Hybrid Intrusion Detection System Research Articles

Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine

Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.

A Hybrid Intrusion Detection System for IoT Applications with Constrained Resources

Network security and network forensics technologies for the Internet of Things (IoT) need special consideration due to resource-constraints. Cybercrimes conducted in IoT focus on network information and energy sources. Graph theory is adopted to analyze the IoT network and a hybrid Intrusion Detection System (IDS) is proposed. The hybrid IDS consists of Centralized and Active Malicious Node Detection (CAMD) and Distributed and Passive EEA (Energy Exhaustion Attack) Resistance (DPER). CAMD is integrated in the genetic algorithm-based data gathering scheme. CAMD detects malicious nodes manipulated by cyber criminals and provides digital evidence for forensics. DPER is implemented in a set of communication protocols to alleviate the impact of EEA attacks. Simulation experiments conducted on NS-3 platform showed the hybrid IDS proposed detected and traced malicious nodes precisely without compromising energy efficiency. Besides, the impact of EEA attacks conducted by cyber criminals was effectively alleviated.

Hybrid DDoS Detection Framework Using Matching Pursuit Algorithm

Although a considerable amount of research has been done on DDoS attacks, it still poses a severe threat to many businesses and internet service providers. DDoS attacks commonly generate a high amount of network traffic. However, the resource depletion DDoS attacks can deny the target service, although it generates much less traffic than legitimate traffic. We propose a novel DDoS detection framework using the Matching Pursuit algorithm to detect resource depletion type DDoS attacks. We use multiple characteristics of network traffic simultaneously in order to detect low-density DDoS attacks efficiently. The proposed method uses the dictionary produced from the parameters of the network traffic using the K-SVD algorithm.Dictionary generation using network traffic, provides legitimate and attack traffic models, and adds adaptability of the proposed method to network traffic. We also implement DDoS detection approaches that use Matching Pursuit and Wavelet techniques and compare them using two different data sets. Additionally, we offer a hybrid DDoS detection framework that combines these approaches with a decision-making mechanism using an artificial neural network. We evaluate the proposed methods with two different data sets. The proposed approaches perform over 99% true positive rate with a false positive rate lower than 0.7% with a low-density DDoS attack dataset. In the hybrid intrusion detection system with more than one attack, the detection performances of other methods have decreased, while the proposed approach achieves true positive rates higher than 99% with a false positive rate lower than 0.7%.

Examination of Different Intrusion Detection System in Wireless Sensor Network Environment

In this era of emerging technology, Wireless Sensor Networks (WSN) has a huge number of Critical applications such as medical, smart grid monitoring the transformer, industries, etc. But Wireless Sensor Networks are susceptible to a large number of attacks due to its wireless nature. Security plays an important role for many real-world applications in WSNs. To develop secured WSNs, the intrusions should be detected before the attackers affect the sensor network. The modern surveys for different Intrusion Detection Systems (IDSs) in WSNs are considered in this paper. Initially, a general overview of flow-based IDSs is provided. Then, the survey reviews the related work on Cross-layer IDS and the applicability of those systems to WSNs. Then a brief survey is presented for Dynamic IDS. This is followed by trust-based IDS in WSN. Then, the survey reviews the related work on hybrid IDS in WSN. Finally, the survey for different ids in WSNs is analyzed. This paper highlights the open research issues in each of this field.

Propose a new Firefly-Fast Learning Network model based Intrusion-Detection System

Currently, effective Intrusion-detection systems (IDS) still represent one of the important security tools. However, hybrid models based on the IDS achieve better results compared with intrusion detection based on a single algorithm. But even so, the hybrid models based on traditional algorithms still face different limitations. This work is focused on providing two main goals; firstly, analysis based on the main methods and limitations of the most-recent hybrid model-based on intrusion detection, secondly, to propose a novel hybrid IDS model called FA-FLN based on the Firefly algorithm and Fast Learning Network.

A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

Hybrid Intrusion Detection using Machine Learning for Wireless Sensor Networks

This Wireless sensor network (WSN) is a network of sensors, which is capable of communicating with each other and sensing some changes in parameters such as temperature, humidity etc. Such networks are beneficial in many fields, such as military industries, health monitoring, environmental tracking, monitoring of traffic. However, WSN’s are easy to be attacked because of its properties such as untrusted broadcast transmission media, physical accessibility of sensors. So, protecting networks against attacks is one of most important issues in network and information security domain. As Sensor nodes have limited resources, authentication and encryption cannot be implemented directly to it. Hence, we propose a Hybrid Intrusion Detection System, which consists of Host Based Intrusion Detection system (HBIDS) and Network Intrusion Detection System (NIDS). In NIDS anomaly in network traffic, is detected. In HBIDS, patterns of misuse are detected from information collected at particular host or sensor. The main idea is to collect each sensor node’s data and anomaly is detected in network and this detected intrusion is compared with signatures of attack in misuse detection system.

A Novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

Hybrid Intrusion Detection System for Edge-Based IIoT Relying on Machine-Learning-Aided Detection

The design of an intrusion detection system (IDS) plays a critical role in guaranteeing the security of the Industrial Internet of Things (IIoT). Recently, the rapid development of edge-based IIoT has posed new challenges in the design of a beneficial IDS considering its billions of IIoT devices and substantially decentralized data interaction. Both the detection method and the system architecture become the key components in constructing an efficient IDS for edge-based IIoT. In this article, we survey the typical state-of-theart studies about detection methods and system structure of IDS. Moreover, we propose a hybrid IDS architecture and introduce a machine learning aided detection method, which outperforms the literature in terms of a range of benchmarks.

A GLRT-Based Mechanism for Detecting Relay Misbehavior in Clustered IoT Networks

Clustering Internet of Things (IoT) networks, to alleviate the network scalability problem, provides an opportunity for an adversary to compromise a set of nodes by simply compromising the relay they are associated with. In such scenarios, an adversary who has compromised the relay can affect the network’s performance by deliberately dropping the packets transmitted by the IoT devices and/or by corrupting the packets to be forwarded by the relay. In this way, the adversary can successfully mimic a bad radio channel between the IoT devices and the relay, thereby requiring the IoT devices to retransmit more frequently. Such a strategy increases the processing load on the IoT devices and will drain their batteries at a faster rate. To detect such an attack, we present hybrid intrusion detection systems that rely on the monitoring of uplink and downlink packets transmitted between IoT devices and the relay. Specifically, we compare the observed packet drop probabilities against their long-term expected values. The detection rules proposed originate from the generalized likelihood ratio test, where the adversary parameters are estimated using maximum likelihood estimation. A semi-analytical approach to obtain the expressions for the false alarm probability is presented in order to determine the decision thresholds. Results presented show the effectiveness of the proposed detection systems, demonstrate the impact of the choice of adversary parameters on them, and validate the expressions obtained for the false alarm probability.

Realisation of a self‐powered, secured and robust disaster recovery network

In this work, the authors are focusing on various aspects to support the reliability and security of a self-powered disaster recovery network (DRN) infrastructure. Different methods and algorithms were suggested to resolve the different logistic requirements to build a Green DRN Infrastructure. First of all the architecture of a DRN node is enhanced to support its robustness and availability against the different failure events which may occur due to many reasons such as power supply shortage or Denial of Service attacks. Secondly, the DRN Infrastructure Clustering algorithm is suggested to limit the size of the ad-hoc network and to isolate the problems in each cluster which offers a more efficient, robust and secured system. Finally, several fault tolerance procedures are described which provide different solutions against nodes or DRN server failure. This study also discussed the need to ensure the successful combination of different security solutions (using an Embedded Cooperative Hybrid Intrusion Detection System) and reliability methods (using the DRN clustering algorithm) with a probably managed solar energy powered. The different factors governing the behaviour of the system, its evaluation metrics are determined and its performance measurement is tested using an experimental platform customised for this purpose.

Adaptive hybrid intrusion detection system for crowd sourced multimedia internet of things systems

The rapidly increasing volume of lightweight devices in Internet of Things (IoT) environment needs a strong Intrusion Detection System (IDS). Conventional IDS cannot be applied directly in IoT networks due to various communication architectures, standards, technologies, and environment specific services. The main problem with current IDS and handling techniques is that they can’t adapt to service changes in real-time. To overcome this open challenge, adaptive hybrid IDS based on timed automata controller approach is proposed in this paper. Proposed Hybrid IDS have additional knowledge in relation to frequent multimedia file formats and use this knowledge to carry out a comprehensive analysis of packets carrying multimedia files. Crowd sourcing online repository for signature based malicious pattern set generation is designed and self-tuning timed automaton is developed to detect the intruder in IoT networks. From the experimental results, it is evident that our proposed method, an adaptive hybrid IDS suit smart city applications and are accurate (99.06%) in detecting Denial of Service (DoS) attacks, control hijacking attacks, zero day attacks, and replay attacks in IoT environments.

A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network

With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests.

Implementing Hy-IDS, Mobiles Agents and Virtual Firewall to Enhance the Security in IaaS Cloud

The growth in customer requirements, big data analysis and pressures on response time, high costs of network platforms pushed companies to migrate to Cloud Computing providing on demand internet hosted IT services. The increase of Cloud users and their interactions with the Cloud infrastructure raise the risk of resources faults. Such a problem can lead to a bad reputation of the Cloud environment, which slows down the evolution of this paradigm. The dynamic architecture and the complex system of the Cloud should be taken into account. In fact, this paradigm Cloud requires that resources protection and healing must be effective, transparent and without external intervention. Thus, it is essential the use fundamental aspects of autonomic Computing in the Cloud to deal with the self-healing of Cloud security. The high degree of match between autonomic Computing systems and multi-agent systems permit to create an intelligent architecture Cloud that support autonomic aspects. Therefore, we propose a cooperative framework based on Hybrid intrusion detection system (Hy-IDS), mobile Agents and Firewall, which permit to detect both insider and outsider attacks with high detection accuracy in Cloud environment. In this paper, we propose a Cloud Computing framework offering the access security, ease of resources management using mobile agents and service availability in a reliable structure with lower cost.

A Hybrid Behavioural Based Cyber Intrusion Detection System

The experience of deploying intrusion detection system (IDS) for securing computer system is being matured. There are knowledge-based (misuse) and anomaly IDS. In knowledge-based IDS, prior knowledge of the attack is needed for detection and during anomaly, behaviour of normal data is studied, when new data is arrived and there is a deviation, it is considered as an attack. In this thesis, we present a hybrid intrusion detection system called behavioural-based cyber intrusion detection system, based on two data mining algorithms, decision tree and association rule mining. The decision tree algorithm is used to detect misuse intrusions but it considers new attacks as normal. Association rule mining works by using the normal output of decision tree as input for further detection. Further, we implement the proposed model using java programming language. We have used a reduced and enhanced non-redundant NSL_KDD dataset for training and testing. Evaluation results show that it provides improved detection rate and lower false alarm rates.

Implementation of Hybrid Approach for Intrusion Detection in Cloud Computing Environment

Cloud computing is a very fast growing technology that offer novel service to the Information Technology domain. With the help of cloud computing will reduce the infrastructure maintenance cost. The probability of having numerous types of vulnerabilities beginning attacks is high. In this paper we study and analysis dissimilar approach of an intrusion detection system that has been utilize to counter malicious attacks in Cloud computing environment. In this paper we implementation of hybrid approach for intrusion detection in cloud computing environment. The proposed approach based on ANN with fuzzy logic based Hybrid IDS, to which is additional proficient than the traditional IDS (Intrusion Detection System).

Modeling of Hybrid Intrusion Detection System in Internet of Things using Support Vector Machine and Decision Tree

Modeling of Hybrid Intrusion Detection System in Internet of Things using Support Vector Machine and Decision Tree

Review of Hybrid Intrusion Detection System

Review of Hybrid Intrusion Detection System

A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection

Due to the widespread use of the internet, computer systems are prone to information theft that has led to the emergence of Intrusion Detection Systems (IDSs). Various approaches such as machine learning, Bayesian-based algorithms, nature-inspired metaheuristic methods, swarm intelligent algorithms, and Markov neural networks have proposed to choose effective and efficacious features and improve the performance of intrusion detection systems. In this paper, we propose a new hybrid classification method based on Artificial Bee Colony (ABC) and Artificial Fish Swarm (AFS) algorithms. The Fuzzy C-Means Clustering (FCM) and Correlation-based Feature Selection (CFS) techniques are applied to divide the training dataset and remove the irrelevant features, respectively. In addition, If-Then rules are generated through the CART technique according to the selected features in order to distinguish the normal and anomaly records. Likewise, the proposed hybrid method is trained via the generated rules. The simulation results on NSL-KDD and UNSW-NB15 datasets demonstrate that the proposed method outperforms in terms of performance metrics and can achieve 99% detection rate and 0.01% false positive rate. In addition, analysis of computational complexity and time cost illustrate that overhead of the proposed method is comparable with counterpart approaches.

A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers

Intrusion Detection System (IDS) is an effective security tool that helps preventing unauthorized access to network resources through analyzing the network traffic. However, due to the large amount of data flowing over the network, effective real time intrusion detection is almost impossible. The goal of this paper is to design a Hybrid IDS (HIDS) that can be successfully employed in a real time manner and suitable for resolving the multi-class classification problem. HIDS relies on a Naive Base feature selection (NBFS) technique, which is used to reduce the dimensionality of sample data. Moreover, HIDS has another pioneering issue that other techniques do not have, which is the outlier rejection. Outliers are noisy input samples that can lead to high rate of misclassification if they are applied for model training. Rejecting outliers has been accomplished through applying a distance based methodology to choose the most informative training examples, which are then used to train an Optimized Support Vector Machines (OSVM). Afterward, OSVM is employed for rejecting outliers. Finally, after outlier rejection, HIDS can successfully detect attacks through applying a Prioritized K-Nearest Neighbors (PKNN) classifier. Hence, HIDS is a triple edged strategy as it has three main contributions, which are: (i) NBFS, which has been employed for dimensionality reduction, (ii) OSVM, which is applied for outlier rejection, and (iii) PKNN, which is used for detecting input attacks. HIDS has been compared against recent techniques using three well-known intrusion detection datasets: KDD Cup ’99, NSL-KDD and Kyoto 2006+ datasets. HIDS has the ability to quickly detect attacks and accordingly can be employed for real time intrusion detection. Thanks to OSVM and PKNN, HIDS performed high detection rates specifically for the attacks which are rare such as R2L and U2R. PKNN is also suitable for resolving the multi-label classification problem.