Rabbit and Tortoise Optimization Algorithm with Mutual Information Based Adaptive Strategy for Network Intrusion Detection

Security is a critical challenge for creating robust and reliable sensor networks. For example, routing attacks have the ability to disconnect a sensor network from its central base station. In this paper, we present a method for intrusion detection in wireless sensor networks. Our intrusion detection scheme uses a clustering algorithm to build a model of normal traffic behavior, and then uses this model of normal traffic to detect abnormal traffic patterns. A key advantage of our approach is that it is able to detect attacks that have not previously been seen. Moreover, our detection scheme is based on a set of traffic features that can potentially be applied to a wide range of routing attacks. In order to evaluate our intrusion detection scheme, we have extended a sensor network simulator to generate routing attacks in wireless sensor networks. We demonstrate that our intrusion detection scheme is able to achieve high detection accuracy with a low false positive rate for a variety of simulated routing attacks.

Network intrusion detection is the fundamental of the Cybersecurity which plays an important role in preventing the systems away from malicious network traffic. Recent Artificial Intelligence (AI) based intrusion detection systems provide simple and accurate intrusion detection compared with the conventional intrusion detection schemes, however, the detection performance may not be reliable because the models in the AI algorithms must output a prediction result for each incoming instance even when the models are not confident. To tackle the issue, we propose to adopt Bayesian Deep Learning, specifically, Bayesian Convolutional Neural Network, to build intrusion detection models. Moreover, an ensemble-based detection scheme is further proposed to enhance the detection performance. Two open datasets (i.e., NSL-KDD and UNSW-NB15) are used to evaluate the proposed schemes. In comparison, Convolutional Neural Network and Support Vector Machine are implemented as baseline IDS (i.e., CNN-IDS and SVM-IDS). The evaluation results demonstrate that the proposed BCNN-IDS can significantly boost the detection accuracy and reduce the false alarm rate by adopting the proposed T-ensemble detection scheme.

The dynamic and cooperative nature of ad hoc networks present substantial challenges in securing and detecting attacks in these networks. In this paper, we propose three schemes for intrusion detection in ad hoc networks and demonstrate their effectiveness by applying them to the wormhole attack. The first scheme is based on attack graphs, the second is based on the theory of the diffusion of innovations and the third is based on the aggregation lists of events. The advantages and disadvantages of each scheme are identified and a combined model for intrusion detection is presented. Furthermore, a response module is proposed to augment the intrusion detection functions

Several approaches have been proposed for intrusion detection in mobile ad hoc networks. Most of the approaches assume that there are sufficient neighbors to help monitor the transmissions and receptions of data packets by other nodes to detect abnormality. However, in a sparsely connected ad hoc network, nodes usually have very small number of neighbors. Using a traditional intrusion detection and mitigation scheme designed for well-connected ad hoc networks, the delivery ratio in a sparsely connected ad hoc network (50 nodes over 2000times2000 m 2) can only improve from 76.5% to 79.9% with selective dropping attacks. Thus, we propose a ferry-based intrusion detection and mitigation (FBIDM) scheme for sparsely connected ad hoc networks. Our simulation results indicate that our new ferry-based scheme is more effective than the traditional mitigation schemes that are used for well-connected mobile ad hoc networks. Our FBIDM scheme reduces the impact of the data dropping attacks performed by malicious nodes in a sparsely connected ad hoc network. Without any mitigation scheme, the delivery ratio is 76.5% with selective dropping attacks. With FBIDM, the system achieves a delivery ratio that ranges from 87% (with a single ferry) to 93% (with four ferries) with selective dropping attacks. Without the mitigation scheme, the delivery ratio with black hole attacks drops to 65.9%. With FBIDM, the achieved delivery ratio ranges from 82.9% (with a single ferry) to 91.9% (with four ferries) with black hole attacks

This paper presents ATLAS-an auction based task allocation scheme for power-aware intrusion detection in wireless ad-hoc networks with a hierarchical agent-based architecture. By an auction based scheme potential hosts, which can support the network monitoring task based on their battery power levels, bid for and compete against each other whenever a task is put up for sale by idle nodes or those which prognosticate anomalous behavior in a minimally mobile wireless ad-hoc network. The bids are sold to only those nodes having power levels above a certain threshold value. The seller-winning bidders combine for the monitoring task ensures that only the power aware power-optimal nodes collaborate in the agent-based intrusion detection process.

Maximum correlation based mutual information scheme for intrusion detection in the data networks

In this paper, we address the problem of intrusion detection in wireless sensor networks (WSNs) using a learning automata (LA)‐based approach. We are not aware of any LA‐based intrusion detection systems (IDSs) for WSN. Additionally, the S‐model approach that we have taken to solve the problem, wherein the feedback of the environment to the automaton can not only be completely favorable or completely unfavorable, but also be any continuous value within these extremities, makes it one of the attractive solution approaches in LA. We have rigorously evaluated the performance of our proposed solution by performing a variety of experiments and have found our solution approach to be promising. Copyright © 2008 John Wiley & Sons, Ltd.

Wireless Sensor Networks (WSNs) are currently used in many application areas including military applications, health related applications, control and tracking applications and environment and habitat monitoring applications. The harsh and unattended deployment of these networks along with their resource restrictions makes their security issue very important. Prevention-based security approaches like cryptography, authentication and key management have been used to protect WSNs from different kinds of attacks but these approaches are not enough to protect the network from insider attacks that may extract sensitive information even in the presence of the prevention-based solution. Detection-based approaches are then proposed to protect WSNs from insider attacks and act as a second line defense after the failure of the prevention-based approaches. Many intrusion detection schemes have been introduced for WSN in the literature. In this article, we present a survey of intrusion detection schemes in WSNs. First, we present the similar works and show their differences from this work. After that, we outline the fundamentals of intrusion detection in WSNs, describing the types of attacks and state the motivation for intrusion detection in WSNs. Then, we demonstrate the challenges of developing an ideal intrusion detection scheme for WSNs followed by the main requirements of a good candidate intrusion detection scheme. The state-of-the-art intrusion detection schemes are then presented based on the techniques used in each scheme and categorizing them into four main categories: rule-based, data mining and computational intelligence based, game theoretical based and statistical based. The analysis of each scheme in these categories is presented showing their advantages and drawbacks. By the end of each category, we state the general advantages and shortcomings of each category. The survey ends by recommending some important research opportunities in this field for future research."

Intrusion detection system is a significant security mechanism that monitors network traffic to assist prevents unwanted access to network resources. Effective intrusion detection is an important issue for defending networks against potential intrusions. In this paper, a new intrusion detection strategy is proposed. The recommended intrusion detection strategy is divided into three steps: (i) Preparing step, (ii) Feature selection step, and (iii) Classification step. Preparing step gathers and analyzes network traffic in readiness for training and testing. Feature selection step aims to choose the significant features for detecting intrusion attacks form preparing step. It comprises of two successive feature selection modules, which are; quick selection module and precise selection module. Precise selection module deploys genetic algorithm as a wrapper method, whereas quick selection module relies on filter. Based on the most effective features identified by feature selection step, the classification step seeks to detect intrusion attacks with the least amount of time penalty. It contains two phases: prioritized naive bayes phase and distance encouragement phase, which avoids the problems of naive bayes classifiers. The presented intrusion detection strategy beats other previous approaches using the NSL-KDD dataset, according to the experimental tests. Intrusion detection strategy provides the highest accuracy, precision, recall and F1-measure with values equal to 97.6%, 98.24%, 98.14%, and 98.11% respectively with minimum time penalty.

Network security is the core guarantee for the stable operation of Cyber-Physical-Social Systems (CPSS), and intrusion detection technology, as a key link in network security, is crucial to ensuring the security and reliability of CPSS. The application of traditional clustering algorithms in intrusion detection usually relies on a preset number of clusters. However, network intrusion data is highly random and dynamic, and the number and distribution structure of clusters are often difficult to determine in advance, resulting in limited detection accuracy and adaptability. To tackle this issue, this paper introduces a density peak clustering algorithm, RMKNN-FDPC, which integrates relative mutual K-nearest neighbor local density with a fuzzy allocation strategy for network intrusion detection, aiming to enhance the capability of identifying unknown attack patterns. Firstly, in the stage of local density calculation, the relative mutual K-nearest neighbor method is used instead of the traditional truncation distance method to more accurately characterize the local density distribution by considering the mutual neighborhood relationship between data points. Secondly, in the remaining point allocation stage, the fuzzy allocation strategy of the mutual K-nearest neighbor effectively avoids the error propagation problem caused by chain allocation in traditional density peaks clustering algorithm (DPC). Finally, a large number of experiments were conducted, including KDD-CUP-1999 experiments, synthetic dataset experiments, real dataset experiments, face dataset experiments, parameter analysis experiments, and run time analysis experiments. The experimental results show that the proposed method performs exceptionally well in the clustering task and can effectively mine network intrusion information.

Ensuring security plays a significant role in maintaining the stable operation of vehicular ad hoc network (VANET).Actually, it's impracticable to evaluate the precise value of packets' transmission success rate within a short time due to the uncertainty of environmental information collected.To reduce the influence of these errors on detection scheme, we develop the two-person zero-sum classical game into a twoperson zero-sum intrusion detection grey game for formulating the confrontation behavior between intrusion detection system (IDS) and malicious node.Finally, we introduce an implementation architecture of our intrusion detection scheme and illustrate the feasibility of our model by simulation.Simulation results reflect some properties of our model, which conclude that IDS can resist malicious attacks more effectively through modifying some parameters.

Wireless sensor and actuator networks are essential components of modern technologies and infrastructures for smart homes and cities, intelligent transportation systems, advanced manufacturing, Internet of things and, for example, fog and edge computing. Cybersecurity of such massively distributed systems is becoming a major issue, and advanced methods to improve their safety and reliability are needed. Intrusion detection systems automatically identify malicious network traffic, uncover cybernetic attacks and notify network users and operators. In this work, a novel strategy for intrusion detection in wireless sensor networks based on accurate neural models of specific attacks learned from network traffic data is proposed and evaluated.

Network intrusion detection is a subject of great concern as technology advances. Ensemble models that put together many base learners have been widely used to advance intrusion detection. Nevertheless, a random collection of base learners is challenging. The Matthews correlation coefficient (MCC) is an effective measure for detecting associations between variables in many fields; however, very few studies in network intrusion detection and ensemble studies have applied MCC in selecting base learners to the best of the authors’ knowledge. In this paper, we propose a correlation-based classifier selection using the MCC technique to advance the classification performance of the ensemble model under a StackNet strategy (named MCC-Stacknet) for network intrusion detection. Specifically, the MCC-StackNet model sought to improve the association between the prediction accuracy and diversity of base classifiers. We compare our proposed MCC-StackNet with five other ensemble models and two stand-alone state-of-the-art classifiers commonly used in network intrusion detection based on accuracy, AUC, recall, precision, F1-score and Kappa evaluation metrics. The experimental results with open-source data from Kaggle show that the MCC-StackNet model has a higher probability of correctly identifying unauthorised network traffic at 99.73% accuracy than the Xgboost (97.61%), Catboost (97.49%), LightGMB (%), GBC (97.63%), RF (97.97%), ET (95.82%), DT (96.95%) and KNN (95.56), making MCC-StackNet an efficient and better intrusion detection model.

Wireless Sensor Networks (WSNs) require an efficient intrusion detection scheme to identify malicious attackers. Traditional detection schemes are not well suited for WSNs due to their higher false detection rate. In this paper, we propose a novel intrusion detection scheme based on the energy prediction in cluster-based WSNs (EPIDS). The main contribution of EPIDS is to detect attackers by comparing the energy consumptions of sensor nodes. The sensor nodes with abnormal energy consumptions are identified as malicious attackers. Furthermore, EPIDS is designed to distinguish the types of denial of service (DoS) attack according to the energy consumption rate of the malicious nodes. The primary simulation experiments prove that EPIDS can detect and recognize malicious attacks effectively.

Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on-demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead.