data warehouse and the data mining. The experimental result indicates this model can find effectively many kinds behavior of network intrusion and have higher intelligence and environment accommodation.

CLUSTERING-BASED NETWORK INTRUSION DETECTION

2007 ◽  
Vol 14 (02) ◽  
pp. 169-187 ◽  
Author(s):  
SHI ZHONG ◽  
TAGHI M. KHOSHGOFTAAR ◽  
NAEEM SELIYA
Keyword(s):  
Data Mining ◽  
Network Security ◽  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Network Traffic ◽  
Clustering Algorithms ◽  
Network Intrusion Detection ◽  
Learning Methods ◽  
High Detection Rate ◽  
Network Intrusion

Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

scholarly journals Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽  
2021 ◽  
Vol 13 (8) ◽  
pp. 1453
Author(s):  
Renjian Lyu ◽  
Mingshu He ◽  
Yu Zhang ◽  
Lei Jin ◽  
Xinlei Wang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Monitoring ◽  
Classification Model ◽  
Network Intrusion Detection ◽  
Traffic Classification ◽  
Neural Architecture ◽  
Network Intrusion ◽  
Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

scholarly journals MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

2021 ◽  
Author(s):  
Ming Li ◽  
Dezhi Han ◽  
Dun Li ◽  
Han Liu ◽  
Chin- Chen Chang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Feature Fusion ◽  
Imbalanced Data ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Data Sets ◽  
Imbalanced Data Sets ◽  
Network Intrusion

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

scholarly journals Development of software application for network traffic analysis and intrusion detection

2021 ◽  
pp. 57-64
Author(s):  
Alexander Ivanov ◽  
◽  
Alexander Kutischev ◽  
Elena Nikitina ◽  
◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Network Intrusion Detection ◽  
Network Attacks ◽  
Software Application ◽  
Detection Systems ◽  
Network Traffic Analysis ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

This paper demonstrated the use of neural networks in the development of network intrusion detection systems, described the structure of the developed software application for network traffic analysis and network attacks detection, and presented the software application results.

Sign in / Sign up

Export Citation Format

Share Document