Hybrid Intrusion Detection System Research Articles

An adaptive multistage intrusion detection and prevention system in software defined networking environment

The advancements made in Software-Defined Networking (SDN) technology seem quite promising, with potential wide application in managing and controlling the latest network infrastructures. SDN technology decouples the control plane from the data plane, enabling effective and flexible network management. However, this dynamic phenomenon brings new security challenges. With the increasing dynamism and programmable nature of networks, conventional security protocols may not sufficient to protect against advanced and sophisticated attacks. Although Intrusion Detection Systems (IDSs) have been extensively applied for identifying and preventing security threats in traditional network environments, IDS models designed specifically for traditional network requirements may not be adequate for SDN environments. These issues may stem from the static nature of conventional networks, contrasting with the dynamicity of advanced SDN networks, and the traditional IDS’s inability to adapt to the dynamic nature of SDN. To address these challenges, the current research proposes a novel Deep Hybrid IDS model to enhance network security in SDN environments and prevent attacks using Scapy. The proposed model detects signature-based attacks by integrating Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) for real-time simulated datasets, achieving an accuracy of 97.8%, which is comparatively better than existing models.

Artificial Intelligence Based Multi-Layer Approach for Finding Unknown Attacks in Cloud Network by Using Hybrid Intrusion Detection

Objectives : The objective of this study is to explore Intrusion Detection Systems and their various types by gathering research from previously published articles in refereed journals. The focus is on developing a proposed model capable of identifying unknown attacks in cloud networks using Signature and Anomaly-based Intrusion Detection Systems. Subsequently, the efficiency of the proposed model will be assessed, and a comparison with existing models will be conducted. The paper's main objective is to identify unknown attacks in a cloud network using a combination of signature and anomaly-based intrusion detection systems in an artificial intelligence-based multi-layered approach. Methods: Leveraging insights from existing literature, the proposed model combines signature-based IDS for known threat detection and anomaly-based IDS for detecting unusual behavioral patterns indicative of new or unseen attacks. Experimental evaluations using NSL-KDD and ADFA datasets demonstrate competitive accuracy and detection rates, with the proposed artificial intelligence-based Hybrid IDS achieving high performance in detecting both normal and malicious activities. Findings: This model produces above 90%, 96%, and 98% efficiency in the wired, Wireless, and Cloud networks respectively, and this model finds known attacks effectively while using parameters like event logs, file transferring time, TCP and UDP addresses, CPU Usage, Weak and synthetic data, IP and MAC address. Existing literature said that the existing model using the Hybrid Intrusion detection model can identify unknown attacks with a maximum of 80%, 92%, and 96% accuracy respectively. The findings suggest that the artificial intelligence-based multi-layered approach offers a promising solution for enhancing cloud network security, with the potential for further optimization and integration of advanced technologies in future research endeavors. Novelty: This study presents an artificial intelligence-based multi-layered approach for detecting unknown attacks in cloud networks by integrating signature-based and anomaly-based intrusion detection systems (IDS). The authors developed the model to detect the intrusion by using the Behaviour Profiling algorithm and dynamically prevent the data from intrusion by using the Statistical approach model. The authors trying to find unknown attacks, therefore the authors defined the objective of this paper as to find the unknown attacks in cloud networks by using the combination of signature and anomaly-based intrusion detection systems. The objective is to develop a model capable of effectively identifying cyber threats in cloud environments. The existing models do not concentrate on identifying unknown attacks by using Signature-based Intrusion Detection. Very few of the literature said that known attacks can be identified easily by using Signature-based Intrusion Detection but the unknown attacks identifying process is hard. Some of the Literature said that using the Hybrid Intrusion detection model can identify unknown attacks with a maximum of 80%, 92%, and 96% accuracy respectively. The current paper identifies unknown attacks in the cloud network using a combination of signature and anomaly-based intrusion detection systems in an artificial intelligence-based multi-layered approach and it produced above 97% accuracy. The unique feature of the model is artificial intelligence-based multi-layered approach and dynamic key have been utilized to avoid malicious activities in the network. Keywords: Anomaly based IDS, Cloud Network Security, Hybrid IDS, Multi-Layer Approach, Signature based IDS

A novel reinforcement learning-based hybrid intrusion detection system on fog-to-cloud computing

A novel reinforcement learning-based hybrid intrusion detection system on fog-to-cloud computing

A Deep Learning Approach for Intrusion Detection Systems –A Review

Throughout the past decade, the researchers have developed many a number of intrusion detection systems. Some of these were developed to work on host based and some were network-based intrusion detection systems. The presented systems are combination of HIDS/NIDS and signature/anomaly based, or hybrid systems. The intrusion detection system is an intelligence system known as computational intelligence. The main goal of computational intelligence is to provide solutions to complex real-world problems. An effective IDS must use more than standard mathematical techniques and conventional analysis methods combined with soft computing techniques to synergistically create a more robust IDS. In this paper, we review three important areas of research that have significant implication for proposed framework. First, we review existing shallow learning intrusion detection systems both in machine and deep learning. In the second section, we review existing hybrid intrusion detection systems. Finally, we provide some findings and analysis of the literature studies.

A hybrid intrusion detection system with K-means and CNN+LSTM

Intrusion detection system (IDS) plays an important role as it provides an efficient mechanism to prevent or mitigate cyberattacks. With the recent advancement of artificial intelligence (AI), there have been many deep learning methods for intrusion anomaly detection to improve network security. In this research, we present a novel hybrid framework called KCLSTM, combining the K-means clustering algorithm with convolutional neural network (CNN) and long short-term memory (LSTM) architecture for the binary classification of intrusion detection systems. Extensive experiments are conducted to evaluate the performance of the proposed model on the well-known NSL-KDD dataset in terms of accuracy, precision, recall, F1-score, detection rate (DR), and false alarm rate (FAR). The results are compared with traditional machine learning approaches and deep learning methods. The proposed model demonstrates superior performance in terms of accuracy, DR, and F1-score, showcasing its effectiveness in identifying network intrusions accurately while minimizing false positives.

A Deep Intelligent Hybrid Intrusion Detection Framework with LIME

Network security has grown to be a major issue as a result of the development of Internet of Things (IoT) devices. Attacks known as Distributed Denial of Service (DDoS) can overwhelm and impair networks. In order to identify DDoS and other network intrusion threats in real-time, accurately, and with justification, this study suggests a unique deep learning-driven fog computing architecture named as Deep Intelligent Hybrid Intrusion Detection Framework with LIME (DIHIF-LIME). The main advancement is the creation of a hybrid intrusion detection system that integrates randomness measurements taken from network traffic with a K-Nearest Neighbor (KNN) machine learning classifier. The justification for predictions is explained using Local Interpretable Model-Agnostic Explanations (LIME), which promotes explainability. Using datasets including network assaults, Long-Short-Term Memory (LSTM) neural networks are created and compared. Utilizing 5-fold cross-validation, LSTM outperformed benchmarks with the maximum accuracy of 99.97%. In conclusion, the proposed fog computing intrusion detection framework with LIME explainability offers a rapid, precise, scalable, and interpretable end-to-end solution from IoT devices to the cloud. A thorough test shows that the method is effective in protecting IoT networks from DDoS and other assaults. The two main advances th­­at are presented are hybrid detection and LIME explainability.

Machine learning-enabled hybrid intrusion detection system with host data transformation and an advanced two-stage classifier

Network Intrusion Detection Systems (NIDS) have been extensively investigated by monitoring real network traffic and analyzing suspicious activities. However, there are limitations in detecting specific types of attacks with NIDS, such as Advanced Persistent Threats (APT). Additionally, NIDS is restricted in observing complete traffic information due to encrypted traffic or a lack of authority. To address these limitations, a Host-based Intrusion Detection system (HIDS) evaluates resources in the host, including logs, files, and folders, to identify APT attacks that routinely inject malicious files into victimized nodes. In this study, a hybrid network intrusion detection system that combines NIDS and HIDS is proposed to improve intrusion detection performance. The host data undergoes a Language Processing (NLP)-based Bidirectional Encoder Representations from Transformers (BERT) model from textual representation to a numerical one in order to process host data in a similar way to the network flow data through machine learning models. The feature flattening technique is applied to flatten two-dimensional host-based features that is provided by BERT into one-dimensional vectors so that host-based and network flow-based features can be processed by advanced Machine Learning (ML) models. In order to enhance HIDS effectiveness, a two-stage collaborative classifier is utilized, which applies two tiers of machine learning algorithms, binary and multi-class classifiers, to detect network intrusions. Once a binary classifier is used to detect benign samples to reduce the complexity of the original problem, the attack data are classified by a multi-class supervised learner to identify attack types. Hence, the overall performance of the two-stage collaborative model outperforms the baseline classifier, XGBoost. The proposed method is shown to generalize across two well-known datasets, CICIDS 2018 and NDSec-1. The performance of XGBoost, which represents conventional ML, is evaluated. Combining host and network features enhances attack detection performance (macro average F1 score) by 8.1% under the CICIDS 2018 dataset and 3.7% under the NDSec-1 dataset. Meanwhile, the two-stage collaborative classifier improves detection performance for most single classes, especially for DoS-LOIC-UDP and DoS-SlowHTTPTest, with improvements of 30.7% and 84.3%, respectively, when compared with the traditional ML models.

Secure Your Network: Building a Hybrid Intrusion Detection System in Java

Abstract: To protect the system from different types of intrusions, an intrusion detection system ID is required. It is essential to analyse the communication in order to classify the material as malicious or helpful. The usage of intrusion detection systems for cyber security shouldn't add to the processing time required for classification. These days, classification algorithms are utilized in conjunction with machine learning approaches to identify harmful data or intrusions. KDD cup 99 is the data set that was used in the experiment. Hybrid classification models can be used to adjust the performance of individual classification methods. This model blends rule-based algorithms with categorization techniques. An additional degree of security is provided by the combination of machine and human intelligence in classification. Precision, recall, F-Measure, and Mean Age Precision are used to validate an algorithm. The algorithm has a 92.35 percent accuracy rate. Even after merging our human-written criteria with traditional machine learning classification techniques, the model's accuracy is still considered satisfactory. However, there is still room for improvement and a more specific classification of the attack

Combating Evolving Threats: A Signature-Anomaly Based Hybrid Intrusion Detection System for Smart Homes with False Positive Mitigation

Abstract: As people are looking for a more comfortable life, IoT applications are coming to play. Smart home system is one of the most popular IoT applications in the last decade. A smart home network is crucial to function smart home system properly. Cyber attacks on a smart home network can damage a lot. Network intrusion detection and prevention system (NIDPS) is a good solution to protect against Cyber threat in smart home network. This research will implement hybrid NIDPS in smart home network by combining signature based and anomaly-detection based NIDPS. This hybrid NIDPS will prevent known known attack from public internet, local internet and zero-day attack. Also, this system will be able to reduce false positive result and improve signature based NIDPS rules accurately by manual inspection.

Hybrid Cyber-Physical Intrusion Detection System for Smart Manufacturing

Smart manufacturing is an important part of our critical infrastructure and is the current age of industry where physical components such as robotic arms, 3-D Printers, CNC machine, etc. are all interconnected and remotely controlled or automated to provide a major boost in efficiency. While being more effective, the cyber-physical integration expands the attack surface of these systems for any potential threats to act on and exploit. This integration also creates gaps in the current intrusion detection systems (IDS) and the research of such systems as they focus on either the cyber or physical components of these system, which leaves blind spots when an attack can only be detected by using either cyber or physical features. This paper fill that research gap by creating a cyber-physical testbed, launching denial of service and physical hijacking attacks, collecting benign and malicious data, and creating a hybrid IDS using K-Nearest Neighbors and Decision Tree models that consider both cyber and physical features. Our proposed hybrid IDS achieves an accuracy of 97.2% which was roughly the same as separate cyber and physical IDSs, but there was a significant boost in precision (98.4%), recall (94.2%), and F1 score (96.1%) when using the hybrid IDS compared to the separate IDSs.

Enhanced Hybrid Intrusion Detection System with Attention Mechanism using Deep Learning

Enhanced Hybrid Intrusion Detection System with Attention Mechanism using Deep Learning

A novel intrusion detection system based on a hybrid quantum support vector machine and improved Grey Wolf optimizer

The Internet of Things (IoT) has grown significantly in recent years, allowing devices with sensors to share data via the internet. Despite the growing popularity of IoT devices, they remain vulnerable to cyber-attacks. To address this issue, researchers have proposed the Hybrid Intrusion Detection System (HIDS) as a way to enhance the security of IoT. This paper presents a novel intrusion detection model, namely QSVM-IGWO, for improving the detection capabilities and reducing false positive alarms of HIDS. This model aims to improve the performance of the Quantum Support Vector Machine (QSVM) by incorporating parameters from the Improved Grey Wolf Optimizer (IGWO) algorithm. IGWO is introduced under the hypothesis that the social hierarchy observed in grey wolves enhances the searching procedure and overcomes the limitations of GWO. In addition, the QSVM model is employed for binary classification by selecting the kernel function to obtain an optimal solution. Experimental results show promising performance of QSVM-IGWO in terms of accuracy, Recall, Precision, F1 score, and ROC curve, when compared with recent detection models.

Multi-task learning for IoT traffic classification: A comparative analysis of deep autoencoders

As a system allowing intra-network devices to automatically communicate over the Internet, the Internet of Things (IoT) faces increasing popularity in modern applications and security threats — particularly network intrusions that target both networks and devices. A major threat is network attacks that attempt to obtain unauthorised access and damage the networks or systems. To effectively safeguard against these attacks, it is essential to use efficient hybrid intrusion detection systems with advanced techniques. Deep learning-based algorithms, such as Autoencoders (AEs), have been recognised as efficient methods for intrusion detection. However, it is crucial to further analyse the impact of different structures on detection performance. This paper proposes a method combining AE for data reconstruction and anomaly detection and multi-task learning (MTL)-structured models for IoT traffic classification. Additionally, we suggest a hybrid resampling technique with the Synthetic Minority Over-Sampling Technique and Generative Adversarial Network (SMOTE-GAN) for enhanced training and conduct a comparative analysis of different neural networks with AEs. The experimental results on two publicly available datasets demonstrate the effectiveness and practicality of the proposed AE-MTL approach compared with single-task learning. Additionally, while the performance varies on different datasets, Long Short-Term Memory (LSTM), Gated Recurrent Units (GRU), and Convolutional Neural Network (CNN) have improved the detection of minor classes.

Self-healing hybrid intrusion detection system: an ensemble machine learning approach

The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal and attack categories. Next, an anomaly-based intrusion detection was built based on the LSTM (Long-Short Term Memory) algorithm to detect anomalies. These anomalies are then fed into the signature generator to extract attributes. These attributes get uploaded into the C5 training set, aiding the ensemble model in continual learning with expanding signatures of unknown attacks. By generating signatures of unknown attacks, the self-healing attribute of the ensemble model contributes to the early detection of attacks. For the C5 classifier, the proposed model is evaluated on the UNSW-NB15 dataset, while for the LSTM model, it is evaluated on the ADFA-LD dataset. Compared to conventional models, the experimental results show better detection rates for both known and unknown attacks. The C5 classifier achieved a True Positive Rate of 97% while maintaining a false positive rate of 8%. Also, the LSTM model achieved a detection rate of 90% while retaining a 17% False Alarm Rate. As the proposed model learns, its performance in real network traffic also improves and it also eliminates human intervention when updating training data.

PCA-ANN: Feature selection based hybrid intrusion detection system in software defined network

Software Defined Networking (SDN) proposes a centralized network paradigm where a central controller manages the network. While this centralizes scheme opens up previously unachievable opportunities, it also makes the network more susceptible to a varying range of cyber threats. The development of effective Intrusion Detection Systems (IDS) designed for the SDN topology is a critical need to address the different vulnerabilities SDN faces. Towards that purpose, the inSDN dataset was specifically curated for intrusion detection in SDN with various attack scenarios unique to the SDN topology. This study leveraged the inSDN dataset to introduce an innovative Intrusion Detection System (IDS) model that amalgamates Principal Component Analysis (PCA), a dimensionality reduction technique widely employed in traditional Machine Learning (ML) to extract the principal features of the dataset and couples it with Artificial Neural Networks (ANN) to classify network traffic based on the extracted features. The proposed model attains an exceptional accuracy rate of 99.95% for multi-class classification and demonstrate that it surpasses the current state-of-the-art techniques while operating within a much simpler framework. This significantly diminishes the necessity for complex models that demand extensive computational resources when dealing with the inSDN attack dataset. The analysis of the dataset carried out in this study also provides insights into the redundancy present in the dataset and identifies the core features that contains most of the information in the dataset.

Machine Learning-based Intrusion Detection Technique for IoT: Simulation with Cooja

The Internet of Things (IoT) is one of the promising technologies of the future. It offers many attractive features that we depend on nowadays with less effort and faster in real-time. However, it is still vulnerable to various threats and attacks due to the obstacles of its heterogeneous ecosystem, adaptive protocols, and self-configurations. In this paper, three different 6LoWPAN attacks are implemented in the IoT via Contiki OS to generate the proposed dataset that reflects the 6LoWPAN features in IoT. For analyzed attacks, six scenarios have been implemented. Three of these are free of malicious nodes, and the others scenarios include malicious nodes. The typical scenarios are a benchmark for the malicious scenarios for comparison, extraction, and exploration of the features that are affected by attackers. These features are used as criteria input to train and test our proposed hybrid Intrusion Detection and Prevention System (IDPS) to detect and prevent 6LoWPAN attacks in the IoT ecosystem. The proposed hybrid IDPS has been trained and tested with improved accuracy on both KoU-6LoWPAN-IoT and Edge IIoT datasets. In the proposed hybrid IDPS for the detention phase, the Artificial Neural Network (ANN) classifier achieved the highest accuracy among the models in both the 2-class and N-class. Before the accuracy improved in our proposed dataset with the 4-class and 2-class mode, the ANN classifier achieved 95.65% and 99.95%, respectively, while after the accuracy optimization reached 99.84% and 99.97%, respectively. For the Edge IIoT dataset, before the accuracy improved with the 15-class and 2-class modes, the ANN classifier achieved 95.14% and 99.86%, respectively, while after the accuracy optimized up to 97.64% and 99.94%, respectively. Also, the decision tree-based models achieved lightweight models due to their lower computational complexity, so these have an appropriate edge computing deployment. Whereas other ML models reach heavyweight models and are required more computational complexity, these models have an appropriate deployment in cloud or fog computing in IoT networks.

Smart Electrical Substation Cybersecurity Model Based on WPA3 and Cooperative Hybrid Intrusion Detection System (CHIDS)

Smart Electrical Substation Cybersecurity Model Based on WPA3 and Cooperative Hybrid Intrusion Detection System (CHIDS)

Network Intrusion Detection and Prevention System Using Hybrid Machine Learning with Supervised Ensemble Stacking Model

Network intrusion detection systems play a critical role in protecting a variety of services ranging from economic through social to commerce. However, the growing level and sophistication of malicious attacks launched on networks in the current technological landscape have necessitated the need for advanced and robust detection mechanisms to mitigate against security breaches of confidentiality, integrity, and denial‐of‐service. In this paper, we present a hybrid intrusion detection system that combines supervised and unsupervised learning models through an ensemble stacking model to increase the detection accuracy rates of attacks in networks while minimising false alarms. Three machine learning algorithms comprising a multilayer perceptron neural network, a modified self‐organizing map, and a decision tree were used for the detection framework. The intrusion detection system was trained and evaluated on benchmark datasets: NSL‐KDD and CIC‐DDoS2019. The intrusion detection system was implemented as a Java solution and the detection performance was evaluated. A 10‐fold cross‐validation performance was also performed to validate how well the detection system predicts unknown attacks for prevention. The results of the tests revealed a detection accuracy of 99.84% of the instances in the NLS‐KDD dataset with a true positive rate of 99.8% and a false positive rate of 0.10% while a detection accuracy of 99.90% was achieved with the CIC‐DDoS2019 dataset. Furthermore, the detection system was effective in distinguishing attack traffic from normal traffic in the NSL‐KDD dataset and was able to adequately detect DOS, Probe, and R2L attacks with F1 scores of 100%, 99.6%, and 95.1%, respectively, which are significantly impressive. However, the detection of less frequency attack types such as U2R attacks was quite low with an F1 score of 62.5%. The detection performance of the proposed hybrid intrusion detection system suggests that it can be deployed in network security applications to detect packets that exhibit suspicious behaviour or indicate potential threats and respond appropriately to attacks. Implementing the detection framework as a Java solution makes it possible to deploy it across various operating system platforms without any impact on the detection performance.

A Hybrid Intrusion Detection Approach for Cyber Attacks

The field of cybersecurity constantly evolves as attackers develop new methods and technologies. Defending against cyberattacks involves a combination of robust security measures, regular updates, user education, and the use of advanced technologies, such as intrusion detection systems and artificial intelligence, to find out the threats in real-time. IDS are designed to identify and address any unauthorized actions or potential security threats within a computer network or system. A hybrid intrusion detection system (IDS) combines many detection techniques and strategies from different IDS types into a single, coherent solution. Combining the benefits of each approach should result in more comprehensive and effective intrusion detection. This paper outlines a proposed anomaly intrusion detection system (AIDS) framework that leverages a hybrid of deep learning strategies. It incorporates Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) models, which were developed using XGBoost, and their efficacy was assessed with the NSL-KDD dataset. The evaluation of the suggested model focused on its accuracy, detection capabilities, and the rate of false positives. The outcomes of this research are noteworthy within the cybersecurity field. In this paper, a framework of an Anomaly IDS is proposed. The purpose of an anomaly IDS, or AIDS, is to spot odd behavior on a network or system that might point to a security breach or malevolent attempt to hack it. Anomaly-based IDSs concentrate on finding departures from accepted typical behavior, in contrast to signature-based detection systems, which depend on a predefined database of known attack patterns.

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs