The proliferation of Internet of Things(IoT)technology has exponentially increased the number of devices interconnected over networks,thereby escalating the potential vectors for cybersecurity threats.In response,this...The proliferation of Internet of Things(IoT)technology has exponentially increased the number of devices interconnected over networks,thereby escalating the potential vectors for cybersecurity threats.In response,this study rigorously applies and evaluates deep learning models—namely Convolutional Neural Networks(CNN),Autoencoders,and Long Short-Term Memory(LSTM)networks—to engineer an advanced Intrusion Detection System(IDS)specifically designed for IoT environments.Utilizing the comprehensive UNSW-NB15 dataset,which encompasses 49 distinct features representing varied network traffic characteristics,our methodology focused on meticulous data preprocessing including cleaning,normalization,and strategic feature selection to enhance model performance.A robust comparative analysis highlights the CNN model’s outstanding performance,achieving an accuracy of 99.89%,precision of 99.90%,recall of 99.88%,and an F1 score of 99.89%in binary classification tasks,outperforming other evaluated models significantly.These results not only confirm the superior detection capabilities of CNNs in distinguishing between benign and malicious network activities but also illustrate the model’s effectiveness in multiclass classification tasks,addressing various attack vectors prevalent in IoT setups.The empirical findings from this research demonstrate deep learning’s transformative potential in fortifying network security infrastructures against sophisticated cyber threats,providing a scalable,high-performance solution that enhances security measures across increasingly complex IoT ecosystems.This study’s outcomes are critical for security practitioners and researchers focusing on the next generation of cyber defense mechanisms,offering a data-driven foundation for future advancements in IoT security strategies.展开更多
This study describes improving network security by implementing and assessing an intrusion detection system(IDS)based on deep neural networks(DNNs).The paper investigates contemporary technical ways for enhancing intr...This study describes improving network security by implementing and assessing an intrusion detection system(IDS)based on deep neural networks(DNNs).The paper investigates contemporary technical ways for enhancing intrusion detection performance,given the vital relevance of safeguarding computer networks against harmful activity.The DNN-based IDS is trained and validated by the model using the NSL-KDD dataset,a popular benchmark for IDS research.The model performs well in both the training and validation stages,with 91.30%training accuracy and 94.38%validation accuracy.Thus,the model shows good learning and generalization capabilities with minor losses of 0.22 in training and 0.1553 in validation.Furthermore,for both macro and micro averages across class 0(normal)and class 1(anomalous)data,the study evaluates the model using a variety of assessment measures,such as accuracy scores,precision,recall,and F1 scores.The macro-average recall is 0.9422,the macro-average precision is 0.9482,and the accuracy scores are 0.942.Furthermore,macro-averaged F1 scores of 0.9245 for class 1 and 0.9434 for class 0 demonstrate the model’s ability to precisely identify anomalies precisely.The research also highlights how real-time threat monitoring and enhanced resistance against new online attacks may be achieved byDNN-based intrusion detection systems,which can significantly improve network security.The study underscores the critical function ofDNN-based IDS in contemporary cybersecurity procedures by setting the foundation for further developments in this field.Upcoming research aims to enhance intrusion detection systems by examining cooperative learning techniques and integrating up-to-date threat knowledge.展开更多
Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection ag...Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.展开更多
Protecting networks against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their spe...Protecting networks against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete architecture of Intrusion Detection System (IDS). The main contribution of this architecture is its modularity and flexibility;i.e. it is designed and applicable, in four steps on intrusion detection process, consistent to the application domain and its required security level. Focus of this paper is on the heterogeneous WSNs and network-based IDS, by designing and deploying the Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the base station (sink). Finally, this paper has been designed a questionnaire to verify its idea, by using the acquired results from analyzing the questionnaires.展开更多
The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The eviden...The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The evidence of intrusions is to be associated from all the held up nodes. From the last few years, mobile agent based technique in intrusion detection system (IDS) has been widely used to detect intrusion over distributed network. This paper presented survey of several existing mobile agent based intrusion detection system and comparative analysis report between them. Furthermore we have focused on each attribute of analysis, for example technique (NIDS, HIDS or Hybrid), behavior layer, detection techniques for analysis, uses of mobile agent and technology used by existing IDS, strength and issues. Their strengths and issues are situational wherever appropriate. We have observed that some of the existing techniques are used in IDS which causes low detection rate, behavior layers like TCP connection for packet capturing which is most important activity in NIDS and response time (technology execution time) with memory consumption by mobile agent as major issues.展开更多
Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent di...Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.展开更多
The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Gener...The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.展开更多
Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),a...Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.展开更多
Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is establish...Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.展开更多
The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- s...The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.展开更多
A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or ma...A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.展开更多
Due to the widespread use of the Internet,customer information is vulnerable to computer systems attack,which brings urgent need for the intrusion detection technology.Recently,network intrusion detection has been one...Due to the widespread use of the Internet,customer information is vulnerable to computer systems attack,which brings urgent need for the intrusion detection technology.Recently,network intrusion detection has been one of the most important technologies in network security detection.The accuracy of network intrusion detection has reached higher accuracy so far.However,these methods have very low efficiency in network intrusion detection,even the most popular SOM neural network method.In this paper,an efficient and fast network intrusion detection method was proposed.Firstly,the fundamental of the two different methods are introduced respectively.Then,the selforganizing feature map neural network based on K-means clustering(KSOM)algorithms was presented to improve the efficiency of network intrusion detection.Finally,the NSLKDD is used as network intrusion data set to demonstrate that the KSOM method can significantly reduce the number of clustering iteration than SOM method without substantially affecting the clustering results and the accuracy is much higher than Kmeans method.The Experimental results show that our method can relatively improve the accuracy of network intrusion and significantly reduce the number of clustering iteration.展开更多
Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,hi...Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.展开更多
Networks provide a significant function in everyday life,and cybersecurity therefore developed a critical field of study.The Intrusion detection system(IDS)becoming an essential information protection strategy that tr...Networks provide a significant function in everyday life,and cybersecurity therefore developed a critical field of study.The Intrusion detection system(IDS)becoming an essential information protection strategy that tracks the situation of the software and hardware operating on the network.Notwithstanding advancements of growth,current intrusion detection systems also experience difficulties in enhancing detection precision,growing false alarm levels and identifying suspicious activities.In order to address above mentioned issues,several researchers concentrated on designing intrusion detection systems that rely on machine learning approaches.Machine learning models will accurately identify the underlying variations among regular information and irregular information with incredible efficiency.Artificial intelligence,particularly machine learning methods can be used to develop an intelligent intrusion detection framework.There in this article in order to achieve this objective,we propose an intrusion detection system focused on a Deep extreme learning machine(DELM)which first establishes the assessment of safety features that lead to their prominence and then constructs an adaptive intrusion detection system focusing on the important features.In the moment,we researched the viability of our suggested DELMbased intrusion detection system by conducting dataset assessments and evaluating the performance factors to validate the system reliability.The experimental results illustrate that the suggested framework outclasses traditional algorithms.In fact,the suggested framework is not only of interest to scientific research but also of functional importance.展开更多
Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or...Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA (defense advanced research project agency) intrusion detection evaluation show that this approach can detect attacks effectively.展开更多
Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intr...Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intrusion Detection System(NIDS)is required to detect attacks in network traffic.This paper proposes a new hybrid method for intrusion detection and attack categorization.The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization.In the first step,the dataset is preprocessed through the data transformation technique and min-max method.Secondly,the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model’s performance.Next,we use various Support Vector Machine(SVM)types to detect intrusion and the Adaptive Neuro-Fuzzy System(ANFIS)to categorize probe,U2R,R2U,and DDOS attacks.The validation of the proposed method is calculated through Fine Gaussian SVM(FGSVM),which is 99.3%for the binary class.Mean Square Error(MSE)is reported as 0.084964 for training data,0.0855203 for testing,and 0.084964 to validate multiclass categorization.展开更多
In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory...In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory.The next phase is clustering by using Fuzzy C-Means.Rough set theory is an efficient tool for further reducing redundancy.Fuzzy C-Means allows the objects to belong to several clusters simultaneously,with different degrees of membership.To evaluate the performance of the introduced approaches,we apply them to the international Knowledge Discovery and Data mining intrusion detection dataset.In the experimentations,we compare the performance of two rough set theory based hybrid methods for network intrusion detection.Experimental results illustrate that our algorithms are accurate models for handling complex attack patterns in large network.And these two methods can increase the efficiency and reduce the dataset by looking for overlapping categories.展开更多
In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detectio...In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detection system effectively.In this work,we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances.Our technique mitigates the statistical imbalance in these instances.We also carried out an experiment on the training model by increasing the instances,thereby increasing the attack instances step by step up to 13 levels.The experiments included not only known attacks,but also unknown new intrusions.The results are compared with the existing studies from the literature,and show an improvement in accuracy,sensitivity,and specificity over previous studies.The detection rates for the remote-to-user(R2L)and user-to-root(U2L)categories are improved significantly by adding fewer instances.The detection of many intrusions is increased from a very low to a very high detection rate.The detection of newer attacks that had not been used in training improved from 9%to 12%.This study has practical applications in network administration to protect from known and unknown attacks.If network administrators are running out of instances for some attacks,they can increase the number of instances with rarely appearing instances,thereby improving the detection of both known and unknown new attacks.展开更多
Intelligent Intrusion Detection System(IIDS)for networks provide a resourceful solution to network security than conventional intrusion defence mechanisms like a firewall.The efficiency of IIDS highly relies on the al...Intelligent Intrusion Detection System(IIDS)for networks provide a resourceful solution to network security than conventional intrusion defence mechanisms like a firewall.The efficiency of IIDS highly relies on the algorithm performance.The enhancements towards these methods are utilized to enhance the classification accuracy and diminish the testing and training time of these algorithms.Here,a novel and intelligent learning approach are known as the stabbing of intrusion with learning framework(SILF),is proposed to learn the attack features and reduce the dimensionality.It also reduces the testing and training time effectively and enhances Linear Support Vector Machine(l-SVM).It constructs an auto-encoder method,an efficient learning approach for feature construction unsupervised manner.Here,the inclusive certified signature(ICS)is added to the encoder and decoder to preserve the sensitive data without being harmed by the attackers.By training the samples in the preliminary stage,the selected features are provided into the classifier(lSVM)to enhance the prediction ability for intrusion and classification accuracy.Thus,the model efficiency is learned linearly.The multi-classification is examined and compared with various classifier approaches like conventional SVM,Random Forest(RF),Recurrent Neural Network(RNN),STL-IDS and game theory.The outcomes show that the proposed l-SVM has triggered the prediction rate by effectual testing and training and proves that the model is more efficient than the traditional approaches in terms of performance metrics like accuracy,precision,recall,F-measure,pvalue,MCC and so on.The proposed SILF enhances network intrusion detection and offers a novel research methodology for intrusion detection.Here,the simulation is done with a MATLAB environment where the proposed model shows a better trade-off compared to prevailing approaches.展开更多
The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, b...The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.展开更多
文摘The proliferation of Internet of Things(IoT)technology has exponentially increased the number of devices interconnected over networks,thereby escalating the potential vectors for cybersecurity threats.In response,this study rigorously applies and evaluates deep learning models—namely Convolutional Neural Networks(CNN),Autoencoders,and Long Short-Term Memory(LSTM)networks—to engineer an advanced Intrusion Detection System(IDS)specifically designed for IoT environments.Utilizing the comprehensive UNSW-NB15 dataset,which encompasses 49 distinct features representing varied network traffic characteristics,our methodology focused on meticulous data preprocessing including cleaning,normalization,and strategic feature selection to enhance model performance.A robust comparative analysis highlights the CNN model’s outstanding performance,achieving an accuracy of 99.89%,precision of 99.90%,recall of 99.88%,and an F1 score of 99.89%in binary classification tasks,outperforming other evaluated models significantly.These results not only confirm the superior detection capabilities of CNNs in distinguishing between benign and malicious network activities but also illustrate the model’s effectiveness in multiclass classification tasks,addressing various attack vectors prevalent in IoT setups.The empirical findings from this research demonstrate deep learning’s transformative potential in fortifying network security infrastructures against sophisticated cyber threats,providing a scalable,high-performance solution that enhances security measures across increasingly complex IoT ecosystems.This study’s outcomes are critical for security practitioners and researchers focusing on the next generation of cyber defense mechanisms,offering a data-driven foundation for future advancements in IoT security strategies.
基金Princess Nourah bint Abdulrahman University for funding this project through the Researchers Supporting Project(PNURSP2024R319)funded by the Prince Sultan University,Riyadh,Saudi Arabia.
文摘This study describes improving network security by implementing and assessing an intrusion detection system(IDS)based on deep neural networks(DNNs).The paper investigates contemporary technical ways for enhancing intrusion detection performance,given the vital relevance of safeguarding computer networks against harmful activity.The DNN-based IDS is trained and validated by the model using the NSL-KDD dataset,a popular benchmark for IDS research.The model performs well in both the training and validation stages,with 91.30%training accuracy and 94.38%validation accuracy.Thus,the model shows good learning and generalization capabilities with minor losses of 0.22 in training and 0.1553 in validation.Furthermore,for both macro and micro averages across class 0(normal)and class 1(anomalous)data,the study evaluates the model using a variety of assessment measures,such as accuracy scores,precision,recall,and F1 scores.The macro-average recall is 0.9422,the macro-average precision is 0.9482,and the accuracy scores are 0.942.Furthermore,macro-averaged F1 scores of 0.9245 for class 1 and 0.9434 for class 0 demonstrate the model’s ability to precisely identify anomalies precisely.The research also highlights how real-time threat monitoring and enhanced resistance against new online attacks may be achieved byDNN-based intrusion detection systems,which can significantly improve network security.The study underscores the critical function ofDNN-based IDS in contemporary cybersecurity procedures by setting the foundation for further developments in this field.Upcoming research aims to enhance intrusion detection systems by examining cooperative learning techniques and integrating up-to-date threat knowledge.
文摘Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.
文摘Protecting networks against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete architecture of Intrusion Detection System (IDS). The main contribution of this architecture is its modularity and flexibility;i.e. it is designed and applicable, in four steps on intrusion detection process, consistent to the application domain and its required security level. Focus of this paper is on the heterogeneous WSNs and network-based IDS, by designing and deploying the Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the base station (sink). Finally, this paper has been designed a questionnaire to verify its idea, by using the acquired results from analyzing the questionnaires.
文摘The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The evidence of intrusions is to be associated from all the held up nodes. From the last few years, mobile agent based technique in intrusion detection system (IDS) has been widely used to detect intrusion over distributed network. This paper presented survey of several existing mobile agent based intrusion detection system and comparative analysis report between them. Furthermore we have focused on each attribute of analysis, for example technique (NIDS, HIDS or Hybrid), behavior layer, detection techniques for analysis, uses of mobile agent and technology used by existing IDS, strength and issues. Their strengths and issues are situational wherever appropriate. We have observed that some of the existing techniques are used in IDS which causes low detection rate, behavior layers like TCP connection for packet capturing which is most important activity in NIDS and response time (technology execution time) with memory consumption by mobile agent as major issues.
基金Supported by the Key Program of Natural Science Foundation of China(050335020)
文摘Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.
文摘The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.
文摘Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.
基金Supported by the National Natural Science Foundation of China (60373110, 60573130, 60502011)
文摘Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.
基金This project was supported by the National Natural Science Foundation of China (60672068)the National High Technology Development 863 Program of China (2006AA01Z436, 2007AA01Z452.)
文摘The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.
文摘A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.
文摘Due to the widespread use of the Internet,customer information is vulnerable to computer systems attack,which brings urgent need for the intrusion detection technology.Recently,network intrusion detection has been one of the most important technologies in network security detection.The accuracy of network intrusion detection has reached higher accuracy so far.However,these methods have very low efficiency in network intrusion detection,even the most popular SOM neural network method.In this paper,an efficient and fast network intrusion detection method was proposed.Firstly,the fundamental of the two different methods are introduced respectively.Then,the selforganizing feature map neural network based on K-means clustering(KSOM)algorithms was presented to improve the efficiency of network intrusion detection.Finally,the NSLKDD is used as network intrusion data set to demonstrate that the KSOM method can significantly reduce the number of clustering iteration than SOM method without substantially affecting the clustering results and the accuracy is much higher than Kmeans method.The Experimental results show that our method can relatively improve the accuracy of network intrusion and significantly reduce the number of clustering iteration.
基金The authors would like to thank Princess Nourah bint Abdulrahman University for funding this project through the Researchers Supporting Project(PNURSP2023R319)this research was funded by the Prince Sultan University,Riyadh,Saudi Arabia.
文摘Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.
基金Data and Artificial Intelligence Scientific Chair at Umm AlQura University.
文摘Networks provide a significant function in everyday life,and cybersecurity therefore developed a critical field of study.The Intrusion detection system(IDS)becoming an essential information protection strategy that tracks the situation of the software and hardware operating on the network.Notwithstanding advancements of growth,current intrusion detection systems also experience difficulties in enhancing detection precision,growing false alarm levels and identifying suspicious activities.In order to address above mentioned issues,several researchers concentrated on designing intrusion detection systems that rely on machine learning approaches.Machine learning models will accurately identify the underlying variations among regular information and irregular information with incredible efficiency.Artificial intelligence,particularly machine learning methods can be used to develop an intelligent intrusion detection framework.There in this article in order to achieve this objective,we propose an intrusion detection system focused on a Deep extreme learning machine(DELM)which first establishes the assessment of safety features that lead to their prominence and then constructs an adaptive intrusion detection system focusing on the important features.In the moment,we researched the viability of our suggested DELMbased intrusion detection system by conducting dataset assessments and evaluating the performance factors to validate the system reliability.The experimental results illustrate that the suggested framework outclasses traditional algorithms.In fact,the suggested framework is not only of interest to scientific research but also of functional importance.
基金Project supported by National Natural Science Foundation of China (Grant No .60373088) ,and National Defense Research Foun-dation of China (Grant No .4131605)
文摘Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA (defense advanced research project agency) intrusion detection evaluation show that this approach can detect attacks effectively.
基金The authors would like to thank the Deanship of Scientific Research at Prince Sattam bin Abdul-Aziz University,Saudi Arabia.
文摘Due to the widespread use of the internet and smart devices,various attacks like intrusion,zero-day,Malware,and security breaches are a constant threat to any organization’s network infrastructure.Thus,a Network Intrusion Detection System(NIDS)is required to detect attacks in network traffic.This paper proposes a new hybrid method for intrusion detection and attack categorization.The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization.In the first step,the dataset is preprocessed through the data transformation technique and min-max method.Secondly,the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model’s performance.Next,we use various Support Vector Machine(SVM)types to detect intrusion and the Adaptive Neuro-Fuzzy System(ANFIS)to categorize probe,U2R,R2U,and DDOS attacks.The validation of the proposed method is calculated through Fine Gaussian SVM(FGSVM),which is 99.3%for the binary class.Mean Square Error(MSE)is reported as 0.084964 for training data,0.0855203 for testing,and 0.084964 to validate multiclass categorization.
基金Sponsored by the National Social Science Fund(Grant No.13CFX049)the Shanghai University Young Teacher Training Program(Grant No.hdzf10008)the Research Fund for East China University of Political Science and Law(Grant No.11H2K034)
文摘In this paper,we propose two intrusion detection methods which combine rough set theory and Fuzzy C-Means for network intrusion detection.The first step consists of feature selection which is based on rough set theory.The next phase is clustering by using Fuzzy C-Means.Rough set theory is an efficient tool for further reducing redundancy.Fuzzy C-Means allows the objects to belong to several clusters simultaneously,with different degrees of membership.To evaluate the performance of the introduced approaches,we apply them to the international Knowledge Discovery and Data mining intrusion detection dataset.In the experimentations,we compare the performance of two rough set theory based hybrid methods for network intrusion detection.Experimental results illustrate that our algorithms are accurate models for handling complex attack patterns in large network.And these two methods can increase the efficiency and reduce the dataset by looking for overlapping categories.
基金the Institute for Information and Communications Technology Planning and Evaluation(IITP)funded by the Korea Government(MSIT)under Grant 20190007960022002(2020000000110).
文摘In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detection system effectively.In this work,we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances.Our technique mitigates the statistical imbalance in these instances.We also carried out an experiment on the training model by increasing the instances,thereby increasing the attack instances step by step up to 13 levels.The experiments included not only known attacks,but also unknown new intrusions.The results are compared with the existing studies from the literature,and show an improvement in accuracy,sensitivity,and specificity over previous studies.The detection rates for the remote-to-user(R2L)and user-to-root(U2L)categories are improved significantly by adding fewer instances.The detection of many intrusions is increased from a very low to a very high detection rate.The detection of newer attacks that had not been used in training improved from 9%to 12%.This study has practical applications in network administration to protect from known and unknown attacks.If network administrators are running out of instances for some attacks,they can increase the number of instances with rarely appearing instances,thereby improving the detection of both known and unknown new attacks.
文摘Intelligent Intrusion Detection System(IIDS)for networks provide a resourceful solution to network security than conventional intrusion defence mechanisms like a firewall.The efficiency of IIDS highly relies on the algorithm performance.The enhancements towards these methods are utilized to enhance the classification accuracy and diminish the testing and training time of these algorithms.Here,a novel and intelligent learning approach are known as the stabbing of intrusion with learning framework(SILF),is proposed to learn the attack features and reduce the dimensionality.It also reduces the testing and training time effectively and enhances Linear Support Vector Machine(l-SVM).It constructs an auto-encoder method,an efficient learning approach for feature construction unsupervised manner.Here,the inclusive certified signature(ICS)is added to the encoder and decoder to preserve the sensitive data without being harmed by the attackers.By training the samples in the preliminary stage,the selected features are provided into the classifier(lSVM)to enhance the prediction ability for intrusion and classification accuracy.Thus,the model efficiency is learned linearly.The multi-classification is examined and compared with various classifier approaches like conventional SVM,Random Forest(RF),Recurrent Neural Network(RNN),STL-IDS and game theory.The outcomes show that the proposed l-SVM has triggered the prediction rate by effectual testing and training and proves that the model is more efficient than the traditional approaches in terms of performance metrics like accuracy,precision,recall,F-measure,pvalue,MCC and so on.The proposed SILF enhances network intrusion detection and offers a novel research methodology for intrusion detection.Here,the simulation is done with a MATLAB environment where the proposed model shows a better trade-off compared to prevailing approaches.
文摘The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.
