Your search keyword '"Intrusion Detection"' showing total 34 results

1. Robust intrusion detection for network communication on the Internet of Things: a hybrid machine learning approach.

Author

Soltani, Nasim, Rahmani, Amir Masoud, Bohlouli, Mahdi, and Hosseinzadeh, Mehdi

Subjects

*SUPERVISED learning, *FISHER discriminant analysis, *COMPUTER networks, *K-nearest neighbor classification, *MACHINE learning, *INTRUSION detection systems (Computer security)

Abstract

The importance and growth of the Internet of Things (IoT) in computer networks and applications have been increasing. Additionally, many of these applications generate large volumes of data, which are critical and require protection against attacks. Various techniques have been proposed to identify and counteract these threats. In this paper, we offer a hybrid machine learning approach (using the k-nearest neighbors and random forests as supervised classifiers) to enhance the accuracy of intrusion detection systems and minimize the risk of potential attacks. Also, we employ backward elimination and linear discriminant analysis algorithms for feature reduction and to lower computational costs. Following the training phase, when discrepancies arose between the decisions of the classifiers, the ultimate determination was supported by ISO/IEC 27001 regulations. The performance of the proposed model was assessed within a Python programming framework, utilizing the CICIDS 2017, NSL-KDD, and TON-IoT datasets. The outcomes illustrated that the proposed approach attained a noteworthy accuracy of 99.96% in the multi-class classification of CICIDS 2017, 99.37% in the binary classification of the NSL-KDD dataset, and 99.96% in the multi-class classification of TON-IoT dataset. Furthermore, the attack success rate for each dataset stands at 0.05%, 0.24%, and 0% respectively, demonstrating a significant reduction compared to other methods. [ABSTRACT FROM AUTHOR]

Published

2024

2. A deep analysis of nature-inspired and meta-heuristic algorithms for designing intrusion detection systems in cloud/edge and IoT: state-of-the-art techniques, challenges, and future directions.

Author

Hu, Wengui, Cao, Qingsong, Darbandi, Mehdi, and Jafari Navimipour, Nima

Subjects

*MACHINE learning, *METAHEURISTIC algorithms, *COMPUTER performance, *FEATURE selection, *CLOUD computing, *INTRUSION detection systems (Computer security)

Abstract

The number of cloud-, edge-, and Internet of Things (IoT)-based applications that produce sensitive and personal data has rapidly increased in recent years. The IoT is a new model that integrates physical objects and the Internet and has become one of the principal technological evolutions of computing. Cloud computing is a paradigm for centralized computing that gathers resources in one place and makes them available to consumers via the Internet. Despite the vast array of resources that cloud computing offers, real-time mobile applications might not find it acceptable because it is typically located far from users. However, in applications where low latency and high dependability are required, edge computing—which disperses resources to the network edge—is becoming more and more popular. Though it has less processing power than traditional cloud computing, edge computing offers resources in a decentralized way that can react to customers' needs more quickly. There has been a sharp increase in attackers stealing data from these applications since the data is so sensitive. Thus, a powerful Intrusion Detection System (IDS) that can identify intruders is required. IDS are essential for the cybersecurity of the IoT, cloud, and edge architectures. Investigators have mostly embraced the use of deep learning algorithms as a means of protecting the IoT environment. However, these techniques have some issues with computational complexity, long processing times, and poor precision. Feature selection approaches can be utilized to overcome these problems. Optimization methods, including bio-inspired algorithms, are applied as feature selection approaches to enhance the classification accuracy of IDS systems. Based on the cited sources, it appears that no study has looked into these difficulties in depth. This research thoroughly analyzes the current literature on intrusion detection and using nature-inspired algorithms to safeguard IoT and cloud/edge settings. This article examines pertinent analyses and surveys on the aforementioned subjects, dangers, and outlooks. It also examines many frequently used algorithms in the development of IDSs used in IoT security. The findings demonstrate their efficiency in addressing IoT and cloud/edge ecosystem security issues. Moreover, it has been shown that the methods put out in the literature might improve IDS security and dependability in terms of precision and execution speed. [ABSTRACT FROM AUTHOR]

Published

2024

3. A transfer learning-based intrusion detection system for zero-day attack in communication-based train control system.

Author

Lu, He, Zhao, Yanan, Song, Yajing, Yang, Yang, He, Guanjie, Yu, Haiyang, and Ren, Yilong

Subjects

*CONVOLUTIONAL neural networks, *WIRELESS communications security, *WIRELESS communications, *TIME-varying networks, *MACHINE performance, *CYBER physical systems

Abstract

Communication-based train control (CBTC) system is a typical cyber-physical system with open wireless communication that is vulnerable to attacks. To protect the security of wireless communication in the CBTC system, machine learning-based intrusion detection system (IDS) has been extensively researched. However, the performance of a machine learning-based IDS highly depends on feature design, and the spatial and temporal correlation of network data attributes makes it difficult to design features manually. Meanwhile, this type of IDS can only detect known attacks that are contained in the training dataset and fail to detect new attacks (i.e., zero-day attacks). To cope with the above issue, we propose a novel IDS based on transfer learning for the CBTC system. The proposed IDS leverages an optimized one-dimensional convolutional neural network block and long short-term memory to automatically extract spatial and temporal features from the original data. Furthermore, a knowledge transfer method is utilized to transfer the features to enable zero-day attack detection. We evaluate the proposed IDS on a dataset representing the CBTC system network data. The results show that the proposed IDS can achieve 99.32% accuracy for known attacks and 93.21% average F1-Score for zero-day attacks. [ABSTRACT FROM AUTHOR]

Published

2024

4. An industrial network intrusion detection algorithm based on IGWO-GRU.

Author

Yang, Wei, Shan, Yao, Wang, Jiaxuan, and Yao, Yu

Subjects

*GREY Wolf Optimizer algorithm, *COMPUTER network traffic, *NATURAL gas pipelines, *INDUSTRIAL controls manufacturing, *TRAFFIC engineering, *INTRUSION detection systems (Computer security)

Abstract

The openness and interconnectedness of industrial control systems (ICSs) is increasing, leading to a heightened risk of network-based attacks. Although research on industrial intrusion detection is ongoing, current methods often overlook the unique characteristics of industrial control flows. This study introduced an industrial network intrusion detection algorithm based on the improved gray wolf optimizer (IGWO) gated recurrent unit (GRU) model. Starting with the temporal aspects of industrial control network traffic, a simple GRU was chosen as the network model. By integrating the gray wolf optimizer (GWO) with autonomous learning methods, the algorithm could address the slow convergence caused by large volumes of industrial control network traffic. In response to the slow convergence of the GWO and its low optimization accuracy, this study developed the improved gray wolf optimizer (IGWO). By simulating an intrusion detection system (IDS) using datasets from the Natural Gas Pipeline Control System and Secure Water Treatment (SWaT) datasets, the experimental results demonstrated that the IGWO-GRU algorithm exhibited considerable advantages in terms of accuracy, false alarm rate, and false report rate, thereby enhancing the security capabilities of ICSs. [ABSTRACT FROM AUTHOR]

Published

2024

5. Malicious detection model with artificial neural network in IoT-based smart farming security.

Author

Mohy-eddine, Mouaad, Guezzaz, Azidine, Benkirane, Said, and Azrour, Mourade

Subjects

*ARTIFICIAL neural networks, *RADIAL basis functions, *CYBERTERRORISM, *FEATURE selection, *SUPPORT vector machines

Abstract

The Internet of Things (IoT) tunes modern technologies, including wireless sensors and cloud computing, to create a homogeneous and highly effective environment. Therefore, IoT has emerged in various fields of life, such as healthcare, industry, and agriculture. Agriculture is among the primary components of developing nations' financial states and is vital in maintaining human life. However, the human capacity to reproduce far exceeds the capability of our planet to secure the food required for our lives. Hence, the emergence of IoT in this industry has seen essential advancements to help boost agriculture production and quality. In addition, this emergence exposes the smart agriculture environment to considerable cyber threats. This paper presents a network intrusion detection system (NIDS) to mitigate smart agriculture security vulnerabilities. We developed our framework using radial basis functions neural networks (RBFNN) to detect and classify intrusions in the IoT network. To get our model to perform in its best form, we applied crowd wisdom tree-based machine learning (ML) techniques to select relevant features from the datasets, such as random Forrest (RF), AdaBoost (ADA), extra trees (ET), LightGBM (LGBM), and XGBoost (XGB). We implemented a single-class support vector machine (1-CSVM) to detect and remove outliers. We evaluated our model using NF-Bot-IoT and NF-ToN-IoT datasets. It scored 99.25% accuracy (ACC) and 82.97% Matthews correlation coefficient (MCC) and 90.05% MCC and 96.92% ACC on preprocessed NF-Bot-IoT and NF-ToN-IoT, respectively. Our model showed outstanding performance in overcoming the NF-Bot-IoT dataset imbalance. [ABSTRACT FROM AUTHOR]

Published

2024

6. DDoS attack detection techniques in IoT networks: a survey.

Author

Pakmehr, Amir, Aßmuth, Andreas, Taheri, Negar, and Ghaffari, Ali

Subjects

*DENIAL of service attacks, *TECHNOLOGICAL innovations, *INTERNET of things, *MACHINE learning, *INFORMATION sharing

Abstract

The Internet of Things (IoT) is a rapidly emerging technology that has become more valuable and vital in our daily lives. This technology enables connection and communication between objects and devices and allows these objects to exchange information and perform intelligent operations with each other. However, due to the scale of the network, the heterogeneity of the network, the insecurity of many of these devices, and privacy protection, it faces several challenges. In the last decade, distributed DDoS attacks in IoT networks have become one of the growing challenges that require serious attention and investigation. DDoS attacks take advantage of the limited resources available on IoT devices, which disrupts the functionality of IoT-connected applications and services. This article comprehensively examines the effects of DDoS attacks in the context of the IoT, which cause significant harm to existing systems. Also, this paper investigates several solutions to identify and deal with this type of attack. Finally, this study suggests a broad line of research in the field of IoT security, dedicated to examining how to adapt to current challenges and predicting future trends. [ABSTRACT FROM AUTHOR]

Published

2024

7. IDS-XGbFS: a smart intrusion detection system using XGboostwith recent feature selection for VANET safety.

Author

Amaouche, Sara, AzidineGuezzaz, Benkirane, Said, and MouradeAzrour

Subjects

*FEATURE selection, *INTRUSION detection systems (Computer security), *INTELLIGENT transportation systems, *CONVOLUTIONAL neural networks, *TECHNOLOGICAL innovations, *VEHICULAR ad hoc networks

Abstract

The Vehicular Ad Hoc Network (VANET) is a novel and innovative technology which is part of the Intelligent Transportation Systems (ITS). VANET is a network composed of a collection of vehicles and other roadside components that are interconnected wirelessly. The intention underlying the development of this technology is the improvement of the vehicle environment and the enhancement of vehicle and driver safety. Nevertheless, since VANETs operate wirelessly and under complicated conditions, they are susceptible to a variety of attacks by malicious actors. Traditional techniques such as encryption are no longer effective, so new techniques using intrusion detection systems IDS have attracted the attention of a large number of researchers. The IDS scans the entire network and identifies all the possible harmful nodes present in the network. The present paper covers the problem of the identification of attacks in VANET by using XGBoost. The effectiveness analysis of the proposed models has been realized on the NSL-KDD and 5RoutingMetrics datasets combined with various feature selection techniques Boruta and Adaptive Synthetic Sampling Approach (ADASYN). Furthermore, the acquired results are being compared to two of the last most used ensemble methods CatBoost and convolutional neural networks CNN.In comparison with the other IDSs, our model approach achieves high performance in accuracy, recall and precision. [ABSTRACT FROM AUTHOR]

Published

2024

8. A novel hybrid framework for Cloud Intrusion Detection System using system call sequence analysis.

Author

Chaudhari, Ashish, Gohil, Bhavesh, and Rao, Udai Pratap

Subjects

*INTRUSION detection systems (Computer security), *SHORT-term memory, *LONG-term memory, *SEQUENCE analysis, *ONLINE social networks, *ON-demand computing

Abstract

Cloud Computing offers on-demand infrastructure, platform and software services over the Internet on a pay-as-you-use model. Many e-commerce businesses and social networking sites are moving towards the cloud. Security breaches have also started to grow along with their popularity. The malicious processes can target virtualization-based cloud infrastructure and harm virtual resources, thereby becoming a threat to the cloud. Several Intrusion Detection Systems (IDSs) have been developed to detect attacks based on predefined behavior patterns. However, malicious processes can hide their behavior in the presence of security mechanisms on a Virtual Machine (VM). With the increasing frequency of such attacks, IDSs must be improved using Machine Learning (ML) and Deep Learning (DL) techniques. This study proposes a novel intrusion detection framework that can detect known and unknown attacks by system call sequence analysis. The framework analyzes the system call sequences of VMs with a hybrid model of Long Short Term Memory (LSTM) and system call frequency-based anomaly detection techniques. The proposed framework is evaluated using the Australian Defence Force Academy-Linux Dataset (ADFA-LD) dataset. Compared to the existing frameworks, the highest accuracy of 97.2% and a false positive rate of 2.4% are achieved for our proposed framework. [ABSTRACT FROM AUTHOR]

Published

2024

9. Machine learning-based intrusion detection: feature selection versus feature extraction.

Author

Ngo, Vu-Duc, Vuong, Tuan-Cuong, Van Luong, Thien, and Tran, Hung

Subjects

*INTRUSION detection systems (Computer security), *FEATURE selection, *MACHINE learning, *FEATURE extraction, *DATA security failures, *SMART cities

Abstract

Internet of Things (IoTs) has been playing an important role in many sectors, such as smart cities, smart agriculture, smart healthcare, and smart manufacturing. However, IoT devices are highly vulnerable to cyber-attacks, which may result in security breaches and data leakages. To effectively prevent these attacks, a variety of machine learning-based network intrusion detection methods for IoT networks have been developed, which often rely on either feature extraction or feature selection techniques for reducing the dimension of input data before being fed into machine learning models. This aims to make the detection complexity low enough for real-time operations, which is particularly vital in any intrusion detection systems. This paper provides a comprehensive comparison between these two feature reduction methods of intrusion detection in terms of various performance metrics, namely, precision rate, recall rate, detection accuracy, as well as runtime complexity, in the presence of the modern UNSW-NB15 dataset as well as both binary and multiclass classification. For example, in general, the feature selection method not only provides better detection performance but also lower training and inference time compared to its feature extraction counterpart, especially when the number of reduced features K increases. However, the feature extraction method is much more reliable than its selection counterpart, particularly when K is very small, such as K = 4 . Additionally, feature extraction is less sensitive to changing the number of reduced features K than feature selection, and this holds true for both binary and multiclass classifications. Based on this comparison, we provide a useful guideline for selecting a suitable intrusion detection type for each specific scenario, as detailed in Table 14 at the end of Sect. 4. Note that such the comparison between feature selection and feature extraction over UNSW-NB15 as well as theoretical guideline have been overlooked in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

10. Hardening of the Internet of Things by using an intrusion detection system based on deep learning.

Author

Varastan, Bahman, Jamali, Shahram, and Fotohi, Reza

Subjects

*INTRUSION detection systems (Computer security), *DEEP learning, *INTERNET of things, *MACHINE learning, *SUPPORT vector machines, *PRINCIPAL components analysis, *COMPUTER networking equipment

Abstract

The Internet of Things (IoTs) is a complex and large network of all kinds of equipment and things that covers various areas such as military networks, industrial networks, smart urban infrastructures, education, and many other areas, high volume of traffic, and the growing number of connected equipment. to these networks has made intrusion detection in these networks a challenging issue; Therefore, protecting these networks from various attacks is of particular importance and can be established through planning and establishing effective security controls. One of these important and effective methods of security control is the use of an intrusion detection system (IDS). Due to the ability of machine learning and deep learning methods to learn from existing real examples, they are used to prevent, predict, and intelligently and quickly track complex and unknown future examples. The most important ability and feature of these methods are to detect and predict new attacks, which in many cases are mutated or inspired by previous attacks. Therefore, IoTs control and security systems use and develop new methods in creating safe and intelligent communication between their devices and equipment, which are activated using advanced deep learning and machine methods. Also, the success and advancements of deep learning methods in various fields and fields with extensive data have made activists in the field of the internet interested in these methods. In this paper, to solve the mentioned problems and challenges, we also present a new and effective method of detection based on long short-term memory (LSTM)–recurrent neural network (RNN) and kernel principal component analysis (PCA). To achieve data preprocessing, high accuracy detection rate, feature extraction, and attack detection is embedded in an end-to-end or global detection method. We have used the NSL-KDD dataset to evaluate the results and check the presented idea. The results of our experiments and simulations show that the proposed IDS-LSTM attack detection strategy and idea has better performance than several detection and prediction strategies that use neural networks, support vector machines (SVM). [ABSTRACT FROM AUTHOR]

Published

2024

11. Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques.

Author

Abid, Ahlem, Jemili, Farah, and Korbaa, Ouajdi

Subjects

*INDUSTRIAL controls manufacturing, *MULTISENSOR data fusion, *DATA fusion (Statistics), *CLOUD computing, *BIG data, *PROCESS capability, *INTRUSION detection systems (Computer security)

Abstract

Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks. [ABSTRACT FROM AUTHOR]

Published

2024

12. Intrusion detection in internet of things-based smart farming using hybrid deep learning framework.

Author

Kethineni, Keerthi and Pradeepini, G.

Subjects

*METAHEURISTIC algorithms, *AGRICULTURE, *INTRUSION detection systems (Computer security), *DENIAL of service attacks, *DEEP learning, *WILD horses, *SENSOR placement

Abstract

Smart agriculture is a popular domain due to its intensified growth in recent times. This domain aggregates the advantages of several computing technologies, where the IoT is the most popular and beneficial. In this work, a novel and effective deep learning-based framework is developed to detect intrusions in smart farming systems. The architecture is three-tier, with the first tier being the sensor layer, which involves the placement of sensors in agricultural areas. The second tier is the Fog Computing Layer (FCL), which consists of Fog nodes, and the proposed IDS is implemented in each Fog node. The gathered information is transferred to this fog layer for further data analysis. The third tier is the cloud computing layer, which provides data storage and end-to-end services. The proposed model includes a fused CNN model with the bidirectional gated recurrent unit (Bi-GRU) model to detect and classify intruders. An attention mechanism is included within the BiGRU model to find the key features responsible for identifying the DDoS attack. In addition, the accuracy of the classification model is improved by using a nature-inspired meta-heuristic optimization algorithm called the Wild Horse Optimization (WHO) algorithm. The last layer is the cloud layer, which collects data from fog nodes and offers storage services. The proposed system will be implemented in the Python platform, using ToN-IoT and APA-DDoS attack datasets for assessment. The proposed system outperforms the existing methods in accuracy (99.35%), detection rate (98.99%), precision (99.9%) and F-Score (99.08%) for the APA DDoS attack dataset and the achieved accuracy of the ToN-IoT dataset (99.71%), detection rate (99.02%), precision (99.89%) and F-score (99.05%). [ABSTRACT FROM AUTHOR]

Published

2024

13. lIDS-SIoEL: intrusion detection framework for IoT-based smart environments security using ensemble learning.

Author

Hazman, Chaimae, Guezzaz, Azidine, Benkirane, Said, and Azrour, Mourade

Subjects

*INTRUSION detection systems (Computer security), *SMART cities, *INFORMATION & communication technologies, *FEATURE selection, *DEEP learning, *INTERNET of things

Abstract

Smart cities are being enabled all around the world by Internet of Things (IoT) applications. A smart city idea necessitates the integration of information and communication technologies and devices throughout a network in order to provide improved services to consumers. Because of their increasing amount and mobility, they are increasingly appealing to attackers. Therefore, several solutions, including as encryptions, authentication, availability, and data integrity, have been combined to protect IoT. Intrusion detection systems (IDSs) are a powerful security tool that may be improved by incorporating machine learning (ML) and deep learning (DP) techniques. This paper presents a novel intrusion detection framework for IoT-based smart environments with Ensemble Learning called IDS-SIoEL. Typically, the framework proposed an optimal anomaly detection model that uses AdaBoost, and combining different feature selection techniques Boruta, mutual information and correlation furthermore. The proposed model was evaluated on IoT-23, BoT-IoT, and Edge-IIoT datasets using the GPU. When compared to existing IDS, our approach provides good rating performance features of ACC, recall, and precision, with around 99.9% on record detection and calculation time of 33.68 s for learning and 0.02156 s for detection. [ABSTRACT FROM AUTHOR]

Published

2023

14. Internet of Things intrusion detection systems: a comprehensive review and future directions.

Author

Heidari, Arash and Jabraeil Jamali, Mohammad Ali

Subjects

*COMPUTER network traffic, *INTERNET of things, *COMPUTER network security, *DATA security, *INTRUSION detection systems (Computer security), *SECURITY systems

Abstract

The Internet of Things (IoT) is a paradigm that connects objects to the Internet as a whole and enables them to work together to achieve common objectives, such as innovative home automation. Potential attackers see the scattered and open IoT service structure as an appealing target for cyber-attacks. So, security cannot be dealt with independently. Security must be designed and built-in to every layer of the IoT system. IoT security concerns not only network and data security but also human health and life attacks. Therefore, the development of the loT system to provide security through resistance to attacks is a de facto requirement to make the loT safe and operational. Protecting these things is very important for system security. Plus, it is important to integrate the Intrusion Detection System (IDS) with IoT systems. IDS intends to track and analyze network traffic from different resources and detect malicious activities. It is a significant part of cybersecurity technology. In short, IDS is a process used to detect malicious activities against victims by several methods. Besides, the method of Systematic Literature Review (SLR) is used to classify, review, and incorporate results from all similar research that answers one or more IDS research topics and perform a detailed empirical research analysis on IDS techniques. Furthermore, depending on the detection technique, we classify IDS approaches in IoT as signature-based, anomaly-based, specification-based, and hybrid. Also, for the IDS approaches, the authors give a parametric comparison. The benefits and drawbacks of the chosen mechanisms are then addressed. Eventually, there is an analysis of open problems as well as potential trend directions. [ABSTRACT FROM AUTHOR]

Published

2023

15. Intelligent intrusion detection based on fuzzy Big Data classification.

Author

Jemili, Farah

Subjects

*INTRUSION detection systems (Computer security), *FALSE alarms, *COMPUTER network security, *BIG data, *CYBERTERRORISM, *COMPUTER networks, *CLASSIFICATION

Abstract

To cope with the rapid evolution of various attacks and the computer networks' increase, an intelligent intrusion detection system is considered as a promising emerging technique for the security of computer networks. Individual classification approaches have not provided complete protection. Indeed, it has been shown that none of them is efficient enough to provide good detection rates and reduce the false alarms rates. In previous works, a comparative study was conducted between the neuro-fuzzy and the genetic-fuzzy approaches. In this study, a hybrid approach is proposed based on the stacking scheme. This approach offers a solution to combine the two basic classifiers in order to take advantage of each one of them. The experimental results have shown the effectiveness of the proposed approach in terms of maximizing the detection rates and reducing the false alarm rates. [ABSTRACT FROM AUTHOR]

Published

2023

16. Towards the design of real-time autonomous IoT NIDS.

Author

Alhowaide, Alaa, Alsmadi, Izzat, and Tang, Jian

Subjects

*INTERNET of things, *FEATURE selection, *BOTNETS, *INTRUSION detection systems (Computer security), *SCALABILITY

Abstract

Classic security methods become less effective against the Internet of Things (IoT) cyber-attacks, such as cryptography. An urgent need for real-time and lightweight detection of cyber-attacks is needed to secure IoT networks. This demand is achieved by a reliable and efficient intrusion detection system (IDS) that can meet IoT environments' high scalability and dynamicity. Herein, we analyzed the traffic and features of commonly used and recently published datasets for IoT networks. Furthermore, we proposed an ensemble feature selection method. Also, we studied the effects of traffic heterogeneity levels and time-window size on several classification methods to justify the detection model selection. Regarding the BotNet-IoT dataset, we noticed that few features play a critical role in IDS performance, and larger time-windows were slightly better than the shorter time-windows. Furthermore, we found that PCA classifier performance was significantly affected by traffic heterogeneity. On the other hand, the Boosted Tree showed the best and the most stable performance among all the considered classification methods. [ABSTRACT FROM AUTHOR]

Published

2023

17. Deep learning enabled class imbalance with sand piper optimization based intrusion detection for secure cyber physical systems.

Author

Hilal, Anwer Mustafa, Al-Otaibi, Shaha, Mahgoub, Hany, Al-Wesabi, Fahd N., Aldehim, Ghadah, Motwakel, Abdelwahed, Rizwanullah, Mohammed, and Yaseen, Ishfaq

Subjects

*CYBER physical systems, *INTRUSION detection systems (Computer security), *DEEP learning, *GENERATIVE adversarial networks, *MACHINE learning, *INFRASTRUCTURE (Economics), *SMART devices

Abstract

A cyber physical system (CPS) is a network of cyber (computation, communication) and physical (sensors, actuators) components which interact with one another in a feedback form with human intervention. CPS authorizes the critical infrastructure and is treated as essential in day to day life as they exist in the basis of future smart devices. The increased exploitation of the CPS results in various threats and becomes a global problem. Therefore, it becomes essential to develop a safe, efficient, and robust CPS for real tine environment. For resolving this problem and accomplish security in CPS environment, intrusion detection system (IDS) can be developed. This study introduces an imbalanced generative adversarial network (IGAN) with optimal kernel extreme learning machine (OKELM), called IGAN-OKELM technique for intrusion detection in CPS environment. The proposed IGAN-OKELM technique mainly aims to address the class imbalance problem and intrusion detection. Besides, the IGAN-OKELM technique involves the IGAN model handling the class imbalance problem by the use of imbalanced data filter and convolution layers to the conventional generative adversarial network (GAN), which generates new instances for minority class labels. Moreover, the OKELM model is applied as a classifier and the optimal parameter tuning of the KELM model is performed by the use of sand piper optimization (SPO) algorithm and thereby improvises the intrusion detection performance. A wide ranging simulation analysis is carried out using benchmark dataset and the results are examined under varying aspects. The experimental results reported the better performance of the IGAN-OKELM technique over the recent state of art approaches interms of different measures. [ABSTRACT FROM AUTHOR]

Published

2023

18. Group intrusion detection in the Internet of Things using a hybrid recurrent neural network.

Author

Belhadi, Asma, Djenouri, Youcef, Djenouri, Djamel, Srivastava, Gautam, and Lin, Jerry Chun-Wei

Subjects

*INTERNET of things, *RECURRENT neural networks, *COMPUTER networks, *DEEP learning, *NETWORK PC (Computer)

Abstract

This paper introduces a novel framework for identifying a group of intrusions in the context of the Internet of Things (IoT). It combines both deep learning and decomposition. A set of data is first collected and a recurrent neural network is used to estimate the different individual intrusions. These individual intrusions are then used to identify a group of outliers based on a decomposition strategy. As case studies, the proposed solutions have been experimentally evaluated using two computer network intrusion datasets, namely (1) IDS 2018, and (2) LUFlow. The results show the benefits of the proposed framework and clear superiority in comparison to the state-of-the-art approaches. [ABSTRACT FROM AUTHOR]

Published

2023

19. A hybrid heuristics artificial intelligence feature selection for intrusion detection classifiers in cloud of things.

Author

Sangaiah, Arun Kumar, Javadpour, Amir, Ja'fari, Forough, Pinto, Pedro, Zhang, Weizhe, and Balasubramanian, Sudha

Subjects

*FEATURE selection, *ARTIFICIAL intelligence, *INTRUSION detection systems (Computer security), *HEURISTIC, *CLOUD computing

Abstract

Cloud computing environments provide users with Internet-based services and one of their main challenges is security issues. Hence, using Intrusion Detection Systems (IDSs) as a defensive strategy in such environments is essential. Multiple parameters are used to evaluate the IDSs, the most important aspect of which is the feature selection method used for classifying the malicious and legitimate activities. We have organized this research to determine an effective feature selection method to increase the accuracy of the classifiers in detecting intrusion. A Hybrid Ant-Bee Colony Optimization (HABCO) method is proposed to convert the feature selection problem into an optimization problem. We examined the accuracy of HABCO with BHSVM, IDSML, DLIDS, HCRNNIDS, SVMTHIDS, ANNIDS, and GAPSAIDS. It is shown that HABCO has a higher accuracy compared with the mentioned methods. [ABSTRACT FROM AUTHOR]

Published

2023

20. A flow-based intrusion detection framework for internet of things networks.

Author

Santos, Leonel, Gonçalves, Ramiro, Rabadão, Carlos, and Martins, José

Subjects

*INTRUSION detection systems (Computer security), *INTERNET of things, *TECHNICAL specifications, *ENVIRONMENTAL monitoring, *COMPUTER network security

Abstract

The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve ≈ 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS. [ABSTRACT FROM AUTHOR]

Published

2023

21. Improved security in cloud using sandpiper and extended equilibrium deep transfer learning based intrusion detection.

Author

Sreelatha, Gavini, Babu, A. Vinaya, and Midhunchakkaravarthy, Divya

Subjects

*INTRUSION detection systems (Computer security), *DEEP learning, *ON-demand computing, *SANDPIPERS, *FEATURE selection, *COMMUNICATION infrastructure

Abstract

Cloud computing (CC) offers various types of services for the users and it is also termed on-demand computing. Because of its increasing popularity, it is vulnerable to a variety of intruders who could compromise the integrity and privacy of data stored in the cloud. Due to its distributed nature, security is the most challenging one in the cloud solution. Privacy and security are the major problems in its victory of the on-demand service, but it is simply vulnerable to intruders for any kind of attack. To solve this problem, IDSs (intrusion detection systems) play a major task in identifying the threats on cloud infrastructure. This paper develops an efficient cloud IDS using the sandpiper-based feature selection and extended equilibrium deep transfer learning (EEDTL) classification to improve the overall security of a cloud-based computing environment. The number of features is reduced from the given intrusion dataset based on the sandpiper optimization algorithm (SOA) while maintaining the minimal loss of information. Finally, the EEDTL model is used for the classification of different attacks based on their selected optimal features. For fine-tuning the attributes in convolution layers, transfer learning uses a pre-trained network called AlexNet. Also, the extended equilibrium optimizer (EEO) is used to update the network weights. The proposed cloud IDS effectively classify whether the network traffic behavior is normal or attack. The proposed system is executed in python using the UNSW-NB15 dataset, and NSL-KDD dataset. The various evaluation metrics are used to show the efficiency of the proposed method and compared to the existing works. The simulation results show that the proposed method can able to detect intrusions with a high detection rate and a low false alarm rate (FAR) than other approaches. [ABSTRACT FROM AUTHOR]

Published

2022

22. Security framework for smart cyber infrastructure.

Author

Satam, Shalaka, Satam, Pratik, Pacheco, Jesus, and Hariri, Salim

Subjects

*INTRUSION detection systems (Computer security), *DENIAL of service attacks, *DISCRETE wavelet transforms, *CYBERTERRORISM, *BOOTSTRAP aggregation (Algorithms), *SMART power grids, *SUPPORT vector machines, *WIRELESS sensor networks

Abstract

The rapid deployment of the Internet of Things (IoT) devices have led to the development of innovative information services, unavailable a few years ago. To provide these services, IoT devices connect and communicate using networks like Bluetooth, Wi-Fi, and Ethernet. This full-stack connection of the IoT devices has introduced a grand security challenge. This paper presents an IoT security framework to protect smart infrastructures from cyber attacks. This IoT security framework is applied to Bluetooth protocol and IoT sensors networks. For the Bluetooth protocol, the intrusion detection system (IDS) uses n-grams to extract temporal and spatial features of Bluetooth communication. The Bluetooth IDS has a precision of 99.6% and a recall of 99.6% using classification technique like Ripper algorithm and Decision Tree (C4.5). We also used AdaBoost, support vector machine (SVM), Naive Bayes, and Bagging algorithm for intrusion detection. The Sensor IDS uses discrete wavelet transform (DWT) to extract spatial and temporal features characteristics of the observed signal. Using the detailed coefficients of Biorthogonal DWT, Daubechies DWT, Coiflets DWT, Discrete Meyer DWT, Reverse Biorthogonal DWT, Symlets DWT, we present the results for detecting attacks with One-Class SVM, Local Outlier Factor, and Elliptic Envelope. The attacks used in our evaluation include Denial of Service Attacks, Impersonation Attacks, Random Signal Attacks, and Replay Attacks on temperature sensors. The One-Class SVM performed the best when compared with the results of other machine learning techniques. [ABSTRACT FROM AUTHOR]

Published

2022

23. A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems.

Author

Wang, Wu, Harrou, Fouzi, Bouyeddou, Benamar, Senouci, Sidi-Mohammed, and Sun, Ying

Subjects

*DEEP learning, *NATURAL gas pipelines, *SUPERVISORY control & data acquisition systems, *SUPERVISORY control systems, *ANTIVIRUS software, *NAIVE Bayes classification, *RANDOM forest algorithms

Abstract

Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models. [ABSTRACT FROM AUTHOR]

Published

2022

24. Building an efficient intrusion detection system using grasshopper optimization algorithm for anomaly detection.

Author

Dwivedi, Shubhra, Vardhan, Manu, and Tripathi, Sarsij

Subjects

*INTRUSION detection systems (Computer security), *ANOMALY detection (Computer security), *MATHEMATICAL optimization, *GRASSHOPPERS, *FALSE alarms, *SUPPORT vector machines, *FEATURE selection, *TUBES

Abstract

Intrusion detection is one of the most crucial activities for security infrastructures in network environments, and it is widely used to detect, identify and track malicious threats. A common approach in intrusion detection systems (IDSs) specifically in anomaly detection is evolutionary algorithm that works as intrusion detector. Still, it has been challenging to design a precise and reliable IDS to determine security threats due to the large capacity of network data which contains redundant and irrelevant features. It does not only decrease the process of classification but also prevents a classifier from making precise decisions. To increase the accuracy and reduce the false alarm rate, in this study integration of ensemble feature selection (EFS) and grasshopper optimization algorithm (GOA), called EFSGOA is developed. Firstly, EFS method is applied to rank the features for selecting the top subset of relevant features. Afterward, GOA is utilized to identify significant features from the obtained reduced features set produced by EFS technique that can contribute to determine the type of attack. Furthermore, GOA utilizes support vector machine (SVM) as a fitness function to obtain the noteworthy features and to optimize penalty factor, kernel parameter, and tube size parameters of SVM for maximizing the classification performance. The experimental results demonstrate that EFSGOA method has performed better and obtained high detection rate of 99.69%, accuracy of 99.98% and low false alarm rate of 0.07 in NSL-KDD and high detection rate of 99.26%, accuracy of 99.89% and low false alarm rate of 0.097 in KDD Cup 99 data. Moreover, the proposed method has succeeded in achieving higher performance compared to other state-of-art techniques in terms of accuracy, detection rate, false alarm rate, and CPU time. [ABSTRACT FROM AUTHOR]

Published

2021

25. Intrusion detection and performance simulation based on improved sequential pattern mining algorithm.

Author

Wang, Yazi, Liang, Yingbo, Sun, Huaibo, and Ma, Yuankun

Subjects

*SEQUENTIAL pattern mining, *ALGORITHMS, *INTRUSION detection systems (Computer security), *PATTERN matching, *DATABASES, *INTERNET security, *DATA mining, *DATA packeting

Abstract

Traditional network intrusion detection algorithm is based on pattern matching, which has made great progress in network intrusion detection system, but the efficiency of this algorithm for data packet matching is quite low. With the rapid increase of Internet scale and capacity, the general information security problem appears, and it brought hidden danger for an open network security. In this paper, the author analyse the intrusion detection and performance simulation based on improved sequential pattern mining algorithm. We integrate the data mining algorithms to implement the IDS, and the simulation result reflects the effectiveness of the methodology. The simulation shows that when minimum support is very small, PrefixSpan running time running a lot less time than other algorithm, and the difference between the two is obvious. Due to the mining algorithm of the relative independence of intrusion detection system, algorithm does not depend on the specific data and specific system, so the intrusion detection system based on data mining to data source requirement is very low. [ABSTRACT FROM AUTHOR]

Published

2020

26. KPN-based parallelization of Wu–Manber algorithm on multi-core machines.

Author

Aldwairi, Monther, Hamzah, Abdulmughni Y., and Jarrah, Moath

Subjects

*ALGORITHMS, *PATTERN matching, *PARALLEL programming, *MULTICORE processors

Abstract

Pattern matching is the most time consuming task in many cybersecurity, bioinformatics and computational biological applications. Speeding up the pattern matching task is an essential step for the success of the aforementioned applications. Wu–Manber algorithm is one of the fastest and most widely used algorithms for multi-pattern matching. Many researchers focused on improving the performance of Wu–Manber algorithm and this work presents a novel attempt parallelize Wu–Manber and make it suitable for multi-core machines. This paper uses Kahn processing network (KPN) model to effectively parallelize data and functional tasks. KPN suggests a parallel programming model that can be utilized in today's multi-core machines. Hence, we use the KPN model to tailor the execution of Wu–Manber algorithm by breaking down the complexity of data sharing and task processing. The data parallelization is implemented using concurrent executions of multiple KPNs. In addition, task parallelization is achieved within each executing KPN. A single KPN consists of two threads, a producer thread and a consumer thread. The proposed KPN-based parallelization achieves up to 4× speedup over the serial implementation of the algorithm. Finally, the algorithm performance scales well with increasing workloads and the speedup up remains almost constant with increasing number of attack signatures. [ABSTRACT FROM AUTHOR]

Published

2020

27. An enhanced intrusion detection system for mobile ad-hoc network based on traffic analysis.

Author

Bala, K., Jothi, S., and Chandrasekar, A.

Subjects

*INFORMATION theory, *INFORMATION networks, *NETWORK performance, *AD hoc computer networks, *INFORMATION storage & retrieval systems, *TIME management

Abstract

The problem of intrusion detection in MANET's has been approached in different dimension in this paper. This paper proposes a novel system network information based moderation model to identify and alleviate routing attacks. The proposed system uses time variant snapshots to detect routing attacks. Each node learns network details using the network information theory (NIT) to get the knowledge about the nodes of network, the neighbor locations, energy details, displacement speed from the route discovery packets and reply packets. From the learned details each node constructs the network topology at each time window to perform intrusion detection. At each packet reception, the node performs intrusion detection using NIT and TVS learned. The proposed technique has delivered effective outcome in mitigation of intrusion detection in mobile ad-hoc networks and improves the performance to a higher level. [ABSTRACT FROM AUTHOR]

Published

2019

28. Mobile network intrusion detection for IoT system based on transfer learning algorithm.

Author

Deng, Lianbing, Li, Daming, Yao, Xiang, Cox, David, and Wang, Haoxiang

Subjects

*MACHINE learning, *COMPUTER network security, *INTERNET security, *INTERNET of things

Abstract

The open deployment environment and limited resources of the Internet of things (IoT) make it vulnerable to malicious attacks, while the traditional intrusion detection system is difficult to meet the heterogeneous and distributed features of the Internet of things. The security and privacy protection of IoT is directly related to the practical application of IoT. In this paper, We analyze the characteristics of networking security and security problems, and discuss the system framework of Internet security and some key security technologies, including key management, authentication and access control, routing security, privacy protection, intrusion detection and fault tolerance and intrusion etc. This paper introduces the current problems of IoT in network security, and points out the necessity of intrusion detection. Several kinds of intrusion detection technologies are discussed, and its application on IoT architecture is analyzed. We compare the application of different intrusion detection technologies, and make a prospect of the next phase of research. Using data mining and machine learning methods to study network intrusion technology has become a hot issue. A single class feature or a detection model is very difficult to improve the detection rate of network intrusion detection. The performance of the proposed model is validated through the public databases. [ABSTRACT FROM AUTHOR]

Published

2019

29. Information security model of block chain based on intrusion sensing in the IoT environment.

Author

Li, Daming, Cai, Zhiming, Deng, Lianbing, Yao, Xiang, and Wang, Harry Haoxiang

Subjects

*INTRUSION detection systems (Computer security), *INFORMATION technology security, *INFORMATION modeling, *DATA encryption, *DATA integrity, *INFORMATION superhighway, *EMAIL security

Abstract

Block chain is a decentralized core architecture, which is widely used in emerging digital encryption currencies. It has attracted much attention and has been researched with the gradual acceptance of bitcoin. Block chaining technology has the characteristics of centralization, block data, no tampering and trust, so it is sought after by enterprises, especially financial institutions. This paper expounds the core technology principle of block chain technology, discusses the application of block chain technology, the existing regulatory problems and security problems, so as to provide some help for the related research of block chain technology. Intrusion detection is an important way to protect the security of information systems. It has become the focus of security research in recent years. This paper introduces the history and current situation of intrusion detection system, expounds the classification of intrusion detection system and the framework of general intrusion detection, and discusses all kinds of intrusion detection technology in detail. Intrusion detection technology is a kind of security technology to protect network resources from hacker attack. IDS is a useful supplement to the firewall, which can help the network system to quickly detect attacks and improve the integrity of the information security infrastructure. In this paper, intrusion detection technology is applied to block chain information security model, and the results show that proposed model has higher detection efficiency and fault tolerance. [ABSTRACT FROM AUTHOR]

Published

2019

30. A survey of deep learning-based network anomaly detection.

Author

Kwon, Donghwoon, Kim, Hyunjoo, Kim, Jinoh, Suh, Sang C., Kim, Ikkyun, and Kim, Kuinam J.

Subjects

*DEEP learning, *ANOMALY detection (Computer security), *RECURRENT neural networks, *MACHINE learning, *COMPUTER networks, *APPLICATION software

Abstract

A great deal of attention has been given to deep learning over the past several years, and new deep learning techniques are emerging with improved functionality. Many computer and network applications actively utilize such deep learning algorithms and report enhanced performance through them. In this study, we present an overview of deep learning methodologies, including restricted Bolzmann machine-based deep belief network, deep neural network, and recurrent neural network, as well as the machine learning techniques relevant to network anomaly detection. In addition, this article introduces the latest work that employed deep learning techniques with the focus on network anomaly detection through the extensive literature survey. We also discuss our local experiments showing the feasibility of the deep learning approach to network traffic analysis. [ABSTRACT FROM AUTHOR]

Published

2019

31. Anomaly detection model based on data stream clustering.

Author

Yin, Chunyong, Zhang, Sun, Yin, Zhichao, and Wang, Jin

Subjects

*ANOMALY detection (Computer security), *INTRUSION detection systems (Computer security), *DATABASES, *RIVERS, *COMPUTER network security, *DATA distribution

Abstract

Intrusion detection provides important protection for network security and anomaly detection as a type of intrusion detection, which can recognize the pattern of normal behaviors and label the behaviors which departure from normal pattern as anomaly behaviors. The updating of network equipment and broadband speed makes the data mining object change from static data sets to dynamic data streams. We think that the traditional methods based on data set do not satisfy the needs of dynamic network environment. The network data stream is temporal and cannot be treated as static data set. The concept and distribution of data objects is variety in different time stamps and the changing is unpredictable. Therefore, we propose an improved data stream clustering algorithm and design the anomaly detection model according to the improved algorithm. The established model can be modified with the changing of data stream and detect anomaly behaviors in time. [ABSTRACT FROM AUTHOR]

Published

2019

32. A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems

Author

Sidi-Mohammed Senouci, Benamar Bouyeddou, Ying Sun, Wu Wang, and Fouzi Harrou

Subjects

SCADA system, Computer Networks and Communications, business.industry, Computer science, Process (engineering), Distributed computing, Deep learning, Intrusion detection system, Article, Critical infrastructure protection, Naive Bayes classifier, Electric power system, SCADA, Intrusion detection, Stacked deep learning, AdaBoost, Artificial intelligence, business, Resilience (network), Cyber-attacks, Software

Abstract

Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method’s performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.

Published

2021

33. An intelligent clustering scheme for distributed intrusion detection in vehicular cloud computing.

Author

Kumar, Neeraj, Singh, Jaskaran, Bali, Rasmeet, Misra, Sudip, and Ullah, Sana

Subjects

*MEDICAL care, *DOCUMENT clustering, *INTRUSION detection systems (Computer security), *ROBOTS, *CLOUD computing, *COMPUTER software

Abstract

In recent years, vehicular cloud computing (VCC) has emerged as a new technology which is being used in wide range of applications in the area of multimedia-based healthcare applications. In VCC, vehicles act as the intelligent machines which can be used to collect and transfer the healthcare data to the local, or global sites for storage, and computation purposes, as vehicles are having comparatively limited storage and computation power for handling the multimedia files. However, due to the dynamic changes in topology, and lack of centralized monitoring points, this information can be altered, or misused. These security breaches can result in disastrous consequences such as-loss of life or financial frauds. Therefore, to address these issues, a learning automata-assisted distributive intrusion detection system is designed based on clustering. Although there exist a number of applications where the proposed scheme can be applied but, we have taken multimedia-based healthcare application for illustration of the proposed scheme. In the proposed scheme, learning automata (LA) are assumed to be stationed on the vehicles which take clustering decisions intelligently and select one of the members of the group as a cluster-head. The cluster-heads then assist in efficient storage and dissemination of information through a cloud-based infrastructure. To secure the proposed scheme from malicious activities, standard cryptographic technique is used in which the auotmaton learns from the environment and takes adaptive decisions for identification of any malicious activity in the network. A reward and penalty is given by the stochastic environment where an automaton performs its actions so that it updates its action probability vector after getting the reinforcement signal from the environment. The proposed scheme was evaluated using extensive simulations on ns-2 with SUMO. The results obtained indicate that the proposed scheme yields an improvement of 10 % in detection rate of malicious nodes when compared with the existing schemes. [ABSTRACT FROM AUTHOR]

Published

2015

34. A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection.

Author

Malik, Arif Jamal and Khan, Farrukh Aslam

Abstract

A major drawback of signature-based intrusion detection systems is the inability to detect novel attacks that do not match the known signatures already stored in the database. Anomaly detection is a kind of intrusion detection in which the activities of a system are monitored and these activities are classified as normal or anomalous based on their expected behavior. Tree-based classifiers have been successfully used to separate the abnormal behavior from the normal one. Tree pruning is a machine learning technique used to minimize the size of a decision tree (DT) in order to reduce the complexity of the classifier and improve its predictive accuracy. In this paper, we attempt to prune a DT using particle swarm optimization (PSO) algorithm and apply it to the network intrusion detection problem. The proposed technique is a hybrid approach in which PSO is used for node pruning and the pruned DT is used for classification of the network intrusions. Both single and multi-objective PSO algorithms are used in the proposed approach. The experiments are carried out on the well-known KDD99Cup dataset. This dataset has been widely used as a benchmark dataset for network intrusion detection problems. The results of the proposed technique are compared to the other state-of-the-art classifiers and it is observed that the proposed technique performs better than the other classifiers in terms of intrusion detection rate, false positive rate, accuracy, and precision. [ABSTRACT FROM AUTHOR]

Published

2017