A Review of Generative Adversarial Networks for Intrusion Detection Systems: Advances, Challenges, and Future Directions

The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.

Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

Writable XOR executable （W⊕X） and address space layout randomisation （ASLR） have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems （NIDS） with appropriate signatures can detect this attack efficiently.

CNN Channel Attention Intrusion Detection SystemUsing NSL-KDD Dataset

Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.

Intrusion Detection Systems in Internet of Things and Mobile Ad-Hoc Networks

Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks.This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods,IDS techniques,IDS placement strategies,and traffic data analysis techniques.This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions.Specifically,the Knowledge Discovery in Databases(KDD)Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network(WN).The paper starts with a review of various intrusion detection techniques,data collection methods and placement methods.The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment.Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities.So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment.The main wireless environments to look into would be Wireless Sensor Networks(WSN),Mobile Ad Hoc Networks(MANET)and IoT as this are the future trends and a lot of attacks have been targeted into these networks.So it is very crucial to design an IDS specifically to target on the wireless networks.

Cyber Security Analysis and Evaluation for Intrusion Detection Systems

Machine learning is a technique that is widely employed in both the academic and industrial sectors all over the world.Machine learning algorithms that are intuitive can analyse risks and respond swiftly to breaches and security issues.It is crucial in offering a proactive security system in the field of cybersecurity.In real time,cybersecurity protects information,information systems,and networks from intruders.In the recent decade,several assessments on security and privacy estimates have noted a rapid growth in both the incidence and quantity of cybersecurity breaches.At an increasing rate,intruders are breaching information security.Anomaly detection,software vulnerability diagnosis,phishing page identification,denial of service assaults,and malware identification are the foremost cyber-security concerns that require efficient clarifications.Practitioners have tried a variety of approaches to address the present cybersecurity obstacles and concerns.In a similar vein,the goal of this research is to assess the idealness of machine learning-based intrusion detection systems under fuzzy conditions using a Multi-Criteria Decision Making(MCDM)-based Analytical Hierarchy Process(AHP)and a Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS).Fuzzy sets are ideal for dealing with decision-making scenarios in which experts are unsure of the best course of action.The projected work would support practitioners in identifying,prioritising,and selecting cybersecurityrelated attributes for intrusion detection systems,allowing them to design more optimal and effective intrusion detection systems.

A Comprehensive Analysis of Datasets for Automotive Intrusion Detection Systems

Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.

MA-IDS: A Distributed Intrusion Detection System Based on Data Mining

Aiming at the shortcomings in intrusion detection systems (IDSs) used incommercial and research fields, we propose the MA-IDS system, a distributed intrusion detectionsystem based on data mining. In this model, misuse intrusion detection system CM1DS) and anomalyintrusion de-lection system (AIDS) are combined. Data mining is applied to raise detectionperformance, and distributed mechanism is employed to increase the scalability and efficiency. Host-and network-based mining algorithms employ an improved. Bayes-ian decision theorem that suits forreal security environment to minimize the risks incurred by false decisions. We describe the overallarchitecture of the MA-IDS system, and discuss specific design and implementation issue.

Development of a Platform to Explore Network Intrusion Detection System (NIDS) for Cybersecurity

Cybersecurity is increasing its significance in recent years due to the overwhelming use of devices which require the use of internet. This raises the importance of having cybersecurity training for the upcoming generations as hackers continue to upgrade their methodologies and techniques to obtain important information such as personal identification, credit card numbers etcetera. This paper describes the development of a platform for students to learn how to setup and use a Network Intrusion Detection System in a virtual environment. In this environment, the administrator of a specific system can monitor and detect their network for any malicious activity. We will discuss in this paper the network configuration setup via virtualization technology followed by having a Network Intrusion Detection System installed in one of the virtual machines port mirrored to monitor the whole network. In the virtual network, a virtual machine will be assigned as an attacker to simulate cyber-attacks allowing the Network Intrusion Detection System to detect the Internet Protocol (IP) address from the source of malicious activity provider. In addition, students will have the opportunity to learn how to write basic rules for the Network Intrusion Detection System which are algorithms used to detect cyber malicious movements.

A Comparative Study of Related Technologies of Intrusion Detection &Prevention Systems

The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from hackers. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Intrusion Prevention Systems (IPS) evolved after that to resolve am-biguities in passive network monitoring by placing detection systems on the line of attack. IPS in other words is IDS that are able to give prevention commands to firewalls and access control changes to routers. IPS can be seen as an improvement upon firewall technologies. It can make access control decisions based on application content, rather than IP address or ports as traditional firewalls do. The next innovation is the combination of IDS and IPS known as Intrusion Detection and Prevention Systems (IDPS) capable of de-tecting and preventing attacks from happening. This paper presents an overview of IDPS followed by their classifications and applications. A new signature based IDPS architecture named HawkEye Solutions has been proposed by the authors. Authors have presented the basic building blocks of the IDS, which include mechanisms for carrying out TCP port scans, Traceroute scan, ping scan and packet sniffing to monitor net-work health detect various types of attacks. Real time implementation results of the system have been pre-sented. Finally a comparative analysis of various existing IDS/IPS solutions with HawkEye Solutions em-phasizes its significance.

General Study of Mobile Agent Based Intrusion Detection System (IDS)

The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The evidence of intrusions is to be associated from all the held up nodes. From the last few years, mobile agent based technique in intrusion detection system (IDS) has been widely used to detect intrusion over distributed network. This paper presented survey of several existing mobile agent based intrusion detection system and comparative analysis report between them. Furthermore we have focused on each attribute of analysis, for example technique (NIDS, HIDS or Hybrid), behavior layer, detection techniques for analysis, uses of mobile agent and technology used by existing IDS, strength and issues. Their strengths and issues are situational wherever appropriate. We have observed that some of the existing techniques are used in IDS which causes low detection rate, behavior layers like TCP connection for packet capturing which is most important activity in NIDS and response time (technology execution time) with memory consumption by mobile agent as major issues.

Cutting Edge Trends in Deception Based Intrusion Detection Systems—A Survey

Cyber criminals have become a formidable treat in today’s world. This present reality has placed cloud computing platforms under constant treats of cyber-attacks at all levels, with an ever-evolving treat landscape. It has been observed that the number of threats faced in cloud computing is rising exponentially mainly due to its widespread adoption, rapid expansion and a vast attack surface. One of the front-line tools employed in defense against cyber-attacks is the Intrusion Detection Systems (IDSs). In recent times, an increasing number of researchers and cyber security practitioners alike have advocated the use of deception-based techniques in IDS and other cyber security defenses as against the use of traditional methods. This paper presents an extensive overview of the deception technology environment, as well as a review of current trends and implementation models in deception-based Intrusion Detection Systems. Issues mitigating the implementation of deception based cyber security defenses are also investigated.

CAND-IDS: A Novel Context Aware Intrusion Detection System in Cooperative Wireless Sensor Networks by Nodal Node Deployment

Cooperative wireless sensor networks have drastically grown due to node co-opera- tive in unaltered environment. Various real time applications are developed and deployed under cooperative network, which controls and coordinates the flow to and from the nodes to the base station. Though nodes are interlinked to give expected state behavior, it is vital to monitor the malicious activities in the network. There is a high end probability to compromise the node behavior that leads to catastrophes. To overcome this issue a Novel Context Aware-IDS approach named Context Aware Nodal Deployment-IDS (CAND-IDS) is framed. During data transmission based on node properties and behavior CAND-IDS detects and eliminates the malicious nodes in the explored path. Also during network deployment and enhancement, node has to follow Context Aware Cooperative Routing Protocol (CCRP), to ensure the reliability of the network. CAND-IDS are programmed and simulated using Network Simulator software and the performance is verified and evaluated. The simulation result shows significant improvements in the throughput, energy consumption and delay made when compared with the existing system.

Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System

Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point(AP), if any during its sleep period. An attacker can launch a power save denial of service(PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current approaches to prevent or detect the PS-DoS attack require encryption,change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances.So signature and anomaly based intrusion detection system(IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system(RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.

A New Database Intrusion Detection Approach Based on Hybrid Meta-Heuristics

A new secured database management system architecture using intrusion detection systems(IDS)is proposed in this paper for organizations with no previous role mapping for users.A simple representation of Structured Query Language queries is proposed to easily permit the use of the worked clustering algorithm.A new clustering algorithm that uses a tube search with adaptive memory is applied to database log files to create users’profiles.Then,queries issued for each user are checked against the related user profile using a classifier to determine whether or not each query is malicious.The IDS will stop query execution or report the threat to the responsible person if the query is malicious.A simple classifier based on the Euclidean distance is used and the issued query is transformed to the proposed simple representation using a classifier,where the Euclidean distance between the centers and the profile’s issued query is calculated.A synthetic data set is used for our experimental evaluations.Normal user access behavior in relation to the database is modelled using the data set.The false negative(FN)and false positive(FP)rates are used to compare our proposed algorithm with other methods.The experimental results indicate that our proposed method results in very small FN and FP rates.

An Intrusion Detection Algorithm Based on Feature Graph

With the development of Information technology and the popularization of Internet,whenever and wherever possible,people can connect to the Internet optionally.Meanwhile,the security of network traffic is threatened by various of online malicious behaviors.The aim of an intrusion detection system(IDS)is to detect the network behaviors which are diverse and malicious.Since a conventional firewall cannot detect most of the malicious behaviors,such as malicious network traffic or computer abuse,some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches.However,there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph.In this paper,a novel intrusion detection approach IDBFG(Intrusion Detection Based on Feature Graph)is proposed which first filters normal connections with grid partitions,and then records the patterns of various attacks with a novel graph structure,and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors.The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM(Supprot Vector Machines)and Decision Tree which are trained and tested in original feature space in terms of detection rates,false alarm rates and run time.

Applying Stack Bidirectional LSTM Model to Intrusion Detection

Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economic losses and even endanger national security.It is hoped that an effective security method can systematically classify intrusion data in order to avoid leakage of important data or misuse of data.As machine learning technology matures,deep learning is widely used in various industries.Combining deep learning with network security and intrusion detection is the current trend.In this paper,the problem of data classification in intrusion detection system is studied.We propose an intrusion detection model based on stack bidirectional long short-term memory(LSTM),introduce stack bidirectional LSTM into the field of intrusion detection and apply it to the intrusion detection.In order to determine the appropriate parameters and structure of stack bidirectional LSTM network,we have carried out experiments on various network structures and parameters and analyzed the experimental results.The classic KDD Cup’1999 dataset was selected for experiments so that we can obtain convincing and comparable results.Experimental results derived from the KDD Cup’1999 dataset show that the network with three hidden layers containing 80 LSTM cells is superior to other algorithms in computational cost and detection performance due to stack bidirectional LSTM model’s ability to review time and correlate with connected records continuously.The experiment shows the effectiveness of stack bidirectional LSTM network in intrusion detection.

Novel design concepts for network intrusion systems based on dendritic cells processes

An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.

XA-GANomaly: An Explainable Adaptive Semi-Supervised Learning Method for Intrusion Detection Using GANomaly

Intrusion detection involves identifying unauthorized network activity and recognizing whether the data constitute an abnormal network transmission.Recent research has focused on using semi-supervised learning mechanisms to identify abnormal network traffic to deal with labeled and unlabeled data in the industry.However,real-time training and classifying network traffic pose challenges,as they can lead to the degradation of the overall dataset and difficulties preventing attacks.Additionally,existing semi-supervised learning research might need to analyze the experimental results comprehensively.This paper proposes XA-GANomaly,a novel technique for explainable adaptive semi-supervised learning using GANomaly,an image anomalous detection model that dynamically trains small subsets to these issues.First,this research introduces a deep neural network(DNN)-based GANomaly for semi-supervised learning.Second,this paper presents the proposed adaptive algorithm for the DNN-based GANomaly,which is validated with four subsets of the adaptive dataset.Finally,this study demonstrates a monitoring system that incorporates three explainable techniques—Shapley additive explanations,reconstruction error visualization,and t-distributed stochastic neighbor embedding—to respond effectively to attacks on traffic data at each feature engineering stage,semi-supervised learning,and adaptive learning.Compared to other single-class classification techniques,the proposed DNN-based GANomaly achieves higher scores for Network Security Laboratory-Knowledge Discovery in Databases and UNSW-NB15 datasets at 13%and 8%of F1 scores and 4.17%and 11.51%for accuracy,respectively.Furthermore,experiments of the proposed adaptive learning reveal mostly improved results over the initial values.An analysis and monitoring system based on the combination of the three explainable methodologies is also described.Thus,the proposed method has the potential advantages to be applied in practical industry,and future research will explore handling unbalanced real-time datasets in various scenarios.

Intrusion detection based on system calls and homogeneous Markov chains

A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program＇s behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.