Intrusion Detection System System Research Articles

Unfolding the network dataset to understand the contribution of features for detecting malicious activities using AI/ML

As the internet expanded significantly over the last decade, the usage of the Internet of Things (IoT) has helped make smart systems (healthcare, smart cities etc.). However, as IoT networks grow, so does the potential for cyber threats and attacks. In an IoT-based application infrastructure, devices are linked to sensors that connect to big network servers, leaving them exposed to malicious attacks and threats. The current intrusion detection systems (IDS) are not capable to process massive data coming from IoT devices and works only for known intrusion. For such type of smart systems, a smart ML/AI-based IDS system is required that helps process massive data and detect unknown intrusion too. In this paper, we investigate important features from the intrusion dataset which can help to classify malicious activity to develop an efficient smart model. As it is important to understand the dataset well before using it for training any ML/AI classifier model, our goal of this paper is to give a comprehensive view of the popular NSL KDD dataset for finding the best features for developing a robust ML/AI-based IDS for IoT security. Furthermore, this study provides an overview of the most and least used features so that the best feature selection method can be applied in anomaly-based intrusion detection systems in an IoT environment.

Wireless Intrusion Detection Based on Optimized LSTM with Stacked Auto Encoder Network

In recent years, due to the rapid progress of various technologies, wireless computer networks have developed. However, the activities of the security threats and attackers affect the data communication of these technologies. So, to protect the network against these security threats, an efficient IDS (Intrusion Detection System) is presented in this paper. Namely, optimized long short-term memory (OLSTM) network with a stacked auto-encoder (SAE) network is proposed as an IDS system. Using SAE, significant features are extracted from the databases such as input NSL-KDD database and the UNSW-NB15 database. Then extracted features are given as input to the optimized LSTM which is used as an intrusion identification system. To enhance the effectiveness of the LSTM, we present the pigeon optimization algorithm (POA). Using this algorithm, weight parameters of the LSTM are chosen optimally. Finally, the proposed IDS model decides whether the input packets are intruded or not. The results confirm that the proposed IDS model surpasses the previous machine learning-based IDS models in terms of correctness, F1-score and G mean.

Machine and Deep Learning Solutions for Intrusion Detection and Prevention in IoTs: A Survey

The increasing number of connected devices in the era of Internet of Thing (IoT) has also increased the number intrusions. Intrusion Detection System (IDS) is a secondary intelligent system to monitor, detect, and alert about malicious activities; an Intrusion Prevention System (IPS) is an extension of a detection system that triggers relevant action when an attack is suspected in a futuristic aspect. Both IDS and IPS systems are significant and useful for developing a security model. Several studies exist to review the detection and prevention models; however, the coherence in the opportunistic or advancements in the models is missing. Besides, the existing models also have some limitations, which need to be surveyed to develop new security models. Our survey is the first one to present a study of risk factor analysis using mapping technique, and provide a proposal for hybrid framework for an efficient security model for intrusion detection and/or prevention. We explore the importance of various Artificial Intelligence (AI)-based techniques, tools, and methods used for the detection and/or prevention systems in IoTs. More specifically, we emphasize on Machine Learning (ML) and Deep Learning (DL) techniques for intrusion detection-prevention systems and provide a comparative analysis focusing on the feasibility, compatibility, challenges, and real-time issues. This present survey is beneficial for industry and academia to categorize the challenges and issues in the current security models and generate the new dimensions of developments of security frameworks with efficient ML or DL methods.

Blockchain: Secured Solution for Signature Transfer in Distributed Intrusion Detection System

Exchange of data in networks necessitates provision of security and confidentiality. Most networks compromised by intruders are those where the exchange of data is at high risk. The main objective of this paper is to present a solution for secure exchange of attack signatures between the nodes of a distributed network. Malicious activities are monitored and detected by the Intrusion Detection System (IDS) that operates with nodes connected to a distributed network. The IDS operates in two phases, where the first phase consists of detection of anomaly attacks using an ensemble of classifiers such as Random forest, Convolutional neural network, and XGBoost along with genetic algorithm to improve the performance of IDS. The novel attacks detected in this phase are converted into signatures and exchanged further through the network using the blockchain framework in the second phase. This phase uses the cryptosystem as part of the blockchain to store data and secure it at a higher level. The blockchain is implemented using the Hyperledger Fabric v1.0 and v2.0, to create a prototype for secure signature transfer. It exchanges signatures in a much more secured manner using the blockchain architecture when implemented with version 2.0 of Hyperledger Fabric. The performance of the proposed blockchain system is evaluated on UNSW NB15 dataset. Blockchain performance has been evaluated in terms of execution time, average latency, throughput and transaction processing time. Experimental evidence of the proposed IDS system demonstrates improved performance with accuracy, detection rate and false alarm rate (FAR) as key parameters used. Accuracy and detection rate increase by 2% and 3% respectively whereas FAR reduces by 1.7%.

Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernel

An intrusion detection system (IDS) checks the content of headers and payload of packets to detect intrusions from the network. It is an essential function for network security. Traditionally, an IDS, such as Snort, which is a widely used open source IDS, is implemented as a program running in the user space on a hardware server. Recently, with the availability of Extended BPF (eBPF) in the Linux kernel, efficiently checking and filtering arriving packets directly in the kernel becomes feasible. In this work, we design and implement an IDS that has two parts working together. The first part runs in the Linux kernel. Its uses eBPF to perform fast patterns matching to pre-drop a very large portion of packets that have no chance to match any rule. The second part runs in the user space. It examines the packets left by the first part to find the rules that match them. Using a modified version of the registered ruleset of Snort, experimental results show that the maximum throughput of our IDS system can outperform that of Snort by a factor of 3 under many tested conditions.

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

Intrusion Alert Reduction Based on Unsupervised and Supervised Learning Algorithms

Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a range of network attacks; but one of its major drawbacks is that attackers, with the evolution of time and technology make it harder for IDS systems to cope. A sub-branch of IDS-Intrusion Alert Analysis was introduced into the research system to combat these problems and help support IDS by analyzing the alert triggered by the IDS. Intrusion Alert analysis has served as a good support for IDS systems for many years but also has its own short comings which are the amount of the voluminous number of alerts produced by IDS systems. From years of research, it has been observed that majority of the alerts produced are undesirables such as duplicates, false alerts, etc., leading to huge amounts of alerts causing alert flooding. This research proposed the reduction alert by targeting these undesirable alerts through the integration of supervised and unsupervised algorithms and approach. The research first selects significant features by comparing two feature ranking techniques this targets duplicates, low priority and irrelevant alert. To achieve further reduction, the research proposed the integration of supervised and unsupervised algorithms to filter out false alerts. Based on this, an effective model was gotten which achieved 94.02% reduction rate of alerts. Making use of the dataset ISCX 2012, experiments were conducted and the model with the highest reduction rate was chosen. The model was evaluated against other experimental results and benchmarked against a related work, it also improved on the said related work.

Feature Selection Strategy for Network Intrusion Detection System (NIDS) Using Meerkat Clan Algorithm

<p>The task of network security is to keep services available at all times by dealing with hacker attacks. One of the mechanisms obtainable is the Intrusion Detection System (IDS) which is used to sense and classify any abnormal actions. Therefore, the IDS system should always be up-to-date with the latest hacker attack signatures to keep services confidential, safe, and available. IDS speed is a very important issue in addition to learning new attacks. A modified selection strategy based on features was proposed in this paper one of the important swarm intelligent algorithms is the Meerkat Clan Algorithm (MCA). Meerkat Clan Algorithm has good diversity solutions through its neighboring generation conduct and it was used to solve several problems. The proposed strategy benefitted from mutual information to increase the performance and decrease the consumed time. Two datasets (NSL-KDD & UNSW-NB15) for Network Intrusion Detection Systems (NIDS) have been used to verify the performance of the proposed algorithm. The experimental findings indicate that, compared to other approaches, the proposed algorithm produces good results in a minimum of time.</p><p><strong> </strong></p>

Hybrid semantic deep learning architecture and optimal advanced encryption standard key management scheme for secure cloud storage and intrusion detection

Cloud computing helps users to store and retrieve their data in the cloud online on an as-per-pay basis anytime, anywhere in the world. As a consequence, the security of data stored in the cloud serves as a key concern for cloud consumers due to ongoing hacking incidents in the cloud. Both cloud service providers (CSPs) and consumers face various attacks that pose a serious threat to both the organization and the user. Therefore, a robust intrusion detection system (IDS) needs to be configured to identify and avoid potential attacks in the cloud at an earlier stage. The state-of-the-art IDS system which used shallow machine learning techniques suffered from poor accuracy with a higher false alarm rate and higher response time. To overcome this problem, a hybrid semantic deep learning (HSDL) architecture is developed in this paper by integrating the long short-term memory (LSTM), convolutional neural network (CNN), and support vector machine (SVM) architectures. The semantic information present in the network traffic is identified using a semantic layer known as the Word2Vec embedding layer. The HSDL model classifies the intrusion present in the text along with its corresponding attack class. The normal text without any trace of intrusion is encrypted using an advanced encryption standard (AES) algorithm to enhance cloud storage security, and the optimal key with the largest key breaking time for the AES algorithm is selected using the crossover-based mine blast optimization algorithm (CMBA). The proposed HSDL scheme is evaluated and tested using two real-time intrusion detection benchmark datasets, namely NSL-KDD and UNSW-NB15. The proposed model achieves an accuracy of 99.98% for the NSL-KDD and 98.47% for the UNSW-NB15 dataset, respectively. The experimental and security analysis conducted proves the efficiency and robustness of the proposed scheme.

A comparative analysis on traditional wired datasets and the need for wireless datasets for IoT wireless intrusion detection

<span>IoT networks mostly rely on wireless mediums for communication, and due to that, they are very susceptible to intrusions. And due to the tiny nature, processing complexity, and limited storage capacities, IoT networks require very reliable intrusion detection systems (IDS). Although there are many IDS types of research available in the literature, most of these systems are suitable for wired network environments, and the benchmark datasets used for these research works are mostly relying on wired datasets such as KDD Cup’99 and NSL-KDD. IoT and wireless networks are distinct in nature as wireless networks give more emphasis on the data link layer and physical layer. These concerns are not given much attention in traditional wired datasets in the body of knowledge. Therefore, in this research, an IDS system is developed using a newly available IoT wireless dataset (NaBIoT) in the literature with the datasets focusing much on the common IoT related attacks, and related layers are taken into consideration. The IDS system developed is evaluated by comparing with various machine learning algorithms in terms of evaluation metrics such as accuracy, F1 score, false positive, and false negative. Moreover, the IoT wireless dataset is compared against the traditional NSL-KDD datasets to evaluate the need for IoT wireless datasets. The NaBIoT datasets show its effectiveness in detecting wireless intrusions. Besides that, the simulation is performed with different combinations of features to conclude that certain features are primary in detecting attacks, and IDS does not require all the features to perform detection. This can reduce the detection time mainly for machine learning and creating the models. This research results have proposed some of the critically important features to be used and eliminating not such important features. </span>

Cloud-based intrusion detection using kernel fuzzy clustering and optimal type-2 fuzzy neural network

Nowadays, digital data is an important asset for every organization. With the advent of cloud computing, cloud service providers (CSPs) offer the required infrastructure to end-users for storage and provide flexibility in accessing data. Since the users access the data from the cloud through the Internet, the data stored in the cloud are exposed to various intrusions. Intrusion detection is considered to be a significant issue in the cloud. The existing techniques are capable to detect well-known attacks but fall short in detecting low frequent attacks. To address this issue, we propose a novel intrusion detection system (IDS) in the cloud using a combination of kernel fuzzy c-means clustering (KFCM) and an optimal type-2 fuzzy neural network (OT2FNN). To achieve this, we optimally select the parameters of T2FNN using the lion optimization algorithm (LOA) for weight optimization. The proposed IDS detects the intrusion and allow only normal data to be stored in the cloud. Simulation results on the NSL-KDD dataset show that the proposed IDS system gives better results than the existing IDS systems in terms of precision, recall, and F-measure.

Sequential Model Based Intrusion Detection System for IoT Servers Using Deep Learning Methods.

IoT plays an important role in daily life; commands and data transfer rapidly between the servers and objects to provide services. However, cyber threats have become a critical factor, especially for IoT servers. There should be a vigorous way to protect the network infrastructures from various attacks. IDS (Intrusion Detection System) is the invisible guardian for IoT servers. Many machine learning methods have been applied in IDS. However, there is a need to improve the IDS system for both accuracy and performance. Deep learning is a promising technique that has been used in many areas, including pattern recognition, natural language processing, etc. The deep learning reveals more potential than traditional machine learning methods. In this paper, sequential model is the key point, and new methods are proposed by the features of the model. The model can collect features from the network layer via tcpdump packets and application layer via system routines. Text-CNN and GRU methods are chosen because the can treat sequential data as a language model. The advantage compared with the traditional methods is that they can extract more features from the data and the experiments show that the deep learning methods have higher F1-score. We conclude that the sequential model-based intrusion detection system using deep learning method can contribute to the security of the IoT servers.

A Combination Techniques of Intrusion Prevention and Detection for Cloud Computing

Cloud computing provides scalable, on-demand, and highly available computing services over the Internet to both the public and organizations on a pay-per-use basis. It provides a variety of services such as networking, storage space, and applications. The key issue for cloud computing is ensuring the confidentiality and privacy of cloud resources and data. Enticing the user to purchase cloud services requires their trust which cannot be guaranteed unless the infrastructure is effectively protected because attacks at this level will threaten the whole system. To this end, we propose the Integrated Intrusion Prevention and Detection System (IIPDS) to prevent and detect different types of attacks to the infrastructure level of the cloud system. The proposed design uses Trusted Third Party (TTP) services and SSL/TLS protocols as intrusion prevention methods to secure the communication between the cloud provider and the user. It also uses multiple Intrusion Detection Systems (IDS) distributed over multiple cloud regions. The IDS system is capable of detecting known and unknown attacks using anomaly and rule-based (signature) intrusion detection techniques. The simulation results proved the efficiency of the system in detecting a wide range of attacks with low false positive alerts and low computational overhead.

Machine learning methods for cyber security intrusion detection: Datasets and comparative study

The increase in internet usage brings security problems with it. Malicious software can affect the operation of the systems and disrupt data confidentiality due to the security gaps in the systems. Intrusion Detection Systems (IDS) have been developed to detect and report attacks. In order to develop IDS systems, artificial intelligence-based approaches have been used more frequently. In this study, literature studies using CSE-CIC IDS-2018, UNSW-NB15, ISCX-2012, NSL-KDD and CIDDS-001 data sets, which are widely used to develop IDS systems, are reviewed in detail. In addition, max-min normalization was performed on these data sets and classification was made with support vector machine (SVM), K-Nearest neighbor (KNN), Decision Tree (DT) algorithms, which are among the classical machine learning approaches. As a result, more successful results have been obtained in some of the studies given in the literature. The study is thought to be useful for developing IDS systems on the basis of artificial intelligence with approaches such as machine learning.

A Novel Hybrid Intrusion Detection System (IDS) for the Detection of Internet of Things (IoT) Network Attacks

Nowadays, IoT has been widely used in different applications to improve the quality of life. However, the IoT becomes increasingly an ideal target for unauthorized attacks due to its large number of objects, openness, and distributed nature. Therefore, to maintain the security of IoT systems, there is a need for an efficient Intrusion Detection System (IDS). IDS implements detectors that continuously monitor the network traffic. There are various IDs methods proposed in the literature for IoT security. However, the existing methods had the disadvantages in terms of detection accuracy and time overhead. To enhance the IDS detection accuracy and reduces the required time, this paper proposes a hybrid IDS system where a pre-processing phase is utilized to reduce the required time and feature selection as well as the classification is done in a separate stage. The feature selection process is done by using the Enhanced Shuffled Frog Leaping (ESFL) algorithm and the selected features are classified using Light Convolutional Neural Network with Gated Recurrent Neural Network (LCNN-GRNN) algorithm. This two-stage method is compared to up-to-date methods used for intrusion detection and it over performs them in terms of accuracy and running time due to the light processing required by the proposed method.

Network intrusion detection system: A systematic study of machine learning and deep learning approaches

AbstractThe rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS.

Secure and reliable wireless advertising system using intellectual characteristic selection algorithm for smart cities

Smart cities wireless advertising (smart mobile-AD) filed is one of the well-known area of research where smart devices using mobile ad hoc networks (MANET) platform for advertisement and marketing purposes. Wireless advertising through multiple fusion internet of things (IoT) sensors is one of the important field where the sensors combines multiple sensors information and accomplish the control of self-governing intelligent machines for smart cities advertising framework. With many advantages, this field has suffered with data security. In order to tackle security threats, intrusion detection system (IDS) is adopted. However, the existing IDS system are not able to fulfill the security requirements. This paper proposes an intellectual characteristic selection algorithm (ICSA) integrated with normalized intelligent genetic algorithm-based min-max feature selection (NIGA-MFS). The proposed solution designs for wireless advertising system for business/advertising data security and other transactions using independent reconfigurable architecture. This approach supports the wireless advertising portals to manage the data delivery by using 4G standard. The proposed reconfigurable architecture is validated by using applications specific to microcontrollers with multiple fusion IoT sensors.

A Review on Network Intrusion Detection System Using Machine Learning

The quality or state of being secure is the crucial concern of our daily life usage of any network. However, with the rapid breakthrough in network technology, attacks are becoming more trailblazing than defenses. It is a daunting task to design an effective and reliable intrusion detection system (IDS), while maintaining minimal complexity. The concept of machine learning is considered an important method used in intrusion detection systems to detect irregular network traffic activities. The use of machine learning is the current trend in developing IDS in order to mitigate false positives (FP) and False Negatives (FN) in the anomalous IDS. This paper targets to present a holistic approach to intrusion detection system and the popular machine learning techniques applied on IDS systems, bearing In mind the need to help research scholars in this continuous burgeoning field of Intrusion detection (ID).

Trust based Intrusion Detection System Architecture for WSN

Today there are extraordinary attacks on all kind of networks. Security for Payload is considered one of the biggest agenda for all kind of organizations. To deal with new species if attacks like threat, which are blended in nature, no security platform can take guarantee for their intrusion protection. Among all security platforms, intrusion detection system (IDS) are being used to do the inspection of all the packets or data being transferred between two nodes, A software application , that is responsible doing the monitoring of any kind of unwanted or to monitor the activity which is malicious in nature. This research acquaints about handling unknown attacks through Intrusion Detection System. For improving security in wireless communication, Intrusion Detection System (IDS) plays significant role, which includes information about network and security scheme. Hence, this research paper focused on development of appropriate system architecture for IDS system

Mobile agents in Intrusion Detection Systems: Advantages and Disadvantages

Digitization of information in all spheres of human activity and use of technological innovations, as a basic case for the emergence of all wages and attacks that are insufficient to modern technologies and the continuous expansion of the complexity of security and hardware. The protection against these attacks and wages can be viewed in different directions in information and communication technologies. Computer security is defined as the protection of computer systems against threats to confidentiality, integrity and availability. Penetration is defined as a set of actions to compromise the integrity, confidentiality, and availability of resources. To monitor the events that occur in computer systems or networks is called intrusion detection system (IDS). This paper presents the mobile agent based technologies as a tool in IDS systems and their advantages and disadvantages.