Abstract
A false alarm rate of online anomaly-based intrusion detection system is a crucial concern. It is challenging to implement in the real-world scenarios when these anomalies occur sporadically. The existing intrusion detection system has been developed to limit or decrease the false alarm rate. However, the state-of-the-art approaches are attack or algorithm specific, which is not generic. In this article, a soft-computing-based approach has been designed to reduce the false-positive rate for hierarchical data of anomaly-based intrusion detection system. The recurrent neural network model is applied to classify the data set of intrusion detection system and normal instances for various subclasses. The designed approach is more practical, reason being, it does not require any assumption or knowledge of the data set structure. Experimental evaluation is conducted on various attacks on KDDCup’99 and NSL-KDD data sets. The proposed method enhances the intrusion detection systems that can work with data with dependent and independent features. Furthermore, this approach is also beneficial for real-life scenarios with a low occurrence of attacks.
Highlights
The rapid development of network systems has a big threat from the intrusions
Intrusion detection systems (IDS) can be classified into three categories: network-based intrusion detection systems (NIDSs), distributed intrusion detection systems (DIDSs), and host-based intrusion detection systems (HIDSs)
The results indicate that when 100 periods are provided for the KDDTest + data set, soft-computing-based anomaly detection (SCAD)-recurrent neural network (RNN) operates at a good detection rate (DR) (84.03%)
Summary
The rapid development of network systems has a big threat from the intrusions. Intrusion detection systems (IDS)[1,2] are widely used to mitigate the various types of attacks. IDS can be classified into three categories: network-based intrusion detection systems (NIDSs), distributed intrusion detection systems (DIDSs), and host-based intrusion detection systems (HIDSs). The NIDS’s objective is to defend against the threats related to network, HIDS’s aim is to figure out the local system anomalies, and DIDS is responsible for improving the performance based on IDS agents’ information. The detection methods for these IDSs are of three types: signature-based detection, anomaly-based detection, and hybrid detection. An anomaly-based IDS3 can figure out abnormal network/system behavior from the comparison of normal profile with the current system. A signature-based IDS4 identifies the attack by comparing the stored signatures with the current incoming event.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Distributed Sensor Networks
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
