期刊文献+
共找到29篇文章
< 1 2 >
每页显示 20 50 100
Network Intrusion Traffic Detection Based on Feature Extraction 被引量:1
1
作者 Xuecheng Yu Yan Huang +2 位作者 Yu Zhang Mingyang Song Zhenhong Jia 《Computers, Materials & Continua》 SCIE EI 2024年第1期473-492,共20页
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(... With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%. 展开更多
关键词 network intrusion traffic detection PCA Hotelling’s T^(2) BiLSTM
下载PDF
Artificial Immune Detection for Network Intrusion Data Based on Quantitative Matching Method
2
作者 CaiMing Liu Yan Zhang +1 位作者 Zhihui Hu Chunming Xie 《Computers, Materials & Continua》 SCIE EI 2024年第2期2361-2389,共29页
Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune de... Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance. 展开更多
关键词 Immune detection network intrusion network data signature detection quantitative matching method
下载PDF
Hybrid Gaussian Network Intrusion Detection Method Based on CGAN and E-GraphSAGE
3
作者 Xinyi Liang Hongyan Xing +3 位作者 Wei Gu Tianhao Hou Zhiwei Ni Xinyi Wang 《Instrumentation》 2024年第2期24-35,共12页
The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protectin... The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task. 展开更多
关键词 network intrusion detection IOT deep learning
下载PDF
Network Intrusion Detection in Internet of Blended Environment Using Ensemble of Heterogeneous Autoencoders(E-HAE)
4
作者 Lelisa Adeba Jilcha Deuk-Hun Kim +1 位作者 Julian Jang-Jaccard Jin Kwak 《Computer Systems Science & Engineering》 SCIE EI 2023年第9期3261-3284,共24页
Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the co... Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively. 展开更多
关键词 network intrusion detection anomaly detection TON_IoT dataset smart grid smart city smart factory digital healthcare autoencoder variational autoencoder LSTM convolutional variational autoencoder ensemble learning
下载PDF
Real-Time Network Intrusion Prevention System Using Incremental Feature Generation
5
作者 Yeongje Uhm Wooguil Pak 《Computers, Materials & Continua》 SCIE EI 2022年第1期1631-1648,共18页
Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attack... Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks. 展开更多
关键词 network intrusion detection network intrusion prevention REALTIME two-level classifier
下载PDF
Novel design concepts for network intrusion systems based on dendritic cells processes 被引量:2
6
作者 RICHARD M R 谭冠政 +1 位作者 ONGALO P N F CHERUIYOT W 《Journal of Central South University》 SCIE EI CAS 2013年第8期2175-2185,共11页
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism... An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment. 展开更多
关键词 artificial immune systems network intrusion detection anomaly detection feature reduction negative selectionalgorithm danger model
下载PDF
A Novel Immune System Model and Its Application to Network Intrusion Detection 被引量:2
7
作者 LingJun CaoYang +1 位作者 YinJian-hua HuangTian-xi 《Wuhan University Journal of Natural Sciences》 CAS 2003年第02A期393-398,共6页
Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network I... Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS, which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network. And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model. 展开更多
关键词 Key words network intrusion Detection System 5 Immune System self profile automated self profile extraction algorithm
下载PDF
An immunity-based technique to detect network intrusions
8
作者 潘峰 丁云飞 汪为农 《Journal of Zhejiang University-Science A(Applied Physics & Engineering)》 SCIE EI CAS CSCD 2005年第5期371-377,共7页
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune... This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results. 展开更多
关键词 Artificial immune system network intrusion detection Negative selection Clonal selection
下载PDF
An Optimized and Hybrid Framework for Image Processing Based Network Intrusion Detection System
9
作者 Murtaza Ahmed Siddiqi Wooguil Pak 《Computers, Materials & Continua》 SCIE EI 2022年第11期3921-3949,共29页
The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational neces... The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS. 展开更多
关键词 Anomaly detection convolution neural networks deep learning image processing intrusion detection network intrusion detection
下载PDF
A Step-Based Deep Learning Approach for Network Intrusion Detection
10
作者 Yanyan Zhang Xiangjin Ran 《Computer Modeling in Engineering & Sciences》 SCIE EI 2021年第9期1231-1245,共15页
In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion... In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion detection on the basis of GoogLeNet Inception and deep convolutional neural networks(CNNs)models is proposed.The proposed method used the GoogLeNet Inception model to identify the network packets’binary problem.Subsequently,the characteristics of the packets’raw data and the traffic features are extracted.The CNNs model is also used to identify the multiclass intrusions by the network packets’features.In the experimental results,the proposed method shows an improvement in the identification accuracy,where it achieves up to 99.63%.In addition,the missed detection rate is reduced to be 0.1%.The results prove the high performance of the proposed method in enhancing the NIDS’s reliability. 展开更多
关键词 network intrusion detection system deep convolutional neural networks GoogLeNet Inception model step-based intrusion detection
下载PDF
Research on the Large-scale Network Intrusion Mode based on Principal Component Analysis and Drop Quality Sampling
11
作者 Yanmei Zhang 《International Journal of Technology Management》 2016年第7期8-11,共4页
In this paper, we conduct research on the large-scale network intrusion mode based on the principal component analysis and dropquality sampling. With the growing of network security issues, invasion detection becomes ... In this paper, we conduct research on the large-scale network intrusion mode based on the principal component analysis and dropquality sampling. With the growing of network security issues, invasion detection becomes the study hotspot. There are two main types of thatinvasion detection technology, the fi rst is that misuse detection and the anomaly detection. Misuse detection can more accurately detect attacks,but high non-response rates, anomaly detection could detect the unknown attacks, but higher rate of false positives. Network invasion detectionproblem is summed up in the network data fl ow of discriminant problem, namely the judgment of network data fl ow is normal or malicious andin this sense here invasion detection problem can be understood as a pattern recognition problem. Our research integrates the PCA and samplingtechnique to propose the new idea on the IDS that is innovative and will promote the development of the corresponding techniques. 展开更多
关键词 network intrusion Principal Component Analysis Drop Quality Sampling Scale.
下载PDF
IDS-INT:Intrusion detection system using transformer-based transfer learning for imbalanced network traffic 被引量:3
12
作者 Farhan Ullah Shamsher Ullah +1 位作者 Gautam Srivastava Jerry Chun-Wei Lin 《Digital Communications and Networks》 SCIE CSCD 2024年第1期190-204,共15页
A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a... A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model. 展开更多
关键词 network intrusion detection Transfer learning Features extraction Imbalance data Explainable AI CYBERSECURITY
下载PDF
Feature extraction for machine learning-based intrusion detection in IoT networks 被引量:1
13
作者 Mohanad Sarhan Siamak Layeghy +2 位作者 Nour Moustafa Marcus Gallagher Marius Portmann 《Digital Communications and Networks》 SCIE CSCD 2024年第1期205-216,共12页
A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have ... A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field. 展开更多
关键词 Feature extraction Machine learning network intrusion detection system IOT
下载PDF
FMSA:a meta-learning framework-based fast model stealing attack technique against intelligent network intrusion detection systems
14
作者 Kaisheng Fan Weizhe Zhang +1 位作者 Guangrui Liu Hui He 《Cybersecurity》 EI CSCD 2024年第1期110-121,共12页
Intrusion detection systems are increasingly using machine learning.While machine learning has shown excellent performance in identifying malicious traffic,it may increase the risk of privacy leakage.This paper focuse... Intrusion detection systems are increasingly using machine learning.While machine learning has shown excellent performance in identifying malicious traffic,it may increase the risk of privacy leakage.This paper focuses on imple-menting a model stealing attack on intrusion detection systems.Existing model stealing attacks are hard to imple-ment in practical network environments,as they either need private data of the victim dataset or frequent access to the victim model.In this paper,we propose a novel solution called Fast Model Stealing Attack(FMSA)to address the problem in the field of model stealing attacks.We also highlight the risks of using ML-NIDS in network security.First,meta-learning frameworks are introduced into the model stealing algorithm to clone the victim model in a black-box state.Then,the number of accesses to the target model is used as an optimization term,resulting in minimal queries to achieve model stealing.Finally,adversarial training is used to simulate the data distribution of the target model and achieve the recovery of privacy data.Through experiments on multiple public datasets,compared to existing state-of-the-art algorithms,FMSA reduces the number of accesses to the target model and improves the accuracy of the clone model on the test dataset to 88.9%and the similarity with the target model to 90.1%.We can demonstrate the successful execution of model stealing attacks on the ML-NIDS system even with protective measures in place to limit the number of anomalous queries. 展开更多
关键词 AI security Model stealing attack network intrusion detection Meta learning
原文传递
A Time Series Intrusion Detection Method Based on SSAE,TCN and Bi-LSTM
15
作者 Zhenxiang He Xunxi Wang Chunwei Li 《Computers, Materials & Continua》 SCIE EI 2024年第1期845-871,共27页
In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciat... In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems. 展开更多
关键词 network intrusion detection bidirectional long short-term memory network time series stacked sparse autoencoder temporal convolutional network time steps
下载PDF
A parameterized multilevel pattern matching architecture on FPGAs for network intrusion detection and prevention 被引量:1
16
作者 SONG Tian WANG DongSheng TANG ZhiZhong 《Science in China(Series F)》 2009年第6期949-963,共15页
Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing ... Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing speed network, this component needs to be accelerated by well designed custom coprocessor.This paper presents a parameterized multilevel pattern matching architecture (MPM) which is used on FPGAs.To achieve less chip area, the architecture is designed based on the idea of selected character decoding (SCD) and multilevel method which are analyzed in detail.This paper also proposes an MPM generator that can generate RTL-level codes of MPM by giving a pattern set and predefined parameters.With the generator, the efficient MPM architecture can be generated and embedded to a total hardware solution.The third contribution is a mathematical model and formula to estimate the chip area for each MPM before it is generated, which is useful for choosing the proper type of FPGAs.One example MPM architecture is implemented by giving 1785 patterns of Snort on Xilinx Virtex 2 Pro FPGA.The results show that this MPM can achieve 4.3 Gbps throughput with 5 stages of pipelines and 0.22 slices per character, about one half chip area of the most area-efficient architecture in literature.Other results are given to show that MPM is also efficient for general random pattern sets.The performance of MPM can be scalable near linearly, potential for more than 100 Gbps throughput. 展开更多
关键词 network intrusion detection network intrusion prevention pattern matching network security
原文传递
Memory Efficient String Matching Algorithm for Network Intrusion Management System 被引量:9
17
作者 余建明 薛一波 李军 《Tsinghua Science and Technology》 SCIE EI CAS 2007年第5期585-593,共9页
As the core algorithm and the most time consuming part of almost every modern network intrusion management system (NIMS), string matching is essential for the inspection of network flows at the line speed. This pape... As the core algorithm and the most time consuming part of almost every modern network intrusion management system (NIMS), string matching is essential for the inspection of network flows at the line speed. This paper presents a memory and time efficient string matching algorithm specifically designed for NIMS on commodity processors. Modifications of the Aho-Corasick (AC) algorithm based on the distribution characteristics of NIMS patterns drastically reduce the memory usage without sacrificing speed in software implementations. In tests on the Snort pattern set and traces that represent typical NIMS workloads, the Snort performance was enhanced 1.48%-20% compared to other well-known alternatives with an automaton size reduction of 4.86-6.11 compared to the standard AC implementation. The results show that special characteristics of the NIMS can be used into a very effective method to optimize the algorithm design. 展开更多
关键词 string matching network intrusion management system (NIMS) Aho-Corasick (AC) algorithm
原文传递
Real-valued multi-area self set optimization in immunity-based network intrusion detection system 被引量:1
18
作者 Zhang Fengbin Xi Liang Wang Shengwen 《High Technology Letters》 EI CAS 2012年第1期1-6,共6页
The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may hav... The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate. 展开更多
关键词 immunity-based network intrusion detection system (NIDS) real-valued self set OPTIMIZATION
下载PDF
Improved Ant Colony Optimization and Machine Learning Based Ensemble Intrusion Detection Model
19
作者 S.Vanitha P.Balasubramanie 《Intelligent Automation & Soft Computing》 SCIE 2023年第4期849-864,共16页
Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification... Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification of anomalies in IoT infrastructure is a growing problem in the IoT domain.Machine Learning Based Ensemble Intrusion Detection(MLEID)method is applied in order to resolve the drawback by minimizing malicious actions in related botnet attacks on Message Queue Telemetry Transport(MQTT)and Hyper-Text Transfer Proto-col(HTTP)protocols.The proposed work has two significant contributions which are a selection of features and detection of attacks.New features are chosen from Improved Ant Colony Optimization(IACO)in the feature selection,and then the detection of attacks is carried out based on a combination of their possible proper-ties.The IACO approach is focused on defining the attacker’s important features against HTTP and MQTT.In the IACO algorithm,the constant factor is calculated against HTTP and MQTT based on the mean function for each element.Attack detection,the performance of several machine learning models are Distance Deci-sion Tree(DDT),Adaptive Neuro-Fuzzy Inference System(ANFIS)and Mahala-nobis Distance Support Vector Machine(MDSVM)were compared with predicting accurate attacks on the IoT network.The outcomes of these classifiers are combined into the ensemble model.The proposed MLEID strategy has effec-tively established malicious incidents.The UNSW-NB15 dataset is used to test the MLEID technique using data from simulated IoT sensors.Besides,the pro-posed MLEID technique has a greater detection rate and an inferior rate of false-positive compared to other conventional techniques. 展开更多
关键词 network intrusion detection system(NIDS) internet of things(IOT) ensemble learning statisticalflow features BOTNET ensemble technique improved ant colony optimization(IACO) feature selection
下载PDF
Intrusion detection systems for wireless sensor networks using computational intelligence techniques 被引量:1
20
作者 Vaishnavi Sivagaminathan Manmohan Sharma Santosh Kumar Henge 《Cybersecurity》 EI CSCD 2024年第2期81-95,共15页
Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approache... Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approaches for data extraction and machine learning to find anomalies.In terms of feature selection,NIDS is far more effective.This is accurate since anomaly identification uses a number of time-consuming features.Because of this,the feature selec-tion method influences how long it takes to analyze movement patterns and how clear it is.The goal of the study is to provide NIDS with an attribute selection approach.PSO has been used for that purpose.The Network Intrusion Detection System that is being developed will be able to identify any malicious activity in the network or any unusual behavior in the network,allowing the identification of the illegal activities and safeguarding the enormous amounts of confidential data belonging to the customers from being compromised.In the research,datasets were produced utilising both a network infrastructure and a simulation network.Wireshark is used to gather data packets whereas Cisco Packet Tracer is used to build a network in a simulated environment.Additionally,a physical network consisting of six node MCUs connected to a laptop and a mobile hotspot,has been built and communication packets are being recorded using the Wireshark tool.To train several machine learning models,all the datasets that were gatheredcre-ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle-were employed.Additionally,PsO,which is an optimization method,has been used with these ML algorithms for feature selection.In the research,KNN,decision trees,and ANN have all been combined with PSO for a specific case study.And it was found demonstrated the classification methods PSO+ANN outperformed PSO+KNN and PSO+DT in this case study. 展开更多
关键词 network intrusion detection systems(NIDS) Cisco packet tracer Wireshark tool Machine learning PSO CYBERSECURITY Optimization
原文传递
上一页 1 2 下一页 到第
使用帮助 返回顶部