Your search keyword '"CIC-IDS-2017"' showing total 5 results

1. Cybersecurity attacks: Which dataset should be used to evaluate an intrusion detection system?

Author

Danijela D. Protić and Miomir M. Stanković

Subjects

adfa, awid, caida, cic-ids-2017, cse-cic-2018, darpa, iscx 2012, kdd cup ’99, kyoto 2006+, nsl-kdd, unswnb15, Military Science, Engineering (General). Civil engineering (General), TA1-2040

Abstract

Introduction: Analyzing the high-dimensional datasets used for intrusion detection becomes a challenge for researchers. This paper presents the most often used data sets. ADFA contains two data sets containing records from Linux/Unix. AWID is based on actual traces of normal and intrusion activity of an IEEE 802.11 Wi-Fi network. CAIDA collects data types in geographically and topologically diverse regions. In CIC-IDS2017, HTTP, HTTPS, FTP, SSH, and email protocols are examined. CSECIC-2018 includes abstract distribution models for applications, protocols, or lower-level network entities. DARPA contains data of network traffic. ISCX 2012 dataset has profiles on various multi-stage attacks and actual network traffic with background noise. KDD Cup '99 is a collection of data transfer from a virtual environment. Kyoto 2006+ contains records of real network traffic. It is used only for anomaly detection. NSL-KDD corrects flaws in the KDD Cup '99 caused by redundant and duplicate records. UNSW-NB-15 is derived from real normal data and the synthesized contemporary attack activities of the network traffic. Methods: This study uses both quantitative and qualitative techniques. The scientific references and publicly accessible information about given dataset are used. Results: Datasets are often simulated to meet objectives required by a particular organization. The number of real datasets are very small compared to simulated dataset. Anomaly detection is rarely used today. Conclusion: 95 The main characteristics and a comparative analysis of the data sets in terms of the date they were created, the size, the number of features, the traffic types, and the purpose are presented.

Published

2023

2. Cybersecurity attacks: which dataset should be used to evaluate an intrusion detection system?

Author

Protića, Danijela D. and Stankovićb, Miomir M.

Subjects

*CYBERTERRORISM, *COMPUTER network traffic, *INTRUSION detection systems (Computer security), *TRAFFIC noise, *VIRTUAL reality, *RESEARCH personnel

Abstract

Introduction: Analyzing the high-dimensional datasets used for intrusion detection becomes a challenge for researchers. This paper presents the most often used data sets. ADFA contains two data sets containing records from Linux/Unix. AWID is based on actual traces of normal and intrusion activity of an IEEE 802.11 Wi-Fi network. CAIDA collects data types in geographically and topologically diverse regions. In CIC-IDS2017, HTTP, HTTPS, FTP, SSH, and email protocols are examined. CSECIC-2018 includes abstract distribution models for applications, protocols, or lower-level network entities. DARPA contains data of network traffic. ISCX 2012 dataset has profiles on various multi-stage attacks and actual network traffic with background noise. KDD Cup ‘99 is a collection of data transfer from a virtual environment. Kyoto 2006+ contains records of real network traffic. It is used only for anomaly detection. NSL-KDD corrects flaws in the KDD Cup ’99 caused by redundant and duplicate records. UNSW-NB-15 is derived from real normal data and the synthesized contemporary attack activities of the network traffic. Methods: This study uses both quantitative and qualitative techniques. The scientific references and publicly accessible information about given dataset are used. Results: Datasets are often simulated to meet objectives required by a particular organization. The number of real datasets are very small compared to simulated dataset. Anomaly detection is rarely used today. Conclusion: The main characteristics and a comparative analysis of the data sets in terms of the date they were created, the size, the number of features, the traffic types, and the purpose are presented. [ABSTRACT FROM AUTHOR]

Published

2023

3. Performance Analysis of Feature Subset Selection Techniques for Intrusion Detection.

Author

Almaghthawi, Yousef, Ahmad, Iftikhar, and Alsaadi, Fawaz E.

Subjects

*SUBSET selection, *INTRUSION detection systems (Computer security), *FEATURE selection, *SUPPORT vector machines, *GENETIC algorithms, *COMPUTER networks, *FALSE alarms

Abstract

An intrusion detection system is one of the main defense lines used to provide security to data, information, and computer networks. The problems of this security system are the increased processing time, high false alarm rate, and low detection rate that occur due to the large amount of data containing various irrelevant and redundant features. Therefore, feature selection can solve this problem by reducing the number of features. Choosing appropriate feature selection methods that can reduce the number of features without a negative effect on the classification accuracy is a major challenge. This challenge motivated us to investigate the application of different wrapper feature selection techniques in intrusion detection. The performance of the selected techniques, such as the genetic algorithm (GA), sequential forward selection (SFS), and sequential backward selection (SBS), were analyzed, addressed, and compared to the existing techniques. The efficiency of the three feature selection techniques with two classification methods, including support vector machine (SVM) and multi perceptron (MLP), was compared. The CICIDS2017, CSE-CIC-IDS218, and NSL-KDD datasets were considered for the experiments. The efficiency of the proposed models was proved in the experimental results, which indicated that it had highest accuracy in the selected datasets. [ABSTRACT FROM AUTHOR]

Published

2022

4. Performance Analysis of Feature Subset Selection Techniques for Intrusion Detection

Author

Yousef Almaghthawi, Iftikhar Ahmad, and Fawaz E. Alsaadi

Subjects

intrusion detection, genetic algorithm, greedy search, backward elimination learning, NSL-KDD, CIC-IDS-2017, Mathematics, QA1-939

Abstract

An intrusion detection system is one of the main defense lines used to provide security to data, information, and computer networks. The problems of this security system are the increased processing time, high false alarm rate, and low detection rate that occur due to the large amount of data containing various irrelevant and redundant features. Therefore, feature selection can solve this problem by reducing the number of features. Choosing appropriate feature selection methods that can reduce the number of features without a negative effect on the classification accuracy is a major challenge. This challenge motivated us to investigate the application of different wrapper feature selection techniques in intrusion detection. The performance of the selected techniques, such as the genetic algorithm (GA), sequential forward selection (SFS), and sequential backward selection (SBS), were analyzed, addressed, and compared to the existing techniques. The efficiency of the three feature selection techniques with two classification methods, including support vector machine (SVM) and multi perceptron (MLP), was compared. The CICIDS2017, CSE-CIC-IDS218, and NSL-KDD datasets were considered for the experiments. The efficiency of the proposed models was proved in the experimental results, which indicated that it had highest accuracy in the selected datasets.

Published

2022

5. Fusion of linear and non-linear dimensionality reduction techniques for feature reduction in LSTM-based Intrusion Detection System.

Author

Thakkar, Ankit, Kikani, Nandish, and Geddam, Rebakah

Subjects

INFORMATION technology, COMPUTER network traffic, PRINCIPAL components analysis, WILCOXON signed-rank test, DEEP learning, DATA security

Abstract

Securing networks is becoming increasingly crucial due to the widespread use of information technology. Intrusion Detection System (IDS) plays a crucial role in network security by detecting potential security threats in real-time. In order to create effective IDS, Deep Learning (DL) techniques like Auto Encoder (AE) and Long Short-Term Memory (LSTM) have been widely used. However, the high dimensionality and complexity of network traffic data make it challenging to extract meaningful information. The paper proposes a fusion-based approach that combines AE and Principal Component Analysis (PCA) techniques for dimensionality reduction in IDS. The proposed approach aims to capture both linear and non-linear relationships between features while reducing the dimensionality of the input data. NSL-KDD, UNSW-NB15, CIC-IDS-2017, and MSCAD datasets are used to evaluate this proposed method. The proposed approach has improved accuracy compared to the existing AE+LSTM-based approach by 3% for NSL-KDD and around 1% for UNSW-NB15 and CIC-IDS-2017, while the proposed approach gives comparable results for the MSCAD dataset. The Wilcoxon signed-rank test has been applied to confirm the statistical significance of the result. • A novel fusion-based dimensionality reduction technique designed for LSTM-based IDS. • Fusion of autoencoder and PCA dimensionality reduction techniques is proposed. • Proposed fusion-based technique captures linear and nonlinear relations from data. • Experiments are performed with NSL-KDD, UNSW_NB-15, CIC-IDS-2017, and MSCAD datasets. • Proposed fusion-based approach improves accuracy, F1-score, and FPR. [ABSTRACT FROM AUTHOR]

Published

2024