There are two key issues in distributed intrusion detection system,that is,maintaining load balance of system and protecting data integrity.To address these issues,this paper proposes a new distributed intrusion detec...There are two key issues in distributed intrusion detection system,that is,maintaining load balance of system and protecting data integrity.To address these issues,this paper proposes a new distributed intrusion detection model for big data based on nondestructive partitioning and balanced allocation.A data allocation strategy based on capacity and workload is introduced to achieve local load balance,and a dynamic load adjustment strategy is adopted to maintain global load balance of cluster.Moreover,data integrity is protected by using session reassemble and session partitioning.The simulation results show that the new model enjoys favorable advantages such as good load balance,higher detection rate and detection efficiency.展开更多
Aiming at the shortcomings in intrusion detection systems (IDSs) used incommercial and research fields, we propose the MA-IDS system, a distributed intrusion detectionsystem based on data mining. In this model, misuse...Aiming at the shortcomings in intrusion detection systems (IDSs) used incommercial and research fields, we propose the MA-IDS system, a distributed intrusion detectionsystem based on data mining. In this model, misuse intrusion detection system CM1DS) and anomalyintrusion de-lection system (AIDS) are combined. Data mining is applied to raise detectionperformance, and distributed mechanism is employed to increase the scalability and efficiency. Host-and network-based mining algorithms employ an improved. Bayes-ian decision theorem that suits forreal security environment to minimize the risks incurred by false decisions. We describe the overallarchitecture of the MA-IDS system, and discuss specific design and implementation issue.展开更多
Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent di...Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.展开更多
Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualiz...Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.展开更多
Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their spe...Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.展开更多
Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attac...Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks.展开更多
Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior chara...Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior characteristics are becoming increasingly complicated,posing significant hurdles to intrusion detection.The challenges in terms of false positives,false negatives,low detection accuracy,high running time,adversarial attacks,uncertain attacks,etc.lead to insecure Intrusion Detection System(IDS).To offset the existing challenge,the work has developed a secure Data Mining Intrusion detection system(DataMIDS)framework using Functional Perturbation(FP)feature selection and Bengio Nesterov Momentum-based Tuned Generative Adversarial Network(BNM-tGAN)attack detection technique.The data mining-based framework provides shallow learning of features and emphasizes feature engineering as well as selection.Initially,the IDS data are analyzed for missing values based on the Marginal Likelihood Fisher Information Matrix technique(MLFIMT)that identifies the relationship among the missing values and attack classes.Based on the analysis,the missing values are classified as Missing Completely at Random(MCAR),Missing at random(MAR),Missing Not at Random(MNAR),and handled according to the types.Thereafter,categorical features are handled followed by feature scaling using Absolute Median Division based Robust Scalar(AMDRS)and the Handling of the imbalanced dataset.The selection of relevant features is initiated using FP that uses‘3’Feature Selection(FS)techniques i.e.,Inverse Chi Square based Flamingo Search(ICS-FSO)wrapper method,Hyperparameter Tuned Threshold based Decision Tree(HpTT-DT)embedded method,and Xavier Normal Distribution based Relief(XavND-Relief)filter method.Finally,the selected features are trained and tested for detecting attacks using BNM-tGAN.The Experimental analysis demonstrates that the introduced DataMIDS framework produces an accurate diagnosis about the attack with low computation time.The work avoids false alarm rate of attacks and remains to be relatively robust against malicious attacks as compared to existing methods.展开更多
The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightene...Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightened by the theory of Deep Learning Neural Networks,Hierarchy Distributed-Agents Model for Network Risk Evaluation,a newly developed model,is proposed.The architecture taken on by the distributed-agents model are given,as well as the approach of analyzing network intrusion detection using Deep Learning,the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented,and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built.Furthermore,to examine the proposed model,a series of experiments were conducted in terms of NSLKDD datasets.The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60%on NSL-KDD datasets.As the results acquired from the experiment indicate,the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.展开更多
文摘There are two key issues in distributed intrusion detection system,that is,maintaining load balance of system and protecting data integrity.To address these issues,this paper proposes a new distributed intrusion detection model for big data based on nondestructive partitioning and balanced allocation.A data allocation strategy based on capacity and workload is introduced to achieve local load balance,and a dynamic load adjustment strategy is adopted to maintain global load balance of cluster.Moreover,data integrity is protected by using session reassemble and session partitioning.The simulation results show that the new model enjoys favorable advantages such as good load balance,higher detection rate and detection efficiency.
文摘Aiming at the shortcomings in intrusion detection systems (IDSs) used incommercial and research fields, we propose the MA-IDS system, a distributed intrusion detectionsystem based on data mining. In this model, misuse intrusion detection system CM1DS) and anomalyintrusion de-lection system (AIDS) are combined. Data mining is applied to raise detectionperformance, and distributed mechanism is employed to increase the scalability and efficiency. Host-and network-based mining algorithms employ an improved. Bayes-ian decision theorem that suits forreal security environment to minimize the risks incurred by false decisions. We describe the overallarchitecture of the MA-IDS system, and discuss specific design and implementation issue.
基金Supported by the Key Program of Natural Science Foundation of China(050335020)
文摘Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.
文摘Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.
文摘Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.
基金The authors gratefully acknowledge the approval and the support of this research study by the Grant No.SCIA-2022-11-1545the Deanship of Scientific Research at Northern Border University,Arar,K.S.A.
文摘Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks.
文摘Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior characteristics are becoming increasingly complicated,posing significant hurdles to intrusion detection.The challenges in terms of false positives,false negatives,low detection accuracy,high running time,adversarial attacks,uncertain attacks,etc.lead to insecure Intrusion Detection System(IDS).To offset the existing challenge,the work has developed a secure Data Mining Intrusion detection system(DataMIDS)framework using Functional Perturbation(FP)feature selection and Bengio Nesterov Momentum-based Tuned Generative Adversarial Network(BNM-tGAN)attack detection technique.The data mining-based framework provides shallow learning of features and emphasizes feature engineering as well as selection.Initially,the IDS data are analyzed for missing values based on the Marginal Likelihood Fisher Information Matrix technique(MLFIMT)that identifies the relationship among the missing values and attack classes.Based on the analysis,the missing values are classified as Missing Completely at Random(MCAR),Missing at random(MAR),Missing Not at Random(MNAR),and handled according to the types.Thereafter,categorical features are handled followed by feature scaling using Absolute Median Division based Robust Scalar(AMDRS)and the Handling of the imbalanced dataset.The selection of relevant features is initiated using FP that uses‘3’Feature Selection(FS)techniques i.e.,Inverse Chi Square based Flamingo Search(ICS-FSO)wrapper method,Hyperparameter Tuned Threshold based Decision Tree(HpTT-DT)embedded method,and Xavier Normal Distribution based Relief(XavND-Relief)filter method.Finally,the selected features are trained and tested for detecting attacks using BNM-tGAN.The Experimental analysis demonstrates that the introduced DataMIDS framework produces an accurate diagnosis about the attack with low computation time.The work avoids false alarm rate of attacks and remains to be relatively robust against malicious attacks as compared to existing methods.
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
基金This work is supported by the National Key Research and Development Program of China under Grant 2016YFB0800600the Natural Science Foundation of China under Grant(No.61872254 and No.U1736212)+2 种基金the Fundamental Research Funds for the central Universities(No.YJ201727,No.A0920502051815-98)Academic and Technical Leaders’Training Support Fund of Sichuan Province(2016)the research projects of the Humanity and Social Science Youth Foundation of Ministry of Education(13YJCZH021).We want to convey our grateful appreciation to the corresponding author of this paper,Gang Liang,who has offered advice with huge values in all stages when writing this essay to us.
文摘Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightened by the theory of Deep Learning Neural Networks,Hierarchy Distributed-Agents Model for Network Risk Evaluation,a newly developed model,is proposed.The architecture taken on by the distributed-agents model are given,as well as the approach of analyzing network intrusion detection using Deep Learning,the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented,and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built.Furthermore,to examine the proposed model,a series of experiments were conducted in terms of NSLKDD datasets.The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60%on NSL-KDD datasets.As the results acquired from the experiment indicate,the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.
