Your search keyword '"Network intrusion detection"' showing total 1,942 results

1. SC-WGAN: GAN-Based Oversampling Method for Network Intrusion Detection

Author

Bai, Wuxia, Wang, Kailong, Chen, Kai, Li, Shenghui, Li, Bingqian, Zhang, Ning, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Bai, Guangdong, editor, Ishikawa, Fuyuki, editor, Ait-Ameur, Yamine, editor, and Papadopoulos, George A., editor

Published

2025

2. A New Multi-Level Semi-Supervised Learning Approach for Network Intrusion Detection System Based on the 'GOA'.

Author

Madhuri, A., Jyothi, Veerapaneni Esther, Praveen, S. Phani, Sindhura, S., Srinivas, V. Sai, and Kumar, D. Lokesh Sai

Subjects

*ARTIFICIAL neural networks, *SUPERVISED learning, *OPTIMIZATION algorithms, *COMPUTER network traffic, *K-means clustering, *INTRUSION detection systems (Computer security)

Abstract

One of the important technologies in present days is Intrusion detection technology. By using the machine learning techniques, researchers were developed different intrusion systems. But, the designed models toughness is affected by the two parameters, in that first one is, high network traffic imbalance in several categories, and another is, non-identical distribution is present in between the test set and training set in feature space. An artificial neural network (ANN) multi-level intrusion detection model with semi-supervised hierarchical k -means method (HSK-means) is presented in this paper. Error rate of intrusion detection is reduced by the ANN's accurate learning so it uses the Grasshopper Optimization Algorithm (GOA) which is analysed in this paper. Based on selection of important and useful parameters as bias and weight, error rate of intrusion detection system is reduced in the GOA algorithm and this is the main objective of the proposed system. Cluster based method is used in the pattern discovery module in order to find the unknown patterns. Here the test sample is treated as unlabelled unknown pattern or the known pattern. Proposed approach performance is evaluated by using the dataset as KDDCUP99. It is evident from the experimental findings that the projected model of GOA based semi supervised learning approach is better in terms of sensitivity, specificity and overall accuracy than the intrusion systems which are existed previously. [ABSTRACT FROM AUTHOR]

Published

2024

3. A network intrusion detection system based on deep learning in the IoT.

Author

Wang, Xiao, Dai, Lie, and Yang, Guang

Subjects

*COMPUTER network traffic, *GENERATIVE adversarial networks, *DEEP learning, *CYBERTERRORISM, *COMPUTER network security, *INTRUSION detection systems (Computer security)

Abstract

As industrial and everyday devices become increasingly interconnected, the data volume within the Internet of Things (IoT) has experienced a substantial surge. This surge in data presents a heightened risk of IoT environments being vulnerable to cyber attacks, which poses a significant threat to the seamless functioning of both industrial and daily activities. Therefore, the implementation of Network Intrusion Detection System (IDS) is vital for safeguarding the security of IoT network environments. This paper introduces a network intrusion detection model based on deep learning (DL). The model aims to enhance detection accuracy by extracting features from both the spatial and temporal dimensions of network traffic data. To tackle the challenge of low detection accuracy arising from data imbalance, in this study, a Conditional Tabular Generative Adversarial Network (CTGAN) is utilized to generate synthetic data for the minority class. The objective is to enhance the volume of minority class samples, address data imbalance, and subsequently enhance the accuracy of network intrusion detection. The classification performance of the proposed model is validated on UNSW-NB15, CIC-IDS2018, and CIC-IOT2023 datasets. The experimental findings demonstrate that the suggested model attains elevated levels of classification accuracy across all three datasets. The model presented in this article is particularly well suited to handle multi-class intrusion detection tasks. The model demonstrates superior performance compared to other models used for comparison. [ABSTRACT FROM AUTHOR]

Published

2024

4. A lightweight optimized intrusion detection system using machine learning for edge-based IIoT security.

Author

Tiwari, Ravi Shekhar, Lakshmi, D., Das, Tapan Kumar, Tripathy, Asis Kumar, and Li, Kuan-Ching

Subjects

FISHER discriminant analysis, PARTICLE swarm optimization, FEATURE selection, COMPUTER network security, INTELLIGENT sensors, INTRUSION detection systems (Computer security)

Abstract

The Industrial Internet of Things (IIoT) attributes to intelligent sensors and actuators for better manufacturing and industrial operations. At the same time, IIoT devices must be secured from the potentially catastrophic effects of eventual attacks, and this necessitates real-time prediction and preventive strategies for cyber-attack vectors. Due to this, the objective of this investigation is to obtain a high-accuracy intrusion detection technique with a minimum payload. As the experimental process, we have utilized the IIoT network security dataset, namely WUSTL-IIOT-2021. The feature selection technique Particle Swarm Optimization (PSO) and feature reduction techniques such as Principal Component Analysis (PCA), Linear Discriminant Analysis (LDA), and t-distributed stochastic neighbor embedding (t-SNE) are applied. Additionally, the Generalized Additive Model (GAM) and Multivariate Adaptive Regression Splines (MARS) are used to detect payloads that can interfere with the normal operation of an application. Both PSO and PCA combined with MARS have produced predictive results with an exceptional accuracy of 100%. Yet, the trained Machine Learning (ML) model is quantized with 4-bit and 8-bit, and it is deployed on Azure IoT Edge to simulate edge devices. Experimental results show that the latency of the model was reduced by 25% on quantization. [ABSTRACT FROM AUTHOR]

Published

2024

5. An Efficient Detection Mechanism of Network Intrusions in IoT Environments Using Autoencoder and Data Partitioning.

Author

Xiao, Yiran, Feng, Yaokai, and Sakurai, Kouichi

Subjects

MACHINE learning, DISTRIBUTED computing, INTERNET of things, INTRUSION detection systems (Computer security), SPEED, CLASSIFICATION

Abstract

In recent years, with the development of the Internet of Things and distributed computing, the "server-edge device" architecture has been widely deployed. This study focuses on leveraging autoencoder technology to address the binary classification problem in network intrusion detection, aiming to develop a lightweight model suitable for edge devices. Traditional intrusion detection models face two main challenges when directly ported to edge devices: inadequate computational resources to support large-scale models and the need to improve the accuracy of simpler models. To tackle these issues, this research utilizes the Extreme Learning Machine for its efficient training speed and compact model size to implement autoencoders. Two improvements over the latest related work are proposed: First, to improve data purity and ultimately enhance detection performance, the data are partitioned into multiple regions based on the prediction results of these autoencoders. Second, autoencoder characteristics are leveraged to further investigate the data within each region. We used the public dataset NSL-KDD to test the behavior of the proposed mechanism. The experimental results show that when dealing with multi-class attacks, the model's performance was significantly improved, and the accuracy and F1-Score were improved by 3.5% and 2.9%, respectively, maintaining its lightweight nature. [ABSTRACT FROM AUTHOR]

Published

2024

6. An adaptive nonlinear whale optimization multi-layer perceptron cyber intrusion detection framework.

Author

El-Ghaish, Hany, Miqrish, Haitham, Elmogy, Ahmed, and Elawady, Wael

Abstract

The increasing prevalence of cyber threats has created a critical need for robust defense against such incidents. Many Cyber Intrusion Detection Systems (CIDSs), utilizing machine learning have been developed for this purpose. Although, these recent CIDSs have provided the capability to analyze vast amounts of data and identify malicious activities, there are still challenges to be tackled to enhance their effectiveness. The exponential growth of the search space is one of these challenges which makes finding an optimal solution computationally infeasible for large datasets. Furthermore, the weight space while searching for optimal weight is highly nonlinear. Motivated by the observed characteristics, complexities, and challenges in the field, this paper presents an innovative (CIDS) named ANWO-MLP (Adaptive Nonlinear Whale Optimization Multi-layer Perceptron). A novel feature selection method called ANWO-FS (Adaptive Nonlinear Whale Optimization-Feature Selection) is employed in the proposed CIDS to identify the most predictive features enabling robust MLP training even in the highly nonlinear weight spaces. The insider threat detection process is improved by investigating vital aspects of CIDS, including data processing, initiation, and output handling. We adopt ANWOA (previously proposed by us) to mitigate local stagnation, enable rapid convergence, optimize control parameters, and handle multiple objectives by initializing the weight vector in the ANWO-MLP training with minimal mean square error. Experiments conducted on three highly imbalanced datasets demonstrate an average efficacy rate of 98.33%. The details of the results below show the robustness, stability, and efficiency of the proposed ANWO-MLP compared to existing approaches. [ABSTRACT FROM AUTHOR]

Published

2024

7. Performance Exploration of Network Intrusion Detection System with Neural Network Classifier on The KDD Dataset.

Author

Devaraju, Sellappan, Soni, Dheresh, Jawahar, Sundaram, Maurya, Jay Prakash, and Tiwari, Vipin

Subjects

ARTIFICIAL neural networks, INFORMATION technology industry, TIME complexity, COMPUTER network security, NETWORK performance

Abstract

Network Intrusion Detection Systems (NIDS) are a difficult task for determining in any managerial information system or IT sectors, if a user is a normal user or an attacker. The main objectives of the proposed system are to enhance operational efficiency, decreasing the occurrence of false positives, to minimize the time complexity of the process. It is an excellent way for dealing with various types of network problems. Research focusses the various classifiers are applied to detect various types of network assaults. Performance of network intrusion detection by two classifiers are used to compare the results. Probabilistic Neural Network (PNN) and Feed Forward Neural Network (FFNN) classifiers are employed this suggested study. The performance results comparison between full featured and reduced features are presented. MATLAB software application is applied to test the performance of both test and train dataset. Detecting network intrusions is a critical challenge within managerial information systems and the IT sector, as it involves the complex task of distinguishing between legitimate users and potential attackers. Maintaining a secure network environment is paramount to safeguarding sensitive information and operations. In the arena of network intrusion detection, the research predominantly revolves around the deployment of diverse classifiers to identify various types of network attacks. This paper, proposes the evaluation of two specific classifiers, the PNN and the FFNN, with the objective of comparing their performance in the context of network intrusion detection. We systematically assess their effectiveness in both full-featured and reduced-feature scenarios, utilizing MATLAB software to rigorously analyze their capabilities across test and training datasets. In essence, this research delves into the intricate realm of Network Intrusion Detection Systems (NIDS), investigating how the PNN and FFNN classifiers function in the critical role of safeguarding networks against a multitude of potential threats. Through comprehensive analysis, we aim to illuminate the most efficient approach to enhancing network security in the constantly evolving landscape of cybersecurity. As a result, it is recommended that FFNN approaches be adopted as a means of improving detection efficiency and reducing the False Positive Rate (FPR) in network intrusion detection systems. [ABSTRACT FROM AUTHOR]

Published

2024

8. VGGIncepNet: Enhancing Network Intrusion Detection and Network Security through Non-Image-to-Image Conversion and Deep Learning.

Author

Chen, Jialong, Xiao, Jingjing, and Xu, Jiaxin

Subjects

CONVOLUTIONAL neural networks, COMPUTER network security, FEATURE extraction, LEARNING modules, INTRUSION detection systems (Computer security), DEEP learning, INTERNET of things

Abstract

This paper presents an innovative model, VGGIncepNet, which integrates non-image-to-image conversion techniques with deep learning modules, specifically VGG16 and Inception, aiming to enhance performance in network intrusion detection and IoT security analysis. By converting non-image data into image data, the model leverages the powerful feature extraction capabilities of convolutional neural networks, thereby improving the multi-class classification of network attacks. We conducted extensive experiments on the NSL-KDD and CICIoT2023 datasets, and the results demonstrate that VGGIncepNet outperforms existing models, including BERT, DistilBERT, XLNet, and T5, across evaluation metrics such as accuracy, precision, recall, and F1-Score. VGGIncepNet exhibits outstanding classification performance, particularly excelling in precision and F1-Score. The experimental results validate VGGIncepNet's adaptability and robustness in complex network environments, providing an effective solution for the real-time detection of malicious activities in network systems. This study offers new methods and tools for network security and IoT security analysis, with broad application prospects. [ABSTRACT FROM AUTHOR]

Published

2024

9. A Convolutional Neural Network with Hyperparameter Tuning for Packet Payload-Based Network Intrusion Detection.

Author

Boulaiche, Ammar, Haddad, Sofiane, and Lemouari, Ali

Subjects

*ARTIFICIAL neural networks, *CONVOLUTIONAL neural networks, *PATTERN recognition systems, *COMPUTER network traffic, *METAHEURISTIC algorithms, *INTRUSION detection systems (Computer security)

Abstract

In the last few years, the use of convolutional neural networks (CNNs) in intrusion detection domains has attracted more and more attention. However, their results in this domain have not lived up to expectations compared to the results obtained in other domains, such as image classification and video analysis. This is mainly due to the datasets used, which contain preprocessed features that are not compatible with convolutional neural networks, as they do not allow a full exploit of all the information embedded in the original network traffic. With the aim of overcoming these issues, we propose in this paper a new efficient convolutional neural network model for network intrusion detection based on raw traffic data (pcap files) rather than preprocessed data stored in CSV files. The novelty of this paper lies in the proposal of a new method for adapting the raw network traffic data to the most suitable format for CNN models, which allows us to fully exploit the strengths of CNNs in terms of pattern recognition and spatial analysis, leading to more accurate and effective results. Additionally, to further improve its detection performance, the structure and hyperparameters of our proposed CNN-based model are automatically adjusted using the self-adaptive differential evolution (SADE) metaheuristic, in which symmetry plays an essential role in balancing the different phases of the algorithm, so that each phase can contribute in an equal and efficient way to finding optimal solutions. This helps to make the overall performance more robust and efficient when solving optimization problems. The experimental results on three datasets, KDD-99, UNSW-NB15, and CIC-IDS2017, show a strong symmetry between the frequency values implemented in the images built for each network traffic and the different attack classes. This was confirmed by a good predictive accuracy that goes well beyond similar competing models in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

10. Optimizing Network Security with Machine Learning and Multi-Factor Authentication for Enhanced Intrusion Detection.

Author

Mahmood, Rafah Kareem, Mahameed, Ans Ibrahim, Lateef, Noor Q., Jasim, Hasanain M., Radhi, Ahmed Dheyaa, Ahmed, Saadaldeen Rashid, and Tupe-Waghmare, Priyanka

Subjects

MACHINE learning, MULTI-factor authentication, SECURITY systems, COMPUTER network security, DEEP learning

Abstract

This study examines the utilization of machine learning methodologies and multi-factor authentication (MFA) to bolster network security, specifically targeting network intrusion detection. We analyze the way in which the integration of these technologies effectively tackles existing security concerns and constraints. The research highlights the importance of incorporating energy conservation and environmental impact reduction into security solutions, in addition to traditional cryptography and biometric methods. In addition, we tackle the limitations of centralized systems, such as vulnerabilities to security breaches and instances of system failures. The study examines different security models, encompassing categories, frameworks, consensus protocols, applications, services, and deployment goals in order to determine their impact on network security. In addition, we offer a detailed comparison of seven machine learning models, showcasing their effectiveness in enhancing network intrusion detection and overall security. The objective of this study is to provide in-depth understanding and actionable suggestions for utilizing machine learning with MFA (Multi-Factor Authentication) to enhance network defensive tactics. [ABSTRACT FROM AUTHOR]

Published

2024

11. Network Intrusion Detection Using Feature Selection Techniques: Bacterial Forage Optimization Algorithm.

Author

R., Rajeshwari and M. P., Anuradha

Subjects

OPTIMIZATION algorithms, FEATURE selection, ANOMALY detection (Computer security), MATHEMATICAL optimization, COMPUTATIONAL complexity, INTRUSION detection systems (Computer security)

Abstract

Network intrusion detection systems -NIDS are significant in potentially analyzing cyber-security and accurately categorizing attacks in current networks. Given the present circumstances, selecting an appropriate combination of anomaly detection features holds greater significance within NIDS. Diverse optimization algorithms offer a better solution: correctly choosing a near-optimal variety of features to achieve an improved NIDS. The Bacterial Forage Optimization (BFO) algorithm is an intelligent swarm algorithm commonly used for optimization problems. This paper proposes NIDS with optimal feature selection using Bacterial Forage Optimization techniques to detect the anomaly in the IDS (BFOFSIDS). Besides, it established Machine Learning-based Network Intrusion Detection and offered better performance for detecting User Remote (U2R Remote-to-Local (R2L), Probe and Denialof-service (DoS) attacks. The proposed model aims to identify anomaly detection features for an intrusion detection system, thus achieving a promising performance. The proposed method expands the BFO-based optimal features selection techniques, enhancing the accuracy among two high-dimensional intrusion detection datasets, such as NSLKDD and UNSW-NB15. Experimental results demonstrate that the proposed model achieves an accuracy of 91.8% on the NSL-KDD dataset and 91% on the UNSW-NB15 dataset. Additionally, the BFOFSIDS model significantly reduces the average processing time, with values recorded at 13,756 ms for NSL-KDD and 13,748 ms for UNSW-NB15, outperforming state-of-the-art methods. The precision and F-score for BFOFSIDS are also notably higher, indicating its effectiveness in improving detection accuracy while minimizing computational complexity. [ABSTRACT FROM AUTHOR]

Published

2024

12. Network Intrusion Detection System with Machine Learning as a Service.

Author

Kangethe, Loma, Wimmer, Hayden, and Rebman Jr., Carl M.

Subjects

MACHINE learning, INTRUSION detection systems (Computer security), CLOUD computing, BIG data, DECISION trees

Abstract

Cloud Computing and Big Data continue to be disruptive forces in computing and has introduced new threats and vulnerabilities to our networks. The paper seeks to demonstrate how an end-to-end network intrusion detection system can be built, trained, and deployed using Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). We determined the performance of these tools by building a network intrusion detection system (NIDS) and evaluating the performance of each based on precision, accuracy, F1 Score, recall, user experience, cost and computation time for training and predicting the model. Overall, all three platforms performed greater than 90% accuracy with Google Vertex AI having the highest accuracy using the decision tree and Microsoft Azure performing the best based on accuracy, precision, and computation time. [ABSTRACT FROM AUTHOR]

Published

2024

13. Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems.

Author

Chalé, Marc, Cox, Bruce, Weir, Jeffery, and Bastian, Nathaniel D.

Abstract

Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The perturbed packets are then transferred and tested against three test network intrusion detection system classifiers with various evasion rates that depend on the classifier and malicious packet type. If the test classifier is of the same architecture as the surrogate model, near-optimal adversarial examples penetrate the test model for 69% of packets whereas the raw examples succeeds for only 5% of packets. This confirms hypotheses that NIDS classifiers are vulnerable to adversarial attacks, motivating research in robust learning for cyber. [ABSTRACT FROM AUTHOR]

Published

2024

14. Designing a modified feature aggregation model with hybrid sampling techniques for network intrusion detection.

Author

Biyyapu, NarasimhaSwamy, Veerapaneni, Esther Jyothi, Surapaneni, Phani Praveen, Vellela, Sai Srinivas, and Vatambeti, Ramesh

Subjects

*SEARCH algorithms, *CYBERTERRORISM, *SAMPLING (Process), *FALSE alarms, *REPTILES, *INTRUSION detection systems (Computer security)

Abstract

Cyber defense solutions that can adapt to new threats and learn to act independently of human guidance are necessary in light of the proliferation of so-called 'next-generation' cyberattacks. Multi-granularity feature aggregation is a method for detecting network intrusions, but its accuracy is often low due to class imbalance and various classifications of intrusions. To address this issue, this model employs a hybrid sampling algorithm composed of ADASYN and repeated edited nearest neighbors (RENN) for sample processing. The feature-discriminative ability of various assaults is improved by employing channel self-attention at the block level during classification. Finally, an enhanced reptile search algorithm (IRSA) is proposed, which uses a sine cosine algorithm and Levy flight to optimally select the weight of the proposed model. The Levy factor boosts the exploitation capabilities of the search agents, and an algorithm with improved global search capabilities prevents local minimal entrapment by undertaking a full-scale search space. To learn binary and multiclass classification, the model was trained on the CIC-IDS 2017, UNSW-NB15, and WSN-DS datasets. Accuracy and falsehood are just some of the evaluation criteria used in the confusion matrix to determine the system's efficacy. Experimental consequences demonstrate a high detection rate, good accuracy, and a relatively low false alarm rate (FAR), validating the efficacy of the suggested approach. Following that, K4 achieved an accuracy score of 81.99, the precision-recall (PR) was 82.69, the detection rate (D.R.) was 82.12, the F1-score was 80.33, and the FAR was 2.3, all in that order. [ABSTRACT FROM AUTHOR]

Published

2024

15. Network Intrusion Detection using Combined Deep Learning Models: Literature Survey and Future Research Directions.

Author

KAMAL IDRISSI, Hamza and KARTIT, Ali

Subjects

DEEP learning, COMPUTER network traffic, ANOMALY detection (Computer security), COMPUTER networks, FEATURE selection, INTRUSION detection systems (Computer security)

Abstract

Anomaly intrusion detection is a critical component of modern cybersecurity systems, aiming to identify and flag abnormal activities or behaviors that deviate from expected patterns within computer networks. Unlike signature-based intrusion detection systems that rely on known attack patterns, anomaly detection techniques focus on detecting unknown or novel attacks that lack predefined signatures. In recent years, machine learning and deep learning techniques have emerged as promising solutions to provide an additional layer of defense against emerging threats and zero-day attacks. This survey article provides a comprehensive review of the state of the art in network intrusion detection using ML and DL. We start by presenting an overview of the challenges and requirements associated with intrusion detection in today's dynamic network environments. We then delve into the fundamental concepts and methodologies of ML and DL, highlighting their strengths and limitations when applied to intrusion detection. We discuss the various types of network intrusion detection datasets commonly used in research, along with the preprocessing techniques employed to ensure data quality. We explore different feature selection and extraction methods that enable the effective representation of network traffic data, facilitating accurate intrusion detection. We review their architectural designs, training processes, and optimization techniques while discussing their performance in terms of detection accuracy. We highlight the current research trends and challenges in the field, including adversarial attacks, interpretability, scalability, and real-time processing. We conclude with potential future directions and recommendations for researchers and practitioners. [ABSTRACT FROM AUTHOR]

Published

2024

16. Network Intrusion Detection Using Transformer and BiGRU-DNN in Edge Computing.

Author

Huijuan Sun

Abstract

To address the issue of class imbalance in network traffic data, which affects the network intrusion detection performance, a combined framework using transformers is proposed. First, Tomek Links, SMOTE, and WGAN are used to preprocess the data to solve the class-imbalance problem. Second, the transformer is used to encode traffic data to extract the correlation between network traffic. Finally, a hybrid deep learning network model combining a bidirectional gated current unit and deep neural network is proposed, which is used to extract long-dependence features. A DNN is used to extract deep level features, and softmax is used to complete classification. Experiments were conducted on the NSLKDD, UNSWNB15, and CICIDS2017 datasets, and the detection accuracy rates of the proposed model were 99.72%, 84.86%, and 99.89% on three datasets, respectively. Compared with other relatively new deep-learning network models, it effectively improved the intrusion detection performance, thereby improving the communication security of network data. [ABSTRACT FROM AUTHOR]

Published

2024

17. ALRN-RCS: Advanced Approach to Network Intrusion Detection Using Attention Long-Term Recurrent Networks and Chaotic Optimization.

Author

N P, Ponnuviji, E, Nirmala, Fernandez F, Mary Harin, and K, Anitha

Subjects

*COMPUTER network traffic, *OPTIMIZATION algorithms, *DIGITAL technology, *CYBERTERRORISM, *MULTICASTING (Computer networks), *RECURRENT neural networks

Abstract

Detecting intrusions within a network is essential for protecting digital environments; it encompasses the observation and analysis of network traffic to recognize and counteract unauthorized or malicious activities. Conventional methods in network intrusion detection face several challenges such as polymorphic and evasive attacks, scalability issues, and anomaly-based complexity. To address these complexities, this paper proposed a novel method named Attention Long-term Recurrent Network-based Random Chaotic Sine (ALRN-RCS) algorithm for network intrusion detection. In this study, Long Short-Term Memory (LSTM) is utilized to capture complex patterns in network traffic and identify anomalous activities. Also, the attention-based Recurrent Neural Network (RNN) is employed to focus on relevant features within network traffic and enable precise intrusion detection. In this paper, we have incorporated the Chaotic Chimp Sine Cosine optimization algorithm, employing a random update strategy, to optimize hyperparameters and improve the overall efficacy of the proposed approach and the study conducted experiments on the datasets namely the UNSW NB-15, Network Intrusion Detection dataset, and the Segmented Image-based Network Intrusion Detection (SIDD) dataset. Diverse assessment criteria, including accuracy, F1-score, recall, AUC-ROC, and precision, are employed to assess the effectiveness of the ALRN-RCS method and to draw comparisons with established methodologies. The experimental results depict the effectiveness of the ALRN-RCS method for addressing the dynamic and sophisticated nature of modern cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

18. Enhancing network intrusion detection: a dual-ensemble approach with CTGAN-balanced data and weak classifiers.

Author

Soflaei, Mohammad Reza Abbaszadeh Bavil, Salehpour, Arash, and Samadzamini, Karim

Subjects

*INTRUSION detection systems (Computer security), *GENERATIVE adversarial networks, *CLASSIFICATION algorithms, *DECISION trees, *INTERNET of things, *LOGISTIC regression analysis

Abstract

With the expansion of the Internet, Internet of Things devices, and related services, effective intrusion detection systems are vital in cybersecurity. This study presents a significant advancement in cybersecurity by leveraging ensemble learning techniques alongside generative adversarial networks, proposing a novel framework for network behavior classification using the UNSW-NB15 dataset. Similar to any other real-world dataset, the UNSW-NB15 dataset poses inherent challenges of data imbalance, with significantly fewer instances of intrusion compared to normal network behavior. Our main contribution to the existing literature is the introduction of a conditional tabular generative adversarial network (CTGAN), aimed at addressing the existing issue of data imbalance in the dataset. In previous approaches, this issue was often overlooked; however, the proposed framework achieves a substantial improvement in model performance by balancing this dataset. Through training three shallow binary classification algorithms (decision trees, logistic regression, and Gaussian naive Bayes) on both the CTGAN-balanced data and the original imbalanced dataset, we uncover remarkable improvements in identifying network intrusion. Our study employs a novel two-stage label-wise ensembling process, notably resulting in a final XGBoost meta-classifier. The ultimate achievement of our framework demonstrates 98% accuracy for binary classification and 95% for multi-class classification, outperforming existing state-of-the-art models. By offering a robust framework for effective intrusion detection, this work marks a substantial step forward in addressing data imbalance challenges within the UNSW-NB15 dataset. [ABSTRACT FROM AUTHOR]

Published

2024

19. Enhancing network intrusion detection by lifelong active online learning.

Author

Chuang, Po-Jen and Huang, Pang-Yu

Subjects

*INTRUSION detection systems (Computer security), *ONLINE education, *COMPUTER network traffic, *RANDOM forest algorithms, *MACHINE learning, *DATA quality

Abstract

Machine learning has been widely used to build intrusion detection models in detecting unknown attack traffic. How to train a model properly in order to attain the desired intrusion detection is an important topic. In contrast to offline learning, online learning proves more practical as it can update models simultaneously in the detecting process to comply with real network traffic. Active learning is an effective way to realize online learning. Among existing active learning mechanisms proposed to perform intrusion detection, most fail to meet the real online environment or to run persistently. This paper presents a new active online learning mechanism to secure better intrusion detection performance. The new mechanism advances related works in bringing the lifelong learning practice to fit in the online environment. It uses the efficient random forest (RF) as the detection model to train samples and adds a new tree to train a new batch of data when updating the model at each online stage, to pursue lifelong learning. By training a new batch of data only, it can keep the previously trained weights from being updated so as to preserve the past knowledge. Our mechanism is experimentally proved to yield better overall results than existing mechanisms: It produces superior training efficiency and detection performance—with the least training time, best training data quality and much reduced training data quantity. [ABSTRACT FROM AUTHOR]

Published

2024

20. Advanced Threat Detection Using Soft and Hard Voting Techniques in Ensemble Learning.

Author

Jabbar, Hanan Ghali

Subjects

MACHINE learning, COMPUTER network traffic, K-nearest neighbor classification, DECISION trees, COMPUTER network security, INTRUSION detection systems (Computer security)

Abstract

This study addresses the challenge of detecting network intrusions by exploring the efficacy of ensemble learning methods over traditional machine learning models. The problem of network security is exacerbated by sophisticated cyber-attack techniques that standard single model approaches often fail to counter effectively. Our solution employs a robust ensemble methodology to improve detection rates. The research contribution lies in the comparative analysis of individual machine learning models--K-Nearest Neighbors (KNN), Decision Trees (DT), and Gradient Boosting (GB)--against ensemble methods employing soft and hard voting classifiers. This study is one of the first to quantify the performance gains of ensemble methods in the context of network intrusion detection. Our methodological approach involves applying these models to the WSNBFSF dataset, which consists of traffic types including normal operations and various attacks. Performance metrics such as accuracy, precision, recall, and F1-score are calculated to assess the effectiveness of each model. The ensemble methods combine the strengths of individual models using voting systems, which are tested against the same metrics. Results indicate that while individual models like DT and GB achieved near-perfect accuracy scores (99.95% and 99.9%, respectively), the ensemble models performed even better. The soft voting classifier achieved an accuracy of 99.967%, and the hard voting classifier reached 100%, demonstrating their superior capability in network traffic classification and intrusion detection. In conclusion, the integration of ensemble methods significantly enhances the detection accuracy and reliability of network intrusion systems. Future research should explore additional ensemble techniques and consider scalability and class imbalance issues to further refine the efficacy of intrusion detection systems. [ABSTRACT FROM AUTHOR]

Published

2024

21. HEN: a novel hybrid explainable neural network based framework for robust network intrusion detection.

Author

Wei, Wei, Chen, Sijin, Chen, Cen, Wang, Heshi, Liu, Jing, Cheng, Zhongyao, and Zou, Xiaofeng

Abstract

With the rapid development of network technology and the automation process for 5G, cyber-attacks have become increasingly complex and threatening. In response to these threats, researchers have developed various network intrusion detection systems (NIDS) to monitor network traffic. However, the incessant emergence of new attack techniques and the lack of system interpretability pose challenges to improving the detection performance of NIDS. To address these issues, this paper proposes a hybrid explainable neural network-based framework that improves both the interpretability of our model and the performance in detecting new attacks through the innovative application of the explainable artificial intelligence (XAI) method. We effectively introduce the Shapley additive explanations (SHAP) method to explain a light gradient boosting machine (LightGBM) model. Additionally, we propose an autoencoder long-term short-term memory (AE-LSTM) network to reconstruct SHAP values previously generated. Furthermore, we define a threshold based on reconstruction errors observed during the training phase. Any network flow that surpasses the specified threshold is classified as an attack flow. This approach enhances the framework’s ability to accurately identify attacks. We achieve an accuracy of 92.65%, a recall of 95.26%, a precision of 92.57%, and an F1-score of 93.90% on the dataset NSL-KDD. Experimental results demonstrate that our approach generates detection performance on par with state-of-the-art methods. [ABSTRACT FROM AUTHOR]

Published

2024

22. Improved Intrusion Detection Based on Hybrid Deep Learning Models and Federated Learning.

Author

Huang, Jia, Chen, Zhen, Liu, Sheng-Zheng, Zhang, Hao, and Long, Hai-Xia

Subjects

*DEEP learning, *DATA privacy, *FEDERATED learning, *CONVOLUTIONAL neural networks, *INTERNET of things, *INTERNET security

Abstract

The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models. [ABSTRACT FROM AUTHOR]

Published

2024

23. A computationally efficient dimensionality reduction and attack classification approach for network intrusion detection.

Author

Patel, N. D., Mehtre, B. M., and Wankar, Rajeev

Subjects

*INTRUSION detection systems (Computer security), *COMPUTER network traffic, *MACHINE learning, *FEATURE selection, *SYSTEM administrators, *CLASSIFICATION

Abstract

An intrusion detection system (IDS) is a system that monitors network traffic for malicious activity and generates alerts. In anomaly-based detection, machine learning (ML) algorithms exploit various statistical and probabilistic methods to learn from past or historical experience and detect valuable patterns from large, unstructured, and complex datasets. ML-based network intrusion detection aims to identify malicious behavior and alert a system administrator when an intruder tries to penetrate the network. This paper deals with the study, strategic construction, and implementation of a network intrusion detection model based on ML methods. Among the available IDS datasets, five of the most relevant are chosen for the experimental analysis, which are NSL-KDD-2009, CIC-IDS2017, CIC-IDS2018, IoTID20, and UNSW-NB15 datasets. In order to reduce the computation time in the training sample and achieve computational complexity O (N 2.38 ± δ) , we propose a computationally efficient and feasible algorithmic framework for analyzing the network traffic data. The developed approach mainly consists of two phases, i.e., "Scatter Matrices and Eigenvalue Computation based feature Selection" and "Classification procedure for the reduced dimension data." Experimental evaluation of various test case scenarios for the chosen datasets is carried out in the simulation setting. It is observed that the test results outperform the existing intrusion detection methods for detecting certain attack categories. [ABSTRACT FROM AUTHOR]

Published

2024

24. CNN-GRU-FF: a double-layer feature fusion-based network intrusion detection system using convolutional neural network and gated recurrent units.

Author

Imrana, Yakubu, Xiang, Yanping, Ali, Liaqat, Noor, Adeeb, Sarpong, Kwabena, and Abdullah, Muhammed Amin

Subjects

CONVOLUTIONAL neural networks, RECURRENT neural networks, INTRUSION detection systems (Computer security), ARTIFICIAL neural networks, COMPUTER network traffic, COMPUTER networking equipment

Abstract

Identifying and preventing malicious network behavior is a challenge for establishing a secure network communication environment or system. Malicious activities in a network system can seriously threaten users' privacy and potentially jeopardize the entire network infrastructure and functions. Furthermore, cyber-attacks have grown in complexity and number due to the ever-evolving digital landscape of computer and network devices in recent years. Analyzing network traffic using network intrusion detection systems (NIDSs) has become an integral security measure in modern networks to identify malicious and suspicious activities. However, most intrusion detection datasets contain imbalance classes, making it difficult for most existing classifiers to achieve good performance. In this paper, we propose a double-layer feature extraction and feature fusion technique (CNN-GRU-FF), which uses a modified focal loss function instead of the traditional cross-entropy to handle the class imbalance problem in the IDS datasets. We use the NSL-KDD and UNSW-NB15 datasets to evaluate the effectiveness of the proposed model. From the research findings, it is evident our CNN-GRU-FF method obtains a detection rate of 98.22% and 99.68% using the UNSW-NB15 and NSL-KDD datasets, respectively while maintaining low false alarm rates on both datasets. We compared the proposed model's performance with seven baseline algorithms and other published methods in literature. It is evident from the performance results that our proposed method outperforms the state-of-the-art network intrusion detection methods. [ABSTRACT FROM AUTHOR]

Published

2024

25. Ransomware Detection Model Based on Adaptive Graph Neural Network Learning †.

Author

Li, Jun, Yang, Gengyu, and Shao, Yanhua

Subjects

RANSOMWARE, GRAPH neural networks, MALWARE, INFORMATION technology security, INFORMATION dissemination

Abstract

Ransomware is a type of malicious software that encrypts or locks user files and demands a high ransom. It has become a major threat to cyberspace security, especially as it continues to be developed and updated at exponential rates. Ransomware detection technology has become a focus of research on information security risk detection methods. However, current ransomware detection techniques have high false positive and false negative rates, and traditional methods ignore global word co-occurrence and correlation information between key node steps in the entire process. This poses a significant challenge for accurately identifying and detecting ransomware. We propose a ransomware detection model based on co-occurrence information adaptive diffusion learning using a Text Graph Convolutional Network (ADC-TextGCN). Specifically, ADC-TextGCN first assign self-weights to word nodes based on sensitive API call functions and preserve co-occurrence information using Point Mutual Information Theory (COIR-PMI); then our model automatically learn the optimal neighborhood through an Adaptive Diffusion Convolution (ADC) strategy, thereby improving the ability to aggregate long-distance node information across layers and enhancing the network's ability to represent ransomware behavior. Experimental results show that our method achieves an accuracy of over 96.6% in ransomware detection, proving its effectiveness and superiority compared to traditional methods based on CNN and RNN in ransomware detection. [ABSTRACT FROM AUTHOR]

Published

2024

26. An extreme gradient boost based classification and regression tree for network intrusion detection in IoT.

Author

Chalichalamala, Silpa, Govindan, Niranjana, and Kasarapu, Ramani

Subjects

REGRESSION trees, INTERNET of things, ARTIFICIAL intelligence, CLASSIFICATION, INTERNET security, SOCIAL impact

Abstract

Nowadays, modern technology includes various devices, networks, and apps from the internet of things (IoT), which consist of both positive and negative impacts on social, economic, and industrial effects. To address these issues, IoT applications and networks require lightweight, quick, and adaptable security solutions. In this sense, solutions based on artificial intelligence and big data analytics can yield positive outcomes in the realm of cyber security. This study presents a method called extreme gradient boost (XGBoost) based classification and regression tree to identify network intrusions in the IoT. This model is ideally suited for application in IoT networks with restricted resource availability because of its distributed structure and builtin higher generalization capabilities. This approach is thoroughly tested using botnet internet of things (BoT-IoT) new-generation IoT security datasets. All trials are conducted in a range of different settings, and a number of performance indicators are used to evaluate the effectiveness of the proposed method. The suggested study's findings provide recommendations and insights for situations involving binary classes and numerous classes. The suggested XGBoost model achieved 99.53% of accuracy in attack detection and 99.51% in precision for binary class and multiclass classifications, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

27. An intrusion detection system based on convolution neural network.

Author

Yanmeng Mo, Huige Li, Dongsheng Wang, and Gaqiong Liu

Subjects

CONVOLUTIONAL neural networks, INTRUSION detection systems (Computer security), COMPUTER network security, FEATURE extraction, DATA security failures

Abstract

With the rapid extensive development of the Internet, users not only enjoy great convenience but also face numerous serious security problems. The increasing frequency of data breaches has made it clear that the network security situation is becoming increasingly urgent. In the realm of cybersecurity, intrusion detection plays a pivotal role in monitoring network attacks. However, the efficacy of existing solutions in detecting such intrusions remains suboptimal, perpetuating the security crisis. To address this challenge, we propose a sparse autoencoder-Bayesian optimization-convolutional neural network (SA-BO-CNN) system based on convolutional neural network (CNN). Firstly, to tackle the issue of data imbalance, we employ the SMOTE resampling function during system construction. Secondly, we enhance the system’s feature extraction capabilities by incorporating SA. Finally, we leverage BO in conjunction with CNN to enhance system accuracy. Additionally, a multi-round iteration approach is adopted to further refine detection accuracy. Experimental findings demonstrate an impressive system accuracy of 98.36%. Comparative analyses underscore the superior detection rate of the SA-BO-CNN system. [ABSTRACT FROM AUTHOR]

Published

2024

28. Context-Aware Adaptive Encryption: Integrating Sensitive Data Detection and Network intrusion detection for Dynamic Data Security and Encryption

Author

Leonardo C. Lawrence, Ramin Giovanni, Cynthia Calongne, and Abdullah Alshboul

Subjects

adaptive encryption, sensitive data detection, network intrusion detection, machine learning, deep learning, data security, real-time threat detection, History of scholarship and learning. The humanities, AZ20-999

Abstract

In today's digital landscape, ensuring the security of sensitive data and protecting against network intrusions are critical challenges. This research project develops and evaluates a novel context-aware adaptive encryption system that integrates sensitive data detection, network intrusion detection, and dynamic encryption techniques to enhance data security. The proposed system employs deep learning models to identify sensitive information and machine learning algorithms to monitor network activity for potential intrusions. Upon detecting sensitive data or a security threat, the system automatically applies encryption with adjustable strength based on the context, increasing protection in high-risk situations. This approach minimizes unnecessary overhead in low-risk scenarios while maintaining robust security measures. Through simulations using real-world data, the system's effectiveness in accurately detecting sensitive information and network intrusions, as well as its capability to adapt encryption dynamically, is evaluated. The results demonstrate the potential of combining machine learning with adaptive security measures to create a responsive and efficient data protection system.

Published

2024

29. Enhancing Network Intrusion Detection with Deep Oversampling and Convolutional Autoencoder for Imbalanced Dataset

Author

Xiong, Xuanrui, Li, Junfeng, Zhang, Huijun, Shen, Han, Liu, Mengru, Peng, Wei, Huang, Qi, Zhang, Yuan, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Gao, Feifei, editor, Wu, Jun, editor, Li, Yun, editor, Gao, Honghao, editor, and Wang, Shangguang, editor

Published

2024

30. A Network Intrusion Detection System Based on Self-supervised Co-contrastive Learning

Author

Xie, Lei, Ye, Mai, Chen, Bing, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Gu, Zhaoquan, editor, Zhou, Wanlei, editor, Zhang, Jiawei, editor, Xu, Guandong, editor, and Jia, Yan, editor

Published

2024

31. Network Traffic Intrusion Detection Strategy Based on E-GraphSAGE and LSTM

Author

Bao, Haizhou, Chen, Minhao, Huo, Yiming, Yu, Guorong, Nie, Lei, Li, Peng, Wang, Yuxuan, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Huang, De-Shuang, editor, Chen, Wei, editor, and Guo, Jiayang, editor

Published

2024

32. A Novel Network Intrusion Detection Method for Unbalanced Data in Open Scenarios

Author

Gong, Zihui, Wang, Qiang, He, Wenfeng, Cao, Chuqing, Zheng, Liang, Yu, Yanwu, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cao, Cungeng, editor, Chen, Huajun, editor, Zhao, Liang, editor, Arshad, Junaid, editor, Asyhari, Taufiq, editor, and Wang, Yonghao, editor

Published

2024

33. The Impact of Data Scaling Approaches on Deep Learning, Random Forest and Nearest Neighbour-Based Network Intrusion Detection Systems for DoS Detection in IoT Networks

Author

Pawlicki, Marek, Kozik, Rafał, Choraś, Michał, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, You, Ilsun, editor, Choraś, Michał, editor, Shin, Seonghan, editor, Kim, Hwankuk, editor, and Astillo, Philip Virgil, editor

Published

2024

34. Network Intrusion Detection via Oversampling and Transformer-BiLSTM-MLP

Author

Zuo, Jie, Liu, Tianrun, Yang, Yize, Chen, Yang-Yang, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Yu, Jianglong, editor, Liu, Yumeng, editor, and Li, Qingdong, editor

Published

2024

35. Feature Selection-Based Evaluation for Network Intrusion Detection System with Machine Learning Methods on CICIDS2017

Author

Upadhyay, Lav, Tripathi, Meenakshi, Grover, Jyoti, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Sharma, Harish, editor, Shrivastava, Vivek, editor, Tripathi, Ashish Kumar, editor, and Wang, Lipo, editor

Published

2024

36. A Critical Server Security Protection Strategy Based on Traffic Log Analysis

Author

Zhu, Haiyong, Wang, Chengyu, Hou, Bingnan, Tang, Yonghao, Cai, Zhiping, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Jin, Hai, editor, Pan, Yi, editor, and Lu, Jianfeng, editor

Published

2024

37. Enhancing Network Intrusion Detection Using Deep Reinforcement Learning: An Adaptive Learning Approach

Author

Nijil Raj, N., Rajesh, Rahul, Justin, Anupama, Shihab, Fathima, Bansal, Jagdish Chand, Series Editor, Deep, Kusum, Series Editor, Nagar, Atulya K., Series Editor, Mumtaz, Shahid, editor, Rawat, Danda B., editor, and Menon, Varun G., editor

Published

2024

38. Network Intrusion Detection by Variational Component-Based Feature Saliency Gaussian Mixture Clustering

Author

Hong, Xin, Papazachos, Zafeirios, del Rincon, Jesus Martinez, Miller, Paul, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Katsikas, Sokratis, editor, Abie, Habtamu, editor, Ranise, Silvio, editor, Verderame, Luca, editor, Cambiaso, Enrico, editor, Ugarelli, Rita, editor, Praça, Isabel, editor, Li, Wenjuan, editor, Meng, Weizhi, editor, Furnell, Steven, editor, Katt, Basel, editor, Pirbhulal, Sandeep, editor, Shukla, Ankur, editor, Ianni, Michele, editor, Dalla Preda, Mila, editor, Choo, Kim-Kwang Raymond, editor, Pupo Correia, Miguel, editor, Abhishta, Abhishta, editor, Sileno, Giovanni, editor, Alishahi, Mina, editor, Kalutarage, Harsha, editor, and Yanai, Naoto, editor

Published

2024

39. Deep Learning Based Network Intrusion Detection

Author

Yu, Jun, Hu, Jiwei, Zeng, Yong, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Hong, Wenxing, editor, and Kanaparan, Geetha, editor

Published

2024

40. Research of Network Intrusion Detection Based on Improved Seagull Optimization Algorithm with Deep Learning

Author

Lan, Hai, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Hong, Wenxing, editor, and Kanaparan, Geetha, editor

Published

2024

41. An Improved Hybrid Sampling Model for Network Intrusion Detection Based on Data Imbalance

Author

Gong, Zhongyuan, Jiang, Jinyun, Jiang, Nan, Zhang, Yuejin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Vaidya, Jaideep, editor, Gabbouj, Moncef, editor, and Li, Jin, editor

Published

2024

42. Critical Analysis of 5G Networks’ Traffic Intrusion Using PCA, t-SNE, and UMAP Visualization and Classifying Attacks

Author

Ghani, Humera, Salekzamankhani, Shahram, Virdee, Bal, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Swaroop, Abhishek, editor, Polkowski, Zdzislaw, editor, Correia, Sérgio Duarte, editor, and Virdee, Bal, editor

Published

2024

43. Network Intrusion Detection Based on Hybrid Network Model and Federated Learning

Author

Kou, Yuqing, Cheng, Jieren, Yang, Yue, Wu, Hao, Li, Yajing, Sheng, Victor S., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Qiu, Xuesong, editor, Xiao, Yang, editor, Wu, Zhiqiang, editor, Zhang, Yudong, editor, Tian, Yuan, editor, and Liu, Bo, editor

Published

2024

44. Weakly-supervised IDS with abnormal-preserving transformation learning.

Author

TAN Yu-song, WANG Wei, JIAN Song-lei, and YI Chao-xiong

Abstract

Network intrusion detection systems are crucial for maintaining network security, and there is currently limited research on intrusion detection scenarios with only a few abnormal markers of network data. This paper designs a weakly-supervised learning intrusion detection model, called WIDSAPL, based on the anomaly retention of data. The detection model consists of four parts: data transformation layer, representation learning layer, transformation classification layer, and anomaly discrimination layer. By using a set of learnable encoders to map samples to different regions and compress them into a hypersphere, the label information of abnormal samples is used to learn the classification boundaries of normal and abnormal samples, and the abnormal score of the samples is obtained. Testing the WIDS-APL system on four datasets demonstrates the effectiveness and robustness of the system, with improvements in the AUC-ROC values of 4.80%, 5.96%, 1.58%, and 1.73% respectively compared to other mainstream methods. Furthermore, there are enhancements of 15.03%, 2.95%, 4.71%, and 9.23% in AUC-PR performance. [ABSTRACT FROM AUTHOR]

Published

2024

45. End-to-End Network Intrusion Detection Based on Contrastive Learning.

Author

Li, Longlong, Lu, Yuliang, Yang, Guozheng, and Yan, Xuehu

Subjects

*CONVOLUTIONAL neural networks, *COMPUTER network traffic, *DATA extraction

Abstract

The network intrusion detection system (NIDS) plays a crucial role as a security measure in addressing the increasing number of network threats. The majority of current research relies on feature-ready datasets that heavily depend on feature engineering. Conversely, the increasing complexity of network traffic and the ongoing evolution of attack techniques lead to a diminishing distinction between benign and malicious network behaviors. In this paper, we propose a novel end-to-end intrusion detection framework based on a contrastive learning approach. We design a hierarchical Convolutional Neural Network (CNN) and Gated Recurrent Unit (GRU) model to facilitate the automated extraction of spatiotemporal features from raw traffic data. The integration of contrastive learning amplifies the distinction between benign and malicious network traffic in the representation space. The proposed method exhibits enhanced detection capabilities for unknown attacks in comparison to the approaches trained using the cross-entropy loss function. Experiments are carried out on the public datasets CIC-IDS2017 and CSE-CIC-IDS2018, demonstrating that our method can attain a detection accuracy of 99.9% for known attacks, thus achieving state-of-the-art performance. For unknown attacks, a weighted recall rate of 95% can be achieved. [ABSTRACT FROM AUTHOR]

Published

2024

46. Learn-IDS: Bridging Gaps between Datasets and Learning-Based Network Intrusion Detection.

Author

Wang, Minxiao, Yang, Ning, Guo, Yanhui, and Weng, Ning

Subjects

CYBERTERRORISM, ELECTRONIC data processing, DATA fusion (Statistics), DEEP learning

Abstract

In an era marked by the escalating architectural complexity of the Internet, network intrusion detection stands as a pivotal element in cybersecurity. This paper introduces Learn-IDS, an innovative framework crafted to bridge existing gaps between datasets and the training process within deep learning (DL) models for Network Intrusion Detection Systems (NIDS). To elevate conventional DL-based NIDS methods, which are frequently challenged by the evolving cyber threat landscape and exhibit limited generalizability across various environments, Learn-IDS works as a potent and adaptable platform and effectively tackles the challenges associated with datasets used in deep learning model training. Learn-IDS takes advantage of the raw data to address three challenges of existing published datasets, which are (1) the provided tabular format is not suitable for the diversity of DL models; (2) the fixed traffic instances are not suitable for the dynamic network scenarios; (3) the isolated published datasets cannot meet the cross-dataset requirement of DL-based NIDS studies. The data processing results illustrate that the proposed framework can correctly process and label the raw data with an average of 90% accuracy across three published datasets. To demonstrate how to use Learn-IDS for a DL-based NIDS study, we present two simple case studies. The case study on cross-dataset sampling function reports an average of 30.3% OOD accuracy improvement. The case study on data formatting function shows that introducing temporal information can enhance the detection accuracy by 4.1%.The experimental results illustrate that the proposed framework, through the synergistic fusion of datasets and DL models, not only enhances detection precision but also dynamically adapts to emerging threats within complex scenarios. [ABSTRACT FROM AUTHOR]

Published

2024

47. A novel data-driven integrated detection method for network intrusion classification based on multi-feature imbalanced data.

Author

Wang, Chia-Hung, Ye, Qing, Cai, Jiongbiao, Suo, Yifan, Lin, Shengming, Yuan, Jinchen, and Wu, Xiaojing

Subjects

*INTRUSION detection systems (Computer security), *MACHINE learning, *CLASSIFICATION algorithms, *FEATURE selection, *DEEP learning, *ARTIFICIAL intelligence

Abstract

The multi-feature and imbalanced nature of network data has always been a challenge to be overcome in the field of network intrusion detection. The redundant features in data could reduce the overall quality of network data and the accuracy of detection models, because imbalance could lead to a decrease in the detection rate for minority classes. To improve the detection accuracy for imbalanced intrusion data, we develop a data-driven integrated detection method, which utilizes Recursive Feature Elimination (RFE) for feature selection, and screens out features that are conducive to model recognition for improving the overall quality of data analysis. In this work, we also apply the Adaptive Synthetic Sampling (ADASYN) method to generate the input data close to the original dataset, which aims to eliminate the data imbalance in the studied intrusion detection model. Besides, a novel VGG-ResNet classification algorithm is also proposed via integrating the convolutional block with the output feature map size of 128 from the Visual Geometry Group 16 (VGG16) of the deep learning algorithm and the residual block with output feature map size of 256 from the Residual Network 18 (ResNet18). Based on the numerical results conducted on the well-known NSL-KDD dataset and UNSW-NB15 dataset, it illustrates that our method can achieve the accuracy rates of 86.31% and 82.56% in those two test datasets, respectively. Moreover, it can be found that the present algorithm can achieve a better accuracy and performance in the experiments of comparing our method with several existing algorithms proposed in the recent three years. [ABSTRACT FROM AUTHOR]

Published

2024

48. Modified artificial rabbits optimization combined with bottlenose dolphin optimizer in feature selection of network intrusion detection.

Author

Li, Fukui, Xu, Hui, and Qiu, Feng

Subjects

*BOTTLENOSE dolphin, *ALGORITHMS, *MACHINE learning, *DIGITAL technology, *ARTIFICIAL intelligence

Abstract

For the feature selection of network intrusion detection, the issue of numerous redundant features arises, posing challenges in enhancing detection accuracy and adversely affecting overall performance to some extent. Artificial rabbits optimization (ARO) is capable of reducing redundant features and can be applied for the feature selection of network intrusion detection. The ARO exhibits a slow iteration speed in the exploration phase of the population and is prone to an iterative stagnation condition in the exploitation phase, which hinders its ability to deliver outstanding performance in the aforementioned problems. First, to enhance the global exploration capabilities further, the thinking of ARO incorporates the mud ring feeding strategy from the bottlenose dolphin optimizer (BDO). Simultaneously, for adjusting the exploration and exploitation phases, the ARO employs an adaptive switching mechanism. Second, to avoid the original algorithm getting trapped in the local optimum during the local exploitation phase, the levy flight strategy is adopted. Lastly, the dynamic lens-imaging strategy is introduced to enhance population variety and facilitate escape from the local optimum. Then, this paper proposes a modified ARO, namely LBARO, a hybrid algorithm that combines BDO and ARO, for feature selection in the network intrusion detection model. The LBARO is first empirically evaluated to comprehensively demonstrate the superiority of the proposed algorithm, using 8 benchmark test functions and 4 UCI datasets. Subsequently, the LBARO is integrated into the feature selection process of the network intrusion detection model for classification experimental validation. This integration is validated utilizing the NSL-KDD, UNSW NB-15, and InSDN datasets, respectively. Experimental results indicate that the proposed model based on LBARO successfully reduces redundant characteristics while enhancing the classification capabilities of network intrusion detection. [ABSTRACT FROM AUTHOR]

Published

2024

49. Enhancing Network Intrusion Detection: A Genetic Programming Symbolic Classifier Approach.

Author

Anđelić, Nikola and Baressi Šegota, Sandi

Subjects

*SYMBOLIC computation, *RECEIVER operating characteristic curves, *GENETIC programming, *GENE expression

Abstract

This investigation underscores the paramount imperative of discerning network intrusions as a pivotal measure to fortify digital systems and shield sensitive data from unauthorized access, manipulation, and potential compromise. The principal aim of this study is to leverage a publicly available dataset, employing a Genetic Programming Symbolic Classifier (GPSC) to derive symbolic expressions (SEs) endowed with the capacity for exceedingly precise network intrusion detection. In order to augment the classification precision of the SEs, a pioneering Random Hyperparameter Value Search (RHVS) methodology was conceptualized and implemented to discern the optimal combination of GPSC hyperparameter values. The GPSC underwent training via a robust five-fold cross-validation regimen, mitigating class imbalances within the initial dataset through the application of diverse oversampling techniques, thereby engendering balanced dataset iterations. Subsequent to the acquisition of SEs, the identification of the optimal set ensued, predicated upon metrics inclusive of accuracy, area under the receiver operating characteristics curve, precision, recall, and F1-score. The selected SEs were subsequently subjected to rigorous testing on the original imbalanced dataset. The empirical findings of this research underscore the efficacy of the proposed methodology, with the derived symbolic expressions attaining an impressive classification accuracy of 0.9945. If the accuracy achieved in this research is compared to the average state-of-the-art accuracy, the accuracy obtained in this research represents the improvement of approximately 3.78%. In summation, this investigation contributes salient insights into the efficacious deployment of GPSC and RHVS for the meticulous detection of network intrusions, thereby accentuating the potential for the establishment of resilient cybersecurity defenses. [ABSTRACT FROM AUTHOR]

Published

2024

50. An empirical assessment of ML models for 5G network intrusion detection: A data leakage-free approach

Author

Mohamed Aly Bouke and Azizol Abdullah

Subjects

Machine learning models, Network intrusion detection, Wireless networks, Security, Computational efficiency, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

This paper thoroughly compares thirteen unique Machine Learning (ML) models utilized for Intrusion detection systems (IDS) in a meticulously controlled environment. Unlike previous studies, we introduce a novel approach that meticulously avoids data leakage, enhancing the reliability of our findings. The study draws upon a comprehensively labeled 5G-NIDD dataset covering a broad spectrum of network behaviors, from benign real-user traffic to various attack scenarios. Our data preprocessing and experimental design have been carefully structured to eradicate any data leakage, a standout feature of our methodology that significantly improves the robustness and dependability of our results compared to prior studies. The ML models are evaluated using various performance metrics, including accuracy, precision, recall, F1-score, ROC AUC, and execution time. Our results reveal that the K-Nearest Neighbors model is superior in accuracy and ROC AUC, while the Voting Classifier stands out in precision and F1-score. Decision Tree, Bagging, and Extra Trees models exhibit strong recall scores. In contrast, the AdaBoost model falls short across all assessed metrics. Despite displaying only modest performance on other metrics, the Naive Bayes model excels in computational efficiency, offering the quickest execution time. This paper emphasizes the importance of understanding various ML models' distinct strengths, drawbacks, and trade-offs for network intrusion detection. It highlights that no single model is universally superior, and the choice hinges on the nature of the dataset, specific application requirements, and the computational resources available.

Published

2024