Accurate Intrusion Detection System Research Articles

Accurate Attack Detection in Intrusion Detection System for cyber threat intelligence feeds using machine learning techniques.

With the advancement of modern technology, cyber-attacks are continuously rising. Malicious behavior in the network is discovered using security devices like intrusion detection systems (IDS), firewalls, and antimalware systems. To defend organizations, procedures for detecting threats more correctly and precisely must be defined. The proposed study investigates the significance of cyber-threat intelligence (CTI) feeds in accurate IDS detection. The NSL-KDD and CSE-CICIDS-2018 datasets were analyzed in this study. This research makes use of normalization, transformation, and feature selection algorithms. Machine learning (ML) techniques were employed to determine if the traffic was normal or an attack. With the proposed study the ability to identify network attacks has improved using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

CFS-AE: Correlation-based Feature Selection and Autoencoder for Improved Intrusion Detection System Performance

The major problem computer network users face concerning data – whether in storage, in transit, or being processed - is unauthorized access. This unauthorized access typically leads to the loss of confidentiality, integrity, and availability of data. Consequently, it is essential to implement an accurate Intrusion Detection System (IDS) for every information system. Many researchers have proposed machine learning and deep learning models, such as autoencoders, to enhance existing IDS. However, the accuracy of these models remains a significant research challenge. This paper proposes a Correlation-Based Feature Selection and Autoencoder (CFS-AE) to enhance detection accuracy and reduce the false alarms associated with the current anomaly-based IDS. The first step involves feature selection for the NSL-KDD and CIC-IDS2017 datasets which are used to train and test our model. Subsequently, an autoencoder is employed as a classifier to categorize data traffic into attack and normal categories. The results from our experimental study revealed an accuracy of 94.32% and 97.71% for the NSL-KDD and CIC-IDS2017 datasets, respectively. These results demonstrate improved performance over existing IDS systems.

DivaCAN: Detecting in-vehicle intrusion attacks on a controller area network using ensemble learning

The controller area network (CAN) protocol is a critical communication mechanism in vehicular systems. However, the widespread adoption of this protocol has introduced vulnerabilities to in-vehicle communication channels, making them susceptible to various security threats, including denial-of-service, fuzzy, and impersonation attacks. There is thus an urgent need to develop effective security measures to counter these threats. Unfortunately, existing approaches to attack detection suffer from shortcomings such as suboptimal accuracy and high false-positive rates. Herein, we propose a novel methodology to address these limitations, DivaCAN. DivaCAN leverages an ensemble of classifiers, including deep neural networks, the multi-layer perceptron, the light gradient-boosting machine, extra trees, random forest, and Bagging, along with k-nearest neighbors, for intrusion-attack recognition on the CAN bus. The DivaCAN model was thoroughly evaluated, and its exceptional performance, which surpasses that of the latest methodologies, was demonstrated. It was found to achieve a precision of 94.93%, a recall of 94.98%, and an F1 score of 94.97%. One notable aspect of this research is the emphasis on achieving a low false-positive rate, which is often overlooked by other methodologies. Additionally, the DivaCAN model was found to exhibit an acceptable execution time of 406 s, highlighting the importance of considering both accuracy and efficiency when evaluating the performance of classification models. This study thus significantly enhances the security of in-vehicle communication on the CAN protocol. DivaCAN is a robust and accurate intrusion-detection system that addresses the pressing need for effective security measures in vehicular systems.

Artificial Intelligence based Intrusion Detection System – A Detailed Survey

The Internet and communications have rapidly expanded, leading to a significant rise in data generation and heterogeneity. Intrusion detection systems play a crucial role in ensuring the security and integrity of computer systems. These systems have been developed by researchers, academicians, and practitioners to effectively detect and mitigate network attacks. Intrusion detection systems are designed to analyze network traffic and compare it with a baseline of normal behavior, allowing them to identify any deviations or inconsistencies that may indicate an intrusion. Furthermore, the cooperative and distributed architecture of intrusion detection systems enables them to effectively detect attacks and protect the network from unauthorized access. Additionally, to enhance the performance of intrusion detection systems, techniques such as resampling the dataset and utilizing classifier ensemble are used to improve the classification accuracy. Moreover, intrusion detection systems have been integrated with intrusion response systems to ensure a timely and effective response to detected attacks. AI-based Intrusion Detection Systems have emerged as a crucial tool in ensuring network security and combating cyber threats. These systems utilize artificial intelligence algorithms to analyze network traffic, identify patterns of malicious activity, and detect potential cyber-attacks. They have proven to be highly effective in improving the detection accuracy, reducing false alarms, and even detecting previously unknown types of attacks. In summary, the development of accurate and efficient intrusion detection systems is crucial for ensuring network security. In today’s rapidly changing world, the significance of accurate intrusion detection systems cannot be overstated.

A comparative study of cyber security intrusion detection in healthcare systems

Due to the proliferation of network devices and the presence of sensitive information, healthcare systems have become prime targets for cyber attackers. Therefore, it is crucial to design an efficient and accurate intrusion detection system (IDS) specifically tailored for healthcare systems. In this regard, we conducted a comprehensive comparative study on network security intrusion detection in healthcare systems. In order to tackle the challenges arising from information redundancy and noise in feature selection, we developed the Maximum Information Coefficient (MIC) method to effectively analyse the nonlinear relationships among traffic features. This method was utilized in a comparative analysis involving ten models on three datasets. The experiments demonstrated that the detection models using MIC-based feature selection outperformed other feature selection approaches, especially when applied to the WUSTL-EHMS-2020 dataset, which includes patients' biometric features. The MIC-enhanced Extreme Gradient Boosting detection model achieved remarkable results, attaining an accuracy of 95.01%, precision of 94.94%, and recall of 95.01%. These findings underscore the efficacy of our comparative study in safeguarding healthcare systems against cyber attacks. Furthermore, our study highlights the importance of feature selection and the incorporation of patient biometric features in healthcare IDS. It is imperative for medical managers to consider these factors when making informed decisions regarding cyber security measures.

An Adaptive Intrusion Detection System in the Internet of Medical Things Using Fuzzy-Based Learning.

The Internet of Medical Things (IoMT) is a growing trend within the rapidly expanding Internet of Things, enhancing healthcare operations and remote patient monitoring. However, these devices are vulnerable to cyber-attacks, posing risks to healthcare operations and patient safety. To detect and counteract attacks on the IoMT, methods such as intrusion detection systems, log monitoring, and threat intelligence are utilized. However, as attackers refine their methods, there is an increasing shift toward using machine learning and deep learning for more accurate and predictive attack detection. In this paper, we propose a fuzzy-based self-tuning Long Short-Term Memory (LSTM) intrusion detection system (IDS) for the IoMT. Our approach dynamically adjusts the number of epochs and utilizes early stopping to prevent overfitting and underfitting. We conducted extensive experiments to evaluate the performance of our proposed model, comparing it with existing IDS models for the IoMT. The results show that our model achieves high accuracy, low false positive rates, and high detection rates, indicating its effectiveness in identifying intrusions. We also discuss the challenges of using static epochs and batch sizes in deep learning models and highlight the importance of dynamic adjustment. The findings of this study contribute to the development of more efficient and accurate IDS models for IoMT scenarios.

Intrusion detection system for detecting distributed denial of service attacks using machine learning algorithms

<span>Today, the creation of more effective intrusion detection system (IDS) has become crucial due to the rise in computer malware. Ensuring the availability of the system is an important component of information security and the most important requirement of any network. Recently the machine learning algorithm (ML) has been used to improve intrusion detection over the network. It is currently necessary to release an updated version of these systems. The presented work aimed to build a reliable and accurate IDS based on ML to classify and prevent distributed denial of service attacks to protect any system working on the network from temporary or complete system failure. We presented five ML models to create the proposed distributed denial-of-services attack (DDoS)-IDS, including (decision tree, random forest, logistic regression, support vector machine, and multi-layer neural network) which were trained and evaluated using the CIC-IDS-2018 dataset. Furthermore, principal component analysis (PCA) was used to reduce the dimensionality of the dataset. According to the classification results, the proposed multi-layer neural network model reached optimal performance for detecting DDoS attacks and achieved classification accuracy at 99.9992%.</span>

Stochastic gradient descent classifier-based lightweight intrusion detection systems using the efficient feature subsets of datasets

The Internet of Things (IoT) has become an essential part of our daily lives. However, with the increasing use of IoT, the number of botnet attacks targeting resource-constrained IoT devices is also on the rise. To mitigate these threats, intrusion detection systems (IDSs) have been developed. However, traditional IDSs based on heavyweight deep/machine learning, fuzzy logic, rough set theories, or data mining techniques, often lack in detection accuracy and energy efficiency. Therefore, there is a crucial need for more lightweight, accurate, and energy-efficient IDSs capable of detecting a broad spectrum of cyber attacks. This paper presents a solution to these challenges by introducing lightweight and accurate IDSs that use a stochastic gradient descent classifier (SGDC) and four feature-selection algorithms based on a ridge regressor. The hyperparameters of the SGDC algorithm and ridge regressor model were fine-tuned to enhance the accuracy of IDSs while reducing computational complexity. Moreover, the fine-tuned feature selectors were used to decrease the dataset’s dimensionality and improve the accuracy of IDSs. To evaluate the proposed IDSs, three network traffic datasets (KDD-CUP-1999, BotIoT-2018, and N-BaIoT-2021) were used. The systems achieved an average accuracy of 92.69%, and the number of features was reduced by an average of 79.93%. The results demonstrate that the proposed systems can be utilized for lightweight IDSs on resource-constrained IoT devices. Overall, this paper presents a significant contribution to the field of IDSs for IoT devices by offering an efficient and accurate solution. The proposed lightweight IDSs have the potential to enhance IoT security and privacy, safeguarding sensitive IoT data.

A Network Intrusion Detection Approach Using Extreme Gradient Boosting with Max-Depth Optimization and Feature Selection

Network intrusion detection system (NIDS) has become a vital tool to protect information anddetect attacks in computer networks. The performance of NIDSs can be evaluated by the numberof detected attacks and false alarm rates. Machine learning (ML) methods are commonly usedfor developing intrusion detection systems and combating the rapid evolution in the pattern ofattacks. Although there are several methods proposed in the state-of-the-art, the development ofthe most effective method is still of research interest and needs to be developed. In this paper,we develop an optimized approach using an extreme gradient boosting (XGB) classifier withcorrelation-based feature selection for accurate intrusion detection systems. We adopt the XGBclassifier in the proposed approach because it can bring down both variance and bias and hasseveral advantages such as parallelization, regularization, sparsity awareness hardware optimization,and tree pruning. The XGB uses the max-depth parameter as a specified criterion toprune the trees and improve the performance significantly. The proposed approach selects thebest value of the max-depth parameter through an exhaustive search optimization algorithm.We evaluate the approach on the UNSW-NB15 dataset that imitates the modern-day attacks ofnetwork traffic. The experimental results show the ability of the proposed approach to classifyingthe type of attacks and normal traffic with high accuracy results compared with the currentstate-of-the-art work on the same dataset with the same partitioning ratio of the test set.

Enhancement of an IoT hybrid intrusion detection system based on fog-to-cloud computing

Nowadays, with the proliferation of internet of things-connected devices, the scope of cyber-attacks on the internet of things has grown exponentially. So, it makes it a necessity to develop an efficient and accurate intrusion detection system that should be fast, dynamic, and scalable in an internet of things environment. On the other hand, Fog computing is a decentralized platform that extends Cloud computing to deal with the inherent issues of the Cloud computing. As well, maintaining a high level of security is critical in order to ensure secure and reliable communication between Fog nodes and internet of things devices. To address this issue, we present an intrusion detection method based on artificial neural networks and genetic algorithms to efficiently detect various types of network intrusions on local Fog nodes. Through this approach, we applied genetic algorithms to optimize the interconnecting weights of the network and the biases associated with each neuron. Therefore, it can quickly and effectively establish a back-propagation neural network model. Moreover, the distributed architecture of fog computing enables the distribution of the intrusion detection system over local Fog nodes with a centralized Cloud, which achieves faster attack detection than the Cloud intrusion detection mechanism. A set of experiments were conducted on the Raspberry Pi4 as a Fog node, based on the UNSW-NB15 and ToN_IoT data sets for binary-class classification, which showed that the optimized weights and biases achieved better performance than those who used the neural network without optimization. The optimized model showed interoperability, flexibility, and scalability. Furthermore, achieving a higher intrusion detection rate through decreasing the neural network error rate and increasing the true positive rate is also possible. According to the experiments, the suggested approach produces better outcomes in terms of detection accuracy and processing time. In this case, the proposed approach achieved an 16.35% and 37.07% reduction in execution time for both data sets, respectively, compared to other state-of-the-art methods, which enhanced the acceleration of the convergence process and saved processing power.

Design of Intrusion Detection and Prevention Model Using COOT Optimization and Hybrid LSTM-KNN Classifier for MANET

INTRODUCTION: MANET is an emerging technology that has gained traction in a variety of applications due to its ability to analyze large amounts of data in a short period of time. Thus, these systems are facing a variety of security vulnerabilities and malware assaults. Therefore, it is essential to design an effective, proactive and accurate Intrusion Detection System (IDS) to mitigate these attacks present in the network. Most previous IDS faced challenges such as low detection accuracy, decreased efficiency in sensing novel forms of attacks, and a high false alarm rate. OBJECTIVES: To mitigate these concerns, the proposed model designed an efficient intrusion detection and prevention model using COOT optimization and a hybrid LSTM-KNN classifier for MANET to improve network security. METHODS: The proposed intrusion detection and prevention approach consist of four phases such as classifying normal node from attack node, predicting different types of attacks, finding the frequency of attack, and intrusion prevention mechanism. The initial phases are done through COOT optimization to find the optimal trust value for identifying attack nodes from normal nodes. In the second stage, a hybrid LSTM-KNN model is introduced for the detection of different kinds of attacks in the network. The third stage performs to classify the occurrence of attacks. RESULTS: The final stage is intended to limit the number of attack nodes present in the system. The proposed method's effectiveness is validated by some metrics, which achieved 96 per cent accuracy, 98 per cent specificity, and 35 seconds of execution time. CONCLUSION: This experimental analysis reveals that the proposed security approach effectively mitigates the malicious attack in MANET.

A Particle Swarm Optimization and Deep Learning Approach for Intrusion Detection System in Internet of Medical Things

Integrating the internet of things (IoT) in medical applications has significantly improved healthcare operations and patient treatment activities. Real-time patient monitoring and remote diagnostics allow the physician to serve more patients and save human lives using internet of medical things (IoMT) technology. However, IoMT devices are prone to cyber attacks, and security and privacy have been a concern. The IoMT devices operate on low computing and low memory, and implementing security technology on IoMT devices is not feasible. In this article, we propose particle swarm optimization deep neural network (PSO-DNN) for implementing an effective and accurate intrusion detection system in IoMT. Our approach outperforms the state of the art with an accuracy of 96% to detect network intrusions using the combined network traffic and patient’s sensing dataset. We also present an extensive analysis of using various Machine Learning(ML) and Deep Learning (DL) techniques for network intrusion detection in IoMT and confirm that DL models perform slightly better than ML models.

Efficient, Lightweight Cyber Intrusion Detection System for IoT Ecosystems Using MI2G Algorithm

The increase in internet connectivity has led to an increased usage of the Internet of Things (IoT) and devices on the internet. These IoT devices are becoming the backbone of Industry 4.0. The dependence on IoT devices has made them vulnerable to cyber-attacks. IoT devices are often deployed in harsh conditions, challenged with less computational costs, and starved with energy. All these limitations make it tough to deploy accurate intrusion detection systems (IDSs) in IoT devices and make the critical IoT ecosystem more susceptible to cyber-attacks. A new lightweight IDS and a novel feature selection algorithm are introduced in this paper to overcome the challenges of computational cost and accuracy. The proposed algorithm is based on the Information Theory models to select the feature with high statistical dependence and entropy reduction in the dataset. This feature selection algorithm also showed an increase in performance parameters and a reduction in training time of 27–63% with different classifiers. The proposed IDS with the algorithm showed accuracy, Precision, Recall, and F1-Score of more than 99% when tested with the CICIDS2018 dataset. The proposed IDS is competitive in accuracy, Precision, Recall, and training time compared to the latest published research. The proposed IDS showed consistent performance on the UNSWNB15 dataset.

Design and Protection Strategy of Distributed Intrusion Detection System in Big Data Environment.

One of the important research topics is protecting the host from threats by developing a reliable and accurate intrusion detection system. However, since the amount of data has grown fast due to the emergence of big data, the performance of traditional systems designed to identify breaches has suffered several flaws. One of them, for example, is known as single-point failure; low adaptability and a high false alarm rate are also typical. Hadoop is used to detect intrusions to tackle these difficulties. The Java system is used to create a framework with a significant data flow that detects intrusions when a distributed system is built. The proposed solution employs a distributed operating system for data collection, storage, and analysis. The results indicate that external distributed denial of service (DDoS) attacks are recognized quickly. The single-point failure issue is overcome, alleviating the bottleneck problem of data processing ability.

An Advanced Accurate Intrusion Detection System for Smart Grid Cybersecurity Based on Evolving Machine Learning

Smart grids, the next generation of electricity systems, would be intelligent and self-aware of physical and cyber activity in the control area. As a cyber-embedded infrastructure, it must be capable of detecting cyberattacks and responding appropriately in a timely and effective manner. This article tries to introduce an advanced and unique intrusion detection model capable of classifying binary-class, trinary-class, and multiple-class CDs and electrical network incidents for smart grids. It makes use of the gray wolf algorithm (GWA) for evolving training of artificial neural networks (ANNs) as a successful machine learning model for intrusion detection. In this way, the intrusion detection model’s weight vectors are initialized and adjusted using the GWA in order to reach the smallest mean square error possible. With the suggested evolving machine learning model, the issues of cyberattacks, failure forecast, and failure diagnosing would be addressed in the smart grid energy sector properly. Using a real dataset from the Mississippi State Laboratory in the United States, the proposed model is illustrated and the experimental results are explained. The proposed model is compared to some of the most widely used classifiers in the area. The results show that the suggested intrusion detection model outperforms other well-known models in this field.

Hybrid optimization and deep learning based intrusion detection system

Today, Smart City projects and their initiatives are continuously developing with the vast deployment of the Internet of Things (IoT) devices. Smart cities efficiently manage assets, services, and resources with better IoT technologies and new smart devices. However, their deployment elevates the potential security threats making IoT smart city projects vulnerable to disparate attacks. Hence, Intrusion Detection Systems (IDS) must be developed for IoT-enabled smart cities to alleviate IoT-associated security attacks. Achieving high-level detection accuracy and lower training time are significant challenges in IDS. However, the existing traditional IDS are inefficient in handling them. This paper proposes a hybrid optimization and deep-learning-centric IDS to face these challenges in IoT-enabled smart cities. The dataset initially undergoes pre-processing to acquire an effective and accurate IDS. Then, feature selection and clustering are performed utilizing the Hybrid Chicken Swarm Genetic Algorithm (HCSGA) and MinK-means Algorithm. Lastly, the transformed data is loaded to the Deep Learning-based Hybrid Neural Network (DLHNN) classifier, classifying the normal and attack data. The proposed model is validated with the NSL-KDD dataset and the experimental outcome shows the efficiency of the proposed IDS compared with similar state-of-the-art techniques.

Synthetic flow-based cryptomining attack generation through Generative Adversarial Networks

Due to the growing rise of cyber attacks in the Internet, the demand of accurate intrusion detection systems (IDS) to prevent these vulnerabilities is increasing. To this aim, Machine Learning (ML) components have been proposed as an efficient and effective solution. However, its applicability scope is limited by two important issues: (i) the shortage of network traffic data datasets for attack analysis, and (ii) the data privacy constraints of the data to be used. To overcome these problems, Generative Adversarial Networks (GANs) have been proposed for synthetic flow-based network traffic generation. However, due to the ill-convergence of the GAN training, none of the existing solutions can generate high-quality fully synthetic data that can totally substitute real data in the training of ML components. In contrast, they mix real with synthetic data, which acts only as data augmentation components, leading to privacy breaches as real data is used. In sharp contrast, in this work we propose a novel and deterministic way to measure the quality of the synthetic data produced by a GAN both with respect to the real data and to its performance when used for ML tasks. As a by-product, we present a heuristic that uses these metrics for selecting the best performing generator during GAN training, leading to a novel stopping criterion, which can be applied even when different types of synthetic data are to be used in the same ML task. We demonstrate the adequacy of our proposal by generating synthetic cryptomining attacks and normal traffic flow-based data using an enhanced version of a Wasserstein GAN. The results evidence that the generated synthetic network traffic can completely replace real data when training a ML-based cryptomining detector, obtaining similar performance and avoiding privacy violations, since real data is not used in the training of the ML-based detector.

Application of a New Feature Generation Algorithm in Intrusion Detection System

The intrusion detection system is designed to discover the abnormal behavior of the network system, but it has the problems of low detection accuracy, inability to perform fine detection, and huge time cost. Therefore, it is necessary to design a fast and accurate intrusion detection system. Therefore, this paper proposes a multigranularity feature generation + XGBOOST method to improve the intrusion detection system. First, we propose a multigranularity feature generation algorithm, which converts all features into discrete features with different numbers of categories. Different numbers of categories represent different granularities. We believe that the combination of multiple different granular features can achieve better accurate attack detection. Then, we use the proposed method to perform experimental verification on the four datasets of KDD99, NSL-KDD, UNSW_NB15, and CSE-CIC-IDS2018. For the KDD99 dataset, detection rates of 100%, 100%, and 99.43% can be achieved in the two-category, five-category, and multicategory tasks, respectively; for the NSL-KDD dataset, detection rates of 100%, 100%, and 90.84% can be achieved in the two-category, five-category, and multicategory tasks, respectively; for the UNSW_NB15 dataset, 100% detection rate can be achieved in the second and tenth categories; for the CSE-CIC-IDS2018 dataset, 100% detection rate can be achieved in the third classification. Experiments show that the proposed algorithm can achieve accurate and precise detection. Finally, we experiment with the multigranularity feature generation algorithm on multiple classifiers and multiple datasets to prove the generalization ability of the proposed feature generation algorithm and compare the proposed algorithm with the CFS algorithm to prove the efficiency of the algorithm.

RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System

Due to the rapid growth in network traffic and increasing security threats, Intrusion Detection Systems (IDS) have become increasingly critical in the field of cyber security for providing secure communications against cyber adversaries. However, there exist many challenges for designing a robust, efficient and accurate IDS, especially when dealing with high-dimensional anomaly data with unforeseen and unpredictable attacks. In this paper, we propose a Robust Transformer-based Intrusion Detection System (RTIDS) reconstructing feature representations to make a trade-off between dimensionality reduction and feature retention in imbalanced datasets. The proposed method utilizes positional embedding technique to associate sequential information between features, then a variant stacked encoder-decoder neural network is used to learn low-dimensional feature representations from high-dimensional raw data. Furthermore, we apply self-attention mechanism to facilitate network traffic type classifications. Extensive experiments reveal the effectiveness of the proposed RTIDS on two publicly available real traffic intrusion detection datasets named CICIDS2017 and CIC-DDoS2019 with F1-Score of 99.17% and 98.48% respectively. A comparative study with classical machine learning algorithm support vector machine (SVM) and deep learning algorithms that include recurrent neural network (RNN), fuzzy neural network (FNN), and long short-term memory network (LSTM) is conducted to demonstrate the validity of the proposed method.

Artificial Intelligence for Creating Low Latency and Predictive Intrusion Detection with Security Enhancement in Power Systems

Advancement in network technology has vastly increased the usage of the Internet. Consequently, there has been a rise in traffic volume and data sharing. This has made securing a network from sophisticated intrusion attacks very important to preserve users’ information and privacy. Our research focuses on combating and detecting intrusion attacks and preserving the integrity of online systems. In our research we first create a benchmark model for detecting intrusions and then employ various combinations of feature selection techniques based upon ensemble machine learning algorithms to improve the performance of the intrusion detection system. The performance of our model was investigated using three evaluation metrics namely: elimination time, accuracy and F1-score. The results of the experiment indicated that the random forest feature selection technique had the minimum elimination time, whereas the support vector machine model had the best accuracy and F1-score. Therefore, conclusive evidence could be drawn that the combination of random forest and support vector machine is suitable for low latency and highly accurate intrusion detection systems.