IDS-INT:Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

CNN Channel Attention Intrusion Detection SystemUsing NSL-KDD Dataset

Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.

Enhanced Coyote Optimization with Deep Learning Based Cloud-Intrusion Detection System

Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achievement due to distributed and open architecture that is prone to intruders.Intrusion Detection System(IDS)refers to one of the commonly utilized system for detecting attacks on cloud.IDS proves to be an effective and promising technique,that identifies malicious activities and known threats by observing traffic data in computers,and warnings are given when such threatswere identified.The current mainstream IDS are assisted with machine learning(ML)but have issues of low detection rates and demanded wide feature engineering.This article devises an Enhanced Coyote Optimization with Deep Learning based Intrusion Detection System for Cloud Security(ECODL-IDSCS)model.The ECODL-IDSCS model initially addresses the class imbalance data problem by the use of Adaptive Synthetic(ADASYN)technique.For detecting and classification of intrusions,long short term memory(LSTM)model is exploited.In addition,ECO algorithm is derived to optimally fine tune the hyperparameters related to the LSTM model to enhance its detection efficiency in the cloud environment.Once the presented ECODL-IDSCS model is tested on benchmark dataset,the experimental results show the promising performance of the ECODL-IDSCS model over the existing IDS models.

Feature Selection with Deep Reinforcement Learning for Intrusion Detection System

An intrusion detection system(IDS)becomes an important tool for ensuring security in the network.In recent times,machine learning(ML)and deep learning(DL)models can be applied for the identification of intrusions over the network effectively.To resolve the security issues,this paper presents a new Binary Butterfly Optimization algorithm based on Feature Selection with DRL technique,called BBOFS-DRL for intrusion detection.The proposed BBOFSDRL model mainly accomplishes the recognition of intrusions in the network.To attain this,the BBOFS-DRL model initially designs the BBOFS algorithm based on the traditional butterfly optimization algorithm(BOA)to elect feature subsets.Besides,DRL model is employed for the proper identification and classification of intrusions that exist in the network.Furthermore,beetle antenna search(BAS)technique is applied to tune the DRL parameters for enhanced intrusion detection efficiency.For ensuring the superior intrusion detection outcomes of the BBOFS-DRL model,a wide-ranging experimental analysis is performed against benchmark dataset.The simulation results reported the supremacy of the BBOFS-DRL model over its recent state of art approaches.

MEM-TET: Improved Triplet Network for Intrusion Detection System

With the advancement of network communication technology,network traffic shows explosive growth.Consequently,network attacks occur frequently.Network intrusion detection systems are still the primary means of detecting attacks.However,two challenges continue to stymie the development of a viable network intrusion detection system:imbalanced training data and new undiscovered attacks.Therefore,this study proposes a unique deep learning-based intrusion detection method.We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data.Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train.Finally,the distance relationship between the triples determines whether the traffic is an attack.In addition,to improve the accuracy of detecting unknown attacks,this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space.The proposed approach’s effectiveness,stability,and significance are evaluated against advanced models on the Android Adware and General Malware Dataset(AAGM17),Knowledge Discovery and Data Mining Cup 1999(KDDCUP99),Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset(CICIDS2017),UNSW-NB15,Network Security Lab-Knowledge Discovery and Data Mining(NSL-KDD)datasets.The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection.

Intelligent Intrusion Detection System for Industrial Internet of Things Environment

Rapid increase in the large quantity of industrial data,Industry 4.0/5.0 poses several challenging issues such as heterogeneous data generation,data sensing and collection,real-time data processing,and high request arrival rates.The classical intrusion detection system(IDS)is not a practical solution to the Industry 4.0 environment owing to the resource limitations and complexity.To resolve these issues,this paper designs a new Chaotic Cuckoo Search Optimiza-tion Algorithm(CCSOA)with optimal wavelet kernel extreme learning machine(OWKELM)named CCSOA-OWKELM technique for IDS on the Industry 4.0 platform.The CCSOA-OWKELM technique focuses on the design of feature selection with classification approach to achieve minimum computation complex-ity and maximum detection accuracy.The CCSOA-OWKELM technique involves the design of CCSOA based feature selection technique,which incorpo-rates the concepts of chaotic maps with CSOA.Besides,the OWKELM technique is applied for the intrusion detection and classification process.In addition,the OWKELM technique is derived by the hyperparameter tuning of the WKELM technique by the use of sunflower optimization(SFO)algorithm.The utilization of CCSOA for feature subset selection and SFO algorithm based hyperparameter tuning leads to better performance.In order to guarantee the supreme performance of the CCSOA-OWKELM technique,a wide range of experiments take place on two benchmark datasets and the experimental outcomes demonstrate the promis-ing performance of the CCSOA-OWKELM technique over the recent state of art techniques.

Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances,Challenges and Future Directions

Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.

Intrusion Detection System with Customized Machine Learning Techniques for NSL-KDD Dataset

Modern networks are at risk from a variety of threats as a result of the enormous growth in internet-based traffic.By consuming time and resources,intrusive traffic hampers the efficient operation of network infrastructure.An effective strategy for preventing,detecting,and mitigating intrusion incidents will increase productivity.A crucial element of secure network traffic is Intrusion Detection System(IDS).An IDS system may be host-based or network-based to monitor intrusive network activity.Finding unusual internet traffic has become a severe security risk for intelligent devices.These systems are negatively impacted by several attacks,which are slowing computation.In addition,networked communication anomalies and breaches must be detected using Machine Learning(ML).This paper uses the NSL-KDD data set to propose a novel IDS based on Artificial Neural Networks(ANNs).As a result,the ML model generalizes sufficiently to perform well on untried data.The NSL-KDD dataset shall be utilized for both training and testing.In this paper,we present a custom ANN model architecture using the Keras open-source software package.The specific arrangement of nodes and layers,along with the activation functions,enhances the model’s ability to capture intricate patterns in network data.The performance of the ANN is carefully tested and evaluated,resulting in the identification of a maximum detection accuracy of 97.5%.We thoroughly compared our suggested model to industry-recognized benchmark methods,such as decision classifier combinations and ML classifiers like k-Nearest Neighbors(KNN),Deep Learning(DL),Support Vector Machine(SVM),Long Short-Term Memory(LSTM),Deep Neural Network(DNN),and ANN.It is encouraging to see that our model consistently outperformed each of these tried-and-true techniques in all evaluations.This result underlines the effectiveness of the suggested methodology by demonstrating the ANN’s capacity to accurately assess the effectiveness of the developed strategy in identifying and categorizing instances of network intrusion.

Intelligent Intrusion Detection System for the Internet of Medical Things Based on Data-Driven Techniques

Introducing IoT devices to healthcare fields has made it possible to remotely monitor patients’information and provide a proper diagnosis as needed,resulting in the Internet of Medical Things(IoMT).However,obtaining good security features that ensure the integrity and confidentiality of patient’s information is a significant challenge.However,due to the computational resources being limited,an edge device may struggle to handle heavy detection tasks such as complex machine learning algorithms.Therefore,designing and developing a lightweight detection mechanism is crucial.To address the aforementioned challenges,a new lightweight IDS approach is developed to effectively combat a diverse range of cyberattacks in IoMT networks.The proposed anomaly-based IDS is divided into three steps:pre-processing,feature selection,and decision.In the pre-processing phase,data cleaning and normalization are performed.In the feature selection step,the proposed approach uses two data-driven kernel techniques:kernel principal component analysis and kernel partial least square techniques to reduce the dimension of extracted features and to ameliorate the detection results.Therefore,in decision step,in order to classify whether the traffic flow is normal or malicious the kernel extreme learning machine is used.To check the efficiency of the developed detection scheme,a modern IoMT dataset named WUSTL-EHMS-2020 is considered to evaluate and discuss the achieved results.The proposed method achieved 99.9%accuracy,99.8%specificity,100%Sensitivity,99.9 F-score.

Augmenting IoT Intrusion Detection System Performance Using Deep Neural Network

Due to their low power consumption and limited computing power,Internet of Things(IoT)devices are difficult to secure.Moreover,the rapid growth of IoT devices in homes increases the risk of cyber-attacks.Intrusion detection systems(IDS)are commonly employed to prevent cyberattacks.These systems detect incoming attacks and instantly notify users to allow for the implementation of appropriate countermeasures.Attempts have been made in the past to detect new attacks using machine learning and deep learning techniques,however,these efforts have been unsuccessful.In this paper,we propose two deep learning models to automatically detect various types of intrusion attacks in IoT networks.Specifically,we experimentally evaluate the use of two Convolutional Neural Networks(CNN)to detect nine distinct types of attacks listed in the NF-UNSW-NB15-v2 dataset.To accomplish this goal,the network stream data were initially converted to twodimensional images,which were then used to train the neural network models.We also propose two baseline models to demonstrate the performance of the proposed models.Generally,both models achieve high accuracy in detecting the majority of these nine attacks.

A Comprehensive Analysis of Datasets for Automotive Intrusion Detection Systems

Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.

An Intelligent Intrusion Detection System in Smart Grid Using PRNN Classifier

Typically,smart grid systems enhance the ability of conventional power system networks as it is vulnerable to several kinds of attacks.These vulnerabil-ities might cause the attackers or intruders to collapse the entire network system thus breaching the confidentiality and integrity of smart grid systems.Thus,for this purpose,Intrusion detection system(IDS)plays a pivotal part in offering a reliable and secured range of services in the smart grid framework.Several exist-ing approaches are there to detect the intrusions in smart grid framework,however they are utilizing an old dataset to detect anomaly thus resulting in reduced rate of detection accuracy in real-time and huge data sources.So as to overcome these limitations,the proposed technique is presented which employs both real-time raw data from the smart grid network and KDD99 dataset thus detecting anoma-lies in the smart grid network.In the grid side data acquisition,the power trans-mitted to the grid is checked and enhanced in terms of power quality by eradicating distortion in transmission lines.In this approach,power quality in the smart grid network is enhanced by rectifying the fault using a FACT device termed UPQC(Unified Power Quality Controller)and thereby storing the data in cloud storage.The data from smart grid cloud storage and KDD99 are pre-pro-cessed and are optimized using Improved Aquila Swarm Optimization(IASO)to extract optimal features.The probabilistic Recurrent Neural Network(PRNN)classifier is then employed for the prediction and classification of intrusions.At last,the performance is estimated and the outcomes are projected in terms of grid voltage,grid current,Total Harmonic Distortion(THD),voltage sag/swell,accu-racy,precision,recall,F-score,false acceptance rate(FAR),and detection rate of the classifier.The analysis is compared with existing techniques to validate the proposed model efficiency.

An Intelligent Approach for Intrusion Detection in Industrial Control System

Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographically distributed control elements,and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions.In recent years,there has been a lot of focus on the security of industrial control systems.Due to the advancement in information technologies,the risk of cyberattacks on industrial control system has been drastically increased.Because they are so inextricably tied to human life,any damage to them might have devastating consequences.To provide an efficient solution to such problems,this paper proposes a new approach to intrusion detection.First,the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process.Then,a prior estimation of the class is proposed based on a support vector machine.Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms.

An Efficient Cyber Security and Intrusion Detection System Using CRSR with PXORP-ECC and LTH-CNN

Intrusion Detection System(IDS)is a network security mechanism that analyses all users’and applications’traffic and detectsmalicious activities in real-time.The existing IDSmethods suffer fromlower accuracy and lack the required level of security to prevent sophisticated attacks.This problem can result in the system being vulnerable to attacks,which can lead to the loss of sensitive data and potential system failure.Therefore,this paper proposes an Intrusion Detection System using Logistic Tanh-based Convolutional Neural Network Classification(LTH-CNN).Here,the Correlation Coefficient based Mayfly Optimization(CC-MA)algorithm is used to extract the input characteristics for the IDS from the input data.Then,the optimized features are utilized by the LTH-CNN,which returns the attacked and non-attacked data.After that,the attacked data is stored in the log file and non-attacked data is mapped to the cyber security and data security phases.To prevent the system from cyber-attack,the Source and Destination IP address is converted into a complex binary format named 1’s Complement Reverse Shift Right(CRSR),where,in the data security phase the sensed data is converted into an encrypted format using Senders Public key Exclusive OR Receivers Public Key-Elliptic Curve Cryptography(PXORP-ECC)Algorithm to improve the data security.TheNetwork Security Laboratory-Knowledge Discovery inDatabases(NSLKDD)dataset and real-time sensor are used to train and evaluate the proposed LTH-CNN.The suggested model is evaluated based on accuracy,sensitivity,and specificity,which outperformed the existing IDS methods,according to the results of the experiments.

Modified Metaheuristics with Weighted Majority Voting Ensemble Deep Learning Model for Intrusion Detection System

The Internet of Things(IoT)system has confronted dramatic growth in high dimensionality and data traffic.The system named intrusion detection systems(IDS)is broadly utilized for the enhancement of security posture in an IT infrastructure.An IDS is a practical and suitable method for assuring network security and identifying attacks by protecting it from intrusive hackers.Nowadays,machine learning(ML)-related techniques were used for detecting intrusion in IoTs IDSs.But,the IoT IDS mechanism faces significant challenges because of physical and functional diversity.Such IoT features use every attribute and feature for IDS self-protection unrealistic and difficult.This study develops a Modified Metaheuristics with Weighted Majority Voting Ensemble Deep Learning(MM-WMVEDL)model for IDS.The proposed MM-WMVEDL technique aims to discriminate distinct kinds of attacks in the IoT environment.To attain this,the presented MM-WMVEDL technique implements min-max normalization to scale the input dataset.For feature selection purposes,the MM-WMVEDL technique exploits the Harris hawk optimization-based elite fractional derivative mutation(HHO-EFDM)technique.In the presented MM-WMVEDL technique,a Bi-directional long short-term memory(BiLSTM),extreme learning machine(ELM)and an ensemble of gated recurrent unit(GRU)models take place.A wide range of simulation analyses was performed on CICIDS-2017 dataset to exhibit the promising performance of the MM-WMVEDL technique.The comparison study pointed out the supremacy of the MM-WMVEDL method over other recent methods with accuracy of 99.67%.

Internet of Things Intrusion Detection System Based on Convolutional Neural Network

In recent years, the Internet of Things (IoT) technology has developedby leaps and bounds. However, the large and heterogeneous networkstructure of IoT brings high management costs. In particular, the low costof IoT devices exposes them to more serious security concerns. First, aconvolutional neural network intrusion detection system for IoT devices isproposed. After cleaning and preprocessing the NSL-KDD dataset, this paperuses feature engineering methods to select appropriate features. Then, basedon the combination of DCNN and machine learning, this paper designs acloud-based loss function, which adopts a regularization method to preventoverfitting. The model consists of one input layer, two convolutional layers,two pooling layers and three fully connected layers and one output layer.Finally, a framework that can fully consider the user’s privacy protection isproposed. The framework can only exchange model parameters or intermediateresults without exchanging local individuals or sample data. This paperfurther builds a global model based on virtual fusion data, so as to achievea balance between data privacy protection and data sharing computing. Theperformance indicators such as accuracy, precision, recall, F1 score, and AUCof the model are verified by simulation. The results show that the model ishelpful in solving the problem that the IoT intrusion detection system cannotachieve high precision and low cost at the same time.

A Fused Machine Learning Approach for Intrusion Detection System

The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet.The interconnectivity of networks has brought various complexities in maintaining network availability,consistency,and discretion.Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities.An intrusion detection system controls the flow of network traffic with the help of computer systems.Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic.For this purpose,when the network traffic encounters known or unknown intrusions in the network,a machine-learning framework is needed to identify and/or verify network intrusion.The Intrusion detection scheme empowered with a fused machine learning technique(IDS-FMLT)is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks.The proposed IDS-FMLT system model obtained 95.18%validation accuracy and a 4.82%miss rate in intrusion detection.

An Intrusion Detection System for SDN Using Machine Learning

Software Defined Networking(SDN)has emerged as a promising and exciting option for the future growth of the internet.SDN has increased the flexibility and transparency of the managed,centralized,and controlled network.On the other hand,these advantages create a more vulnerable environment with substantial risks,culminating in network difficulties,system paralysis,online banking frauds,and robberies.These issues have a significant detrimental impact on organizations,enterprises,and even economies.Accuracy,high performance,and real-time systems are necessary to achieve this goal.Using a SDN to extend intelligent machine learning methodologies in an Intrusion Detection System(IDS)has stimulated the interest of numerous research investigators over the last decade.In this paper,a novel HFS-LGBM IDS is proposed for SDN.First,the Hybrid Feature Selection algorithm consisting of two phases is applied to reduce the data dimension and to obtain an optimal feature subset.In thefirst phase,the Correlation based Feature Selection(CFS)algorithm is used to obtain the feature subset.The optimal feature set is obtained by applying the Random Forest Recursive Feature Elimination(RF-RFE)in the second phase.A LightGBM algorithm is then used to detect and classify different types of attacks.The experimental results based on NSL-KDD dataset show that the proposed system produces outstanding results compared to the existing methods in terms of accuracy,precision,recall and f-measure.