Approach For Intrusion Detection System Research Articles

Machine learning approach for intrusion detection system using dimensionality reduction

As cyberspace has emerged, security in all the domains like networks, cloud, and databases has become a greater concern in real-time distributed systems. Existing systems for detecting intrusions (IDS) are having challenges coping with constantly changing threats. The proposed model, DR-DBMS (dimensionality reduction in database management systems), creates a unique strategy that combines supervised machine learning algorithms, dimensionality reduction approaches and advanced rule-based classifiers to improve intrusion detection accuracy in terms of different types of attacks. According to simulation results, the DR-DBMS system detected the intrusion attack in 0.07 seconds and with a smaller number of features using the dimensionality reduction and feature selection techniques efficiently.

A Comprehensive Study on CIC-IDS2017 Dataset for Intrusion Detection Systems

In the present era of digital technology, electronic assaults result in the compromise of confidential information and substantial financial ramifications for individuals, organizations, and nations. Hence, the role of cybersecurity resources is essential in safeguarding data from any Cybersecurity event. Researchers are prioritizing the use of anomaly-based intrusion detection systems for the identification of cybersecurity threats. Machine learning algorithms are crucial in this endeavor since they possess the ability to identify such attacks reliably. It’s a dataset that enhances the efficiency of the machine learning algorithms. The datasets currently employed in intrusion detection systems exhibit a notable deficiency in accurately representing actual network threats and attacks. They also contain a significant number of concealed threats, thereby restricting the precision of detection within existing machine-learning intrusion detection system approaches. Consequently, these systems are unable to effectively cope with the growing number of novel attacks in the real word scenarios, in cloud environments. The objective of this study is to integrate the categorization and analysis of current datasets to enhance the generation of future datasets that accurately replicate actual network data. This will enhance the efficacy of the next generation of intrusion detection systems and correctly mirror network threats.

Effective data transmission through energy-efficient clustering and Fuzzy-Based IDS routing approach in WSNs

Wireless sensor networks (WSN) gather information and sense information samples in a certain region and communicate these readings to a base station (BS). Energy efficiency is considered a major design issue in the WSNs, and can be addressed using clustering and routing techniques. Information is sent from the source to the BS via routing procedures. However, these routing protocols must ensure that packets are delivered securely, guar- anteeing that neither adversaries nor unauthentic individuals have access to the sent information. Secure data transfer is intended to protect the data from illegal access, damage, or disruption. Thus, in the proposed model, secure data transmission is developed in an energy-effective manner. A low-energy adaptive clustering hierarchy (LEACH) is developed to efficiently transfer the data. For the intrusion detection systems (IDS), Fuzzy logic and artificial neural networks (ANNs) are proposed. Initially, the nodes were randomly placed in the network and initialized to gather information. To ensure fair energy dissipation between the nodes, LEACH randomly chooses cluster heads (CHs) and allocates this role to the various nodes based on a round-robin management mechanism. The intrusion-detection procedure was then utilized to determine whether intruders were present in the network. Within the WSN, a Fuzzy interference rule was utilized to distinguish the malicious nodes from legal nodes. Subsequently, an ANN was employed to distinguish the harmful nodes from suspicious nodes. The effectiveness of the proposed approach was validated using metrics that attained 97% accuracy, 97% specificity, and 97% sensitivity of 95%. Thus, it was proved that the LEACH and Fuzzy-based IDS approaches are the best choices for securing data transmission in an energy-efficient manner.

Design and implementation of a deep neural network approach for intrusion detection systems

Due to the increased reliance of many a human system on cyber infrastructures, there is the continuous need for intelligent protection schemes to be developed as the spate of cyber-attacks is on the rise. Such intelligent systems that could easily detect both existing and zero-day attacks are highly sought in the complex and fast evolving cyberspace. In this regard, machine learning as well as deep learning models have been very effective. However, there is the need for better performing models than the existing ones. This work is aimed at the design and implementation of a Deep Neural Network model for detecting intrusions in computer networks. Techniques such as SMOTE and Random Sampling were applied to handle data imbalance in the CICIDS 2017 dataset. The entire experiment was carried out on a single Jupyter notebook in the Google Colaboratory environment where relevant software libraries such as seaborn, pandas, matplotlib, keras, and Tensor Flow were imported and thereafter implemented as required. Performance metrics of accuracy and loss at both training and validation of the model were considered. Results show that the deep learning model was excellent at predicting attacks with the CICIDS 2017 dataset, achieving accuracy score of 99.68 % and loss of 0.0102.

Securing cloud-enabled smart cities by detecting intrusion using spark-based stacking ensemble of machine learning algorithms

<abstract> <p>With the use of cloud computing, which provides the infrastructure necessary for the efficient delivery of smart city services to every citizen over the internet, intelligent systems may be readily integrated into smart cities and communicate with one another. Any smart system at home, in a car, or in the workplace can be remotely controlled and directed by the individual at any time. Continuous cloud service availability is becoming a critical subscriber requirement within smart cities. However, these cost-cutting measures and service improvements will make smart city cloud networks more vulnerable and at risk. The primary function of Intrusion Detection Systems (IDS) has gotten increasingly challenging due to the enormous proliferation of data created in cloud networks of smart cities. To alleviate these concerns, we provide a framework for automatic, reliable, and uninterrupted cloud availability of services for the network data security of intelligent connected devices. This framework enables IDS to defend against security threats and to provide services that meet the users' Quality of Service (QoS) expectations. This study's intrusion detection solution for cloud network data from smart cities employed Spark and Waikato Environment for Knowledge Analysis (WEKA). WEKA and Spark are linked and made scalable and distributed. The Hadoop Distributed File System (HDFS) storage advantages are combined with WEKA's Knowledge flow for processing cloud network data for smart cities. Utilizing HDFS components, WEKA's machine learning algorithms receive cloud network data from smart cities. This research utilizes the wrapper-based Feature Selection (FS) approach for IDS, employing both the Pigeon Inspired Optimizer (PIO) and the Particle Swarm Optimization (PSO). For classifying the cloud network traffic of smart cities, the tree-based Stacking Ensemble Method (SEM) of J48, Random Forest (RF), and eXtreme Gradient Boosting (XGBoost) are applied. Performance evaluations of our system were conducted using the UNSW-NB15 and NSL-KDD datasets. Our technique is superior to previous works in terms of sensitivity, specificity, precision, false positive rate (FPR), accuracy, F1 Score, and Matthews correlation coefficient (MCC).</p> </abstract>

An Incremental Majority Voting Approach for Intrusion Detection System Based on Machine Learning

An Incremental Majority Voting Approach for Intrusion Detection System Based on Machine Learning

MuDeLA: multi-level deep learning approach for intrusion detection systems

In recent years, deep learning techniques have achieved significant results in several fields, like computer vision, speech recognition, bioinformatics, medical image analysis, and natural language processing. On the other hand, deep learning for intrusion detection has been widely used, particularly the implementation of convolutional neural networks (CNN), multilayer perceptron (MLP), and autoencoders (AE) to classify normal and abnormal. In this article, we propose a multi-level deep learning approach (MuDeLA) for intrusion detection systems (IDS). The MuDeLA is based on CNN and MLP to enhance the performance of detecting attacks in the IDS. The MuDeLA is evaluated by using various well-known benchmark datasets like KDDCup'99, NSL-KDD, and UNSW-NB15 in order to expand the comparison with different related work results. The outcomes show that the proposed MuDeLA achieves high efficiency for multiclass classification compared with the other methods, where the accuracy reaches 95.55 for KDDCup'99, 88.12 for NSL-KDD, and 90.52 for UNSW-NB15.

In-vehicle network intrusion detection systems: a systematic survey of deep learning-based approaches

Developments in connected and autonomous vehicle technologies provide drivers with many convenience and safety benefits. Unfortunately, as connectivity and complexity within vehicles increase, more entry points or interfaces that may directly or indirectly access in-vehicle networks (IVNs) have been introduced, causing a massive rise in security risks. An intrusion detection system (IDS) is a practical method for controlling malicious attacks while guaranteeing real-time communication. Regarding the ever-evolving security attacks on IVNs, researchers have paid more attention to employing deep learning-based techniques to deal with privacy concerns and security threats in the IDS domain. Therefore, this article comprehensively reviews all existing deep IDS approaches on in-vehicle networks and conducts fine-grained classification based on applied deep network architecture. It investigates how deep-learning techniques are utilized to implement different IDS models for better performance and describe their possible contributions and limitations. Further compares and discusses the studied schemes concerning different facets, including input data strategy, benchmark datasets, classification technique, and evaluation criteria. Furthermore, the usage preferences of deep learning in IDS, the influence of the dataset, and the selection of feature segments are discussed to illuminate the main potential properties for designing. Finally, possible research directions for follow-up studies are provided.

Personalized federated learning-based intrusion detection system: Poisoning attack and defense

To deal with the increasing number of cyber-attacks, intrusion detection system (IDS) plays an important role in monitoring and ensuring the security of the computer network. With the power of machine learning and deep learning, intelligent IDS systems have gained increasing attention due to their efficiency and high classification accuracy. However, the premise of machine learning/deep learning is that the data must be in one central entity (e.g., server) to train the model. This causes additional concerns, such as data transmission costs and privacy leakage. Federated learning complements this shortcoming with a privacy-preserving decentralized learning technique. In federated learning, the data are not shared with the server, local model training is performed where the data reside and only the model parameters are exchanged with the server. This work investigates the federated learning-based IDS approach in the context of IoT data to study the main challenges imposed by federated learning. Two main issues, such as data heterogeneity and poisoning attacks launched by malicious clients, are the main focus of this study. As real-world IoT datasets are heterogeneous, we propose a personalized federated learning-based IDS approach to handle imbalanced data distributions. Moreover, a curious yet malicious client can poison the local data or model to corrupt the global intrusion detection model due to the distributed nature of federated learning, where the central server has no control over the client’s local training process. This study demonstrates that the existence of a malicious client can degrade the performance of the federated learning-based IDS model. Accordingly, we propose a robust approach called pFL-IDS to combat poisoning attacks against the federated learning-enabled IDS on heterogeneous IoT data. Our approach introduces mini-batch logit adjustment loss to local model training to obtain a personalized model tailored to each local data distribution. Moreover, we design a detection mechanism at the server to identify malicious agents by considering the cosine similarity of local models from the non-poisoned client’s centroid. The non-poisoned centroid is determined from the similarity between the pre-computed global model and the local models. If the poisoning attack is successful, poisoned clients will be closer to the pre-computed global model; any models further from the pre-computed model are taken as the non-poisoned clients. With this two-phase client similarity alignment, we identify poisoned clients and restrict their aggregation on the global intrusion detection model. In comparison with the baseline methods, we demonstrate that our pFL-IDS can detect poisoning attacks without compromising performance.

Detecting and classifying man-in-the-middle attacks in the private area network of smart grids

The sustainable development of smart grids requires the massive deployment of renewable energy, in a highly distributed manner, introducing new challenges for the system operation. Therefore, the integration of information and communication technologies in sites with Distributed Energy Resources (DERs) is needed to monitor and control the DERs operation. In this scheme, a local controller is installed at each DER site to interact with the centralized applications at the grid level and the power equipment at the site level. This local controller uses client–server protocols (e.g., Modbus TCP/IP and IEC 61850 Manufacturing Message Specification) to communicate with different power equipment in the Private Area Network (PAN) of the site. Such protocols often lack information confidentiality and integrity mechanisms. As a result, the smart grids become vulnerable to cyber-attacks. To safeguard smart grid applications, this paper proposes a Hybrid Network Intrusion Detection System approach (HNIDS), where machine learning-based anomaly and signature-based are combined. The proposed methodology detects and classifies Man-In-The-Middle (MITM) attacks in eavesdropping mode in PANs, without violating customer privacy. The ability to detect unknown MITM attack techniques, identify affected packets, and determine the victim device(s) are the major advantages of this approach. An experimental testbed has been used to collect real-life data and validate the effectiveness of the proposed approach in smart grid applications. The proposed HNIDS is evaluated using a simulation as well as real-life laboratory experiments, demonstrating very high accuracy in detection rate, from 97.6% to 100%, with an average of the weighted F1-score over 98%.

Hybrid extreme learning machine-based approach for IDS in smart Ad Hoc networks

In recent years, intrusion detection systems (IDSs) have increasingly come to be regarded as a significant method due to their potential to develop into a key component that is necessary for the safety of computer networks. This work focuses on the usage of extreme learning machines, which are also known as ELMs, with the purpose of spotting prospective intrusions and assaults. The proposed method combines the self-adaptive differential evolution method for optimising network input weights and hidden node biases and multi-node probabilistic approach with the extreme learning machine for deriving network output weights. This body of work presents an innovative method of learning that can be put into practice in order to determine whether or not an incursion has taken place in the system that is the focus of the investigation that is being carried out by this body of work. A hybrid extreme learning machine is used in the execution of this strategy. When there is one thousand times more traffic on a network, the ability of regular IDS systems to detect malicious network intrusions is lowered by a factor of one hundred. This is because there are less opportunities to detect the intrusions. This is due to the fact that there are less probabilities to identify potential dangers. This paper lays the groundwork for a novel methodology for identifying malicious network breaches. The findings of the simulation demonstrated that putting into practice the approach that was proposed resulted in an improvement in the accuracy of the scenario's classification while it was being investigated. The implementation of the method seems to have produced the desired results.

Leveraging Explainable Artificial Intelligence in Real-Time Cyberattack Identification: Intrusion Detection System Approach

Cyberattacks are part of the continuous race, where research in computer science both contributes to discovering new threats and vulnerabilities and also mitigates them. When new vulnerabilities are not reported but sold to attackers, they are called “zero-days,” and are particularly difficult to identify. Modern intrusion detection systems (IDS) that leverage artificial intelligence (AI) and machine learning (ML) are becoming essential in identifying these cyber threats. This study presents the design of an IDS using ML and Explainable AI (XAI) techniques for real-time classification of various detected cyberattacks. By utilizing frameworks such as Apache Kafka and Spark, along with libraries such as Scikit-learn and SHAP, the system identifies and classifies normal or anomalous network traffic in real-time. The XAI offers the IDS the option to explain the rationale behind each classification. The primary aim of this research is to develop a flexible and scalable IDS that can provide clear explanations for its decisions. The second aim is to compare and analyze different ML models to achieve the best results in terms of accuracy, f1, recall, and precision. Random Forest models proposed in this research article obtained the best results in figuring out the key features identified by the XAI model, which includes Ct_state_ttl, Sttl, Dmean, and Dbytes from the UNSW-NB15 dataset. Finally, this research work introduces different machine learning algorithms with superior performance metrics compared to other real-time classification methods.

Distributed deep learning approach for intrusion detection system in industrial control systems based on big data technique and transfer learning

ABSTRACT Industry 4.0 refers to a new generation of connected and intelligent factories that is driven by the emergence of new technologies such as artificial intelligence, Cloud computing, Big Data and industrial control systems (ICS) in order to automate all phases of industrial operations. The presence of connected systems in industrial environments poses a considerable security challenge, moreover with the huge amount of data generated daily, there are complex attacks that occur in seconds and target production lines and their integrity. But, until now, factories do not have all the necessary tools to protect themselves, they mainly use traditional protection. In order to improve industrial control systems in terms of efficiency and response time, the present paper propose a new distributed intrusion detection approach using artificial intelligence methods, Big Data techniques and deployed in a cloud environment. A variety of Machine Learning and Deep Learning algorithms, basically convolutional neural networks (CNN), have been tested to compare performance and choose the most suitable model for the classification. We test the performance of our model by using the industrial dataset SWat.

Dependable intrusion detection system using deep convolutional neural network: A Novel framework and performance evaluation approach

Intrusion detection systems (IDS) play a critical role in safeguarding computer networks against unauthorized access and malicious activities. However, traditional IDS approaches face challenges in accurately detecting complex and evolving cyber threats. The proposed framework leverages the power of deep learning to automatically extract meaningful features from network traffic data, enabling more accurate and robust intrusion detection. The proposed deep convolutional neural network (DCNN) has been trained on large-scale datasets, incorporating both normal and malicious network traffic, to enable effective discrimination between normal and anomalous behavior. To evaluate the performance of the framework, a comprehensive performance evaluation approach is developed, considering key metrics such as detection accuracy, false positive rate, and computational efficiency. Additionally, GPU has been utilized for boosting the performance of the model, demonstrating the effectiveness and superiority of the deep CNN-based intrusion detection system over traditional methods. The novelty of this study lies in the development of a dependable intrusion detection system that harnesses the potential of DCNN for network traffic analysis. The proposed framework is evaluated with four publicly available IDS datasets, namely ISCX-IDS 2012, DDoS (Kaggle), CICIDS2017, and CICIDS2018. Our results demonstrate the effectiveness of the optimized DCNN model in improving IDS performance and accuracy. With detection accuracy levels ranging from 99.79% to 100%, our results underscore the model’s efficacy, offering a dependable and efficient approach for the detection of cyber threats. The outcomes of this study have significant implications for network security, providing valuable insights for practitioners and researchers working towards building robust and intelligent intrusion detection systems.

Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity

The Intrusion Detection System (IDS) is an effective tool utilized in cybersecurity systems to detect and identify intrusion attacks. With the increasing volume of data generation, the possibility of various forms of intrusion attacks also increases. Feature selection is crucial and often necessary to enhance performance. The structure of the dataset can impact the efficiency of the machine learning model. Furthermore, data imbalance can pose a problem, but sampling approaches can help mitigate it. This research aims to explore machine learning (ML) approaches for IDS, specifically focusing on datasets, machine algorithms, and metrics. Three datasets were utilized in this study: KDD 99, UNSW-NB15, and CSE-CIC-IDS 2018. Various machine learning algorithms were chosen and examined to assess IDS performance. The primary objective was to provide a taxonomy for interconnected intrusion detection systems and supervised machine learning algorithms. The selection of datasets is crucial to ensure the suitability of the model construction for IDS usage. The evaluation was conducted for both binary and multi-class classification to ensure the consistency of the selected ML algorithms for the given dataset. The experimental results demonstrated accuracy rates of 100% for binary classification and 99.4In conclusion, it can be stated that supervised machine learning algorithms exhibit high and promising classification performance based on the study of three popular datasets.

IDSoft: A federated and softwarized intrusion detection framework for massive internet of things in 6G network

With the rollout of sixth generation (6G)–enabled massive internet of things (IoT) networks, the amount of data generated by IoT devices is expected to grow tremendously. Therefore, existing intrusion detection system (IDS) technology may not be sufficient to meet the scale and accuracy requirements for securing massive IoT. To overcome this shortcoming, edge intelligence–empowered next-generation (NextGen) IDSs utilize federated learning (FL) architectures. Nonetheless, to explore the full potential of federated IDSs, convergence and intercommunication overhead require some attention. One solution is softwarization and virtualization, which can increase network scalability and provide innovative security infrastructure for NextGen IDSs, offering holistic coverage and visibility to the entire network. In this line, we propose IDSoft, a novel softwarized solution that resides across the network infrastructure and leverages 6G enabling technologies, such as network function virtualization, mobile edge computing, and software-defined networking, to support FL-based IDSs. IDSoft is a scalable solution aimed at providing rapid and accurate detection combined with adaptive mitigation of large-scale cyberattacks while optimizing network resources. In this work, we analyze existing anomaly-based IDS approaches in IoT networks and focus on designing a hierarchical FL (HFL) framework for intrusion detection in IDSoft with synchronous and asynchronous aggregation and an additional offloading mechanism to enhance its performance. The numerical results demonstrate that the proposed HFL solution significantly reduces communication overhead, accelerates convergence, and promises greater scalability. Finally, future research trends are discussed.

A survey of network intrusion detection systems based on deep learning approaches

Currently, most IT organizations are inclined towards a cloud computing environment because of its distributed and scalable nature. However, its flexible and open architecture is receiving lots of attention from potential intruders for cyber threats. Here, Intrusion Detection System (IDS) plays a significant role in monitoring malicious activities in cloud-based systems. The state of the art of this paper is to systematically review the existing methods for detecting intrusions based upon various techniques, such as data mining, machine learning, and deep learning methods. Recently, deep learning techniques have gained momentum in the intrusion detection domain, and several IDS approaches are provided in the literature using various deep learning techniques to deal with privacy concerns and security threats. For this purpose, the article focuses on the deep IDS approaches and investigates how deep learning networks are employed by different approaches in various steps of the intrusion detection process to achieve better results. Then, it provided a comparison of the deep learning approaches and the shallow machine learning methods. Also, it describes datasets that are most used in IDS.

An ensemble deep learning based IDS for IoT using Lambda architecture

The Internet of Things (IoT) has revolutionized our world today by providing greater levels of accessibility, connectivity and ease to our everyday lives. It enables massive amounts of data to be traversed across multiple heterogeneous devices that are all interconnected. This phenomenon makes IoT networks vulnerable to various network attacks and intrusions. Building an Intrusion Detection System (IDS) for IoT networks is challenging as they enable a massive amount of data to be aggregated, which is difficult to handle and analyze in real time mainly because of the heterogeneous nature of IoT devices. This inefficient, traditional IDS approach accentuates the need to develop advanced IDS techniques by employing Machine or Deep Learning. This paper presents a deep ensemble-based IDS using Lambda architecture by following a multi-pronged classification approach. Binary classification uses Long Short Term Memory (LSTM) to differentiate between malicious and benign traffic, while the multi-class classifier uses an ensemble of LSTM, Convolutional Neural Network and Artificial Neural Network classifiers to detect the type of attacks. The model training is performed in the batch layer, while real-time evaluation is carried out through model inferences in the speed layer of the Lambda architecture. The proposed approach gives high accuracy of over 99.93% and saves useful processing time due to the multi-pronged classification strategy and using the lambda architecture.

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Concerns about cybersecurity and attack methods have risen in the information age. Many techniques are used to detect or deter attacks, such as intrusion detection systems (IDSs), that help achieve security goals, such as detecting malicious attacks before they enter the system and classifying them as malicious activities. However, the IDS approaches have shortcomings in misclassifying novel attacks or adapting to emerging environments, affecting their accuracy and increasing false alarms. To solve this problem, researchers have recommended using machine learning approaches as engines for IDSs to increase their efficacy. Machine-learning techniques are supposed to automatically detect the main distinctions between normal and malicious data, even novel attacks, with high accuracy. However, carefully designed adversarial input perturbations during the training or testing phases can significantly affect their predictions and classifications. Adversarial machine learning (AML) poses many cybersecurity threats in numerous sectors that use machine-learning-based classification systems, such as deceiving IDS to misclassify network packets. Thus, this paper presents a survey of adversarial machine-learning strategies and defenses. It starts by highlighting various types of adversarial attacks that can affect the IDS and then presents the defense strategies to decrease or eliminate the influence of these attacks. Finally, the gaps in the existing literature and future research directions are presented.

A NEW APPROACH TO IMPROVE CNN PERFORMANCE IN ANOMALY DETECTION FOR IOT NETWORKS BASED ON THE ALGORITHM ADABOOST

Since the increase in internet attacks brings much damage, it is essential to take care of the security of network activities. networks must use different security systems, such as intrusion detection systems, to deal with attacks. This research proposes a reliable approach for intrusion detection systems based on anomaly networks. The network traffic data sets are large and unbalanced, affecting intrusion detection systems' performance. The imbalance has caused the minority class to be incorrectly identified by conventional data mining algorithms. By ignoring the example of this class, we tried to increase the overall accuracy, while the correct example of the minority class protocols is also essential. In the proposed method, network penetration detection based on the combination of multi-dimensional features and homogeneous cumulative set learning was proposed, which has three stages: the first stage, based on the characteristics of the data, several original datasets of raw data or datasets criteria are extracted. Then, the original feature datasets are combined to form multiple comprehensive feature datasets. Finally, the same basic algorithm is used to train different comprehensive feature datasets for the multi-dimensional subspace of features. An initial classifier is trained, and the predicted probabilities of all the basic classifiers are entered into a meta-module. In this research, an AdaBoost meta-algorithm has been used for unbalanced data according to a suitable design. Also, various single CNN models and multi-CNN fusion models have been proposed, implemented, and trained. This evaluation is done with the NSL-KDD dataset to solve some of the inherent problems of the KDD'99 dataset. Simulations were performed to evaluate the performance of the proposed model on the mentioned data sets. This proposed method's accuracy and detection rate obtained better results than other methods.