Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent di...Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.展开更多
Escalating cyber security threats and the increased use of Internet of Things(IoT)devices require utilisation of the latest technologies available to supply adequate protection.The aim of Intrusion Detection Systems(I...Escalating cyber security threats and the increased use of Internet of Things(IoT)devices require utilisation of the latest technologies available to supply adequate protection.The aim of Intrusion Detection Systems(IDS)is to prevent malicious attacks that corrupt operations and interrupt data flow,which might have significant impact on critical industries and infrastructure.This research examines existing IDS,based on Artificial Intelligence(AI)for IoT devices,methods,and techniques.The contribution of this study consists of identification of the most effective IDS systems in terms of accuracy,precision,recall and F1-score;this research also considers training time.Results demonstrate that Graph Neural Networks(GNN)have several benefits over other traditional AI frameworks through their ability to achieve in excess of 99%accuracy in a relatively short training time,while also capable of learning from network traffic the inherent characteristics of different cyber-attacks.These findings identify the GNN(a Deep Learning AI method)as the most efficient IDS system.The novelty of this research lies also in the linking between high yielding AI-based IDS algorithms and the AI-based learning approach for data privacy protection.This research recommends Federated Learning(FL)as the AI training model,which increases data privacy protection and reduces network data flow,resulting in a more secure and efficient IDS solution.展开更多
A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or ma...A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.展开更多
Cybersecurity threats are increasing rapidly as hackers use advanced techniques.As a result,cybersecurity has now a significant factor in protecting organizational limits.Intrusion detection systems(IDSs)are used in n...Cybersecurity threats are increasing rapidly as hackers use advanced techniques.As a result,cybersecurity has now a significant factor in protecting organizational limits.Intrusion detection systems(IDSs)are used in networks to flag serious issues during network management,including identifying malicious traffic,which is a challenge.It remains an open contest over how to learn features in IDS since current approaches use deep learning methods.Hybrid learning,which combines swarm intelligence and evolution,is gaining attention for further improvement against cyber threats.In this study,we employed a PSO-GA(fusion of particle swarm optimization(PSO)and genetic algorithm(GA))for feature selection on the CICIDS-2017 dataset.To achieve better accuracy,we proposed a hybrid model called LSTM-GRU of deep learning that fused the GRU(gated recurrent unit)and LSTM(long short-term memory).The results show considerable improvement,detecting several network attacks with 98.86%accuracy.A comparative study with other current methods confirms the efficacy of our proposed IDS scheme.展开更多
The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The eviden...The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The evidence of intrusions is to be associated from all the held up nodes. From the last few years, mobile agent based technique in intrusion detection system (IDS) has been widely used to detect intrusion over distributed network. This paper presented survey of several existing mobile agent based intrusion detection system and comparative analysis report between them. Furthermore we have focused on each attribute of analysis, for example technique (NIDS, HIDS or Hybrid), behavior layer, detection techniques for analysis, uses of mobile agent and technology used by existing IDS, strength and issues. Their strengths and issues are situational wherever appropriate. We have observed that some of the existing techniques are used in IDS which causes low detection rate, behavior layers like TCP connection for packet capturing which is most important activity in NIDS and response time (technology execution time) with memory consumption by mobile agent as major issues.展开更多
Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightene...Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightened by the theory of Deep Learning Neural Networks,Hierarchy Distributed-Agents Model for Network Risk Evaluation,a newly developed model,is proposed.The architecture taken on by the distributed-agents model are given,as well as the approach of analyzing network intrusion detection using Deep Learning,the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented,and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built.Furthermore,to examine the proposed model,a series of experiments were conducted in terms of NSLKDD datasets.The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60%on NSL-KDD datasets.As the results acquired from the experiment indicate,the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.展开更多
Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their spe...Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.展开更多
Cyber-attacks on cyber-physical systems(CPSs)resulted to sensing and actuation misbehavior,severe damage to physical object,and safety risk.Machine learning(ML)models have been presented to hinder cyberattacks on the ...Cyber-attacks on cyber-physical systems(CPSs)resulted to sensing and actuation misbehavior,severe damage to physical object,and safety risk.Machine learning(ML)models have been presented to hinder cyberattacks on the CPS environment;however,the non-existence of labelled data from new attacks makes their detection quite interesting.Intrusion Detection System(IDS)is a commonly utilized to detect and classify the existence of intrusions in the CPS environment,which acts as an important part in secure CPS environment.Latest developments in deep learning(DL)and explainable artificial intelligence(XAI)stimulate new IDSs to manage cyberattacks with minimum complexity and high sophistication.In this aspect,this paper presents an XAI based IDS using feature selection with Dirichlet Variational Autoencoder(XAIIDS-FSDVAE)model for CPS.The proposed model encompasses the design of coyote optimization algorithm(COA)based feature selection(FS)model is derived to select an optimal subset of features.Next,an intelligent Dirichlet Variational Autoencoder(DVAE)technique is employed for the anomaly detection process in the CPS environment.Finally,the parameter optimization of the DVAE takes place using a manta ray foraging optimization(MRFO)model to tune the parameter of the DVAE.In order to determine the enhanced intrusion detection efficiency of the XAIIDS-FSDVAE technique,a wide range of simulations take place using the benchmark datasets.The experimental results reported the better performance of the XAIIDSFSDVAE technique over the recent methods in terms of several evaluation parameters.展开更多
The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- s...The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.展开更多
Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is establish...Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.展开更多
Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior chara...Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior characteristics are becoming increasingly complicated,posing significant hurdles to intrusion detection.The challenges in terms of false positives,false negatives,low detection accuracy,high running time,adversarial attacks,uncertain attacks,etc.lead to insecure Intrusion Detection System(IDS).To offset the existing challenge,the work has developed a secure Data Mining Intrusion detection system(DataMIDS)framework using Functional Perturbation(FP)feature selection and Bengio Nesterov Momentum-based Tuned Generative Adversarial Network(BNM-tGAN)attack detection technique.The data mining-based framework provides shallow learning of features and emphasizes feature engineering as well as selection.Initially,the IDS data are analyzed for missing values based on the Marginal Likelihood Fisher Information Matrix technique(MLFIMT)that identifies the relationship among the missing values and attack classes.Based on the analysis,the missing values are classified as Missing Completely at Random(MCAR),Missing at random(MAR),Missing Not at Random(MNAR),and handled according to the types.Thereafter,categorical features are handled followed by feature scaling using Absolute Median Division based Robust Scalar(AMDRS)and the Handling of the imbalanced dataset.The selection of relevant features is initiated using FP that uses‘3’Feature Selection(FS)techniques i.e.,Inverse Chi Square based Flamingo Search(ICS-FSO)wrapper method,Hyperparameter Tuned Threshold based Decision Tree(HpTT-DT)embedded method,and Xavier Normal Distribution based Relief(XavND-Relief)filter method.Finally,the selected features are trained and tested for detecting attacks using BNM-tGAN.The Experimental analysis demonstrates that the introduced DataMIDS framework produces an accurate diagnosis about the attack with low computation time.The work avoids false alarm rate of attacks and remains to be relatively robust against malicious attacks as compared to existing methods.展开更多
基金Supported by the Key Program of Natural Science Foundation of China(050335020)
文摘Traditional Intrusion Detection System (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.
文摘Escalating cyber security threats and the increased use of Internet of Things(IoT)devices require utilisation of the latest technologies available to supply adequate protection.The aim of Intrusion Detection Systems(IDS)is to prevent malicious attacks that corrupt operations and interrupt data flow,which might have significant impact on critical industries and infrastructure.This research examines existing IDS,based on Artificial Intelligence(AI)for IoT devices,methods,and techniques.The contribution of this study consists of identification of the most effective IDS systems in terms of accuracy,precision,recall and F1-score;this research also considers training time.Results demonstrate that Graph Neural Networks(GNN)have several benefits over other traditional AI frameworks through their ability to achieve in excess of 99%accuracy in a relatively short training time,while also capable of learning from network traffic the inherent characteristics of different cyber-attacks.These findings identify the GNN(a Deep Learning AI method)as the most efficient IDS system.The novelty of this research lies also in the linking between high yielding AI-based IDS algorithms and the AI-based learning approach for data privacy protection.This research recommends Federated Learning(FL)as the AI training model,which increases data privacy protection and reduces network data flow,resulting in a more secure and efficient IDS solution.
文摘A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.
文摘Cybersecurity threats are increasing rapidly as hackers use advanced techniques.As a result,cybersecurity has now a significant factor in protecting organizational limits.Intrusion detection systems(IDSs)are used in networks to flag serious issues during network management,including identifying malicious traffic,which is a challenge.It remains an open contest over how to learn features in IDS since current approaches use deep learning methods.Hybrid learning,which combines swarm intelligence and evolution,is gaining attention for further improvement against cyber threats.In this study,we employed a PSO-GA(fusion of particle swarm optimization(PSO)and genetic algorithm(GA))for feature selection on the CICIDS-2017 dataset.To achieve better accuracy,we proposed a hybrid model called LSTM-GRU of deep learning that fused the GRU(gated recurrent unit)and LSTM(long short-term memory).The results show considerable improvement,detecting several network attacks with 98.86%accuracy.A comparative study with other current methods confirms the efficacy of our proposed IDS scheme.
文摘The extensive access of network interaction has made present networks more responsive to earlier intrusions. In distributed network intrusions, there are many computing nodes that are assisted by intruders. The evidence of intrusions is to be associated from all the held up nodes. From the last few years, mobile agent based technique in intrusion detection system (IDS) has been widely used to detect intrusion over distributed network. This paper presented survey of several existing mobile agent based intrusion detection system and comparative analysis report between them. Furthermore we have focused on each attribute of analysis, for example technique (NIDS, HIDS or Hybrid), behavior layer, detection techniques for analysis, uses of mobile agent and technology used by existing IDS, strength and issues. Their strengths and issues are situational wherever appropriate. We have observed that some of the existing techniques are used in IDS which causes low detection rate, behavior layers like TCP connection for packet capturing which is most important activity in NIDS and response time (technology execution time) with memory consumption by mobile agent as major issues.
基金This work is supported by the National Key Research and Development Program of China under Grant 2016YFB0800600the Natural Science Foundation of China under Grant(No.61872254 and No.U1736212)+2 种基金the Fundamental Research Funds for the central Universities(No.YJ201727,No.A0920502051815-98)Academic and Technical Leaders’Training Support Fund of Sichuan Province(2016)the research projects of the Humanity and Social Science Youth Foundation of Ministry of Education(13YJCZH021).We want to convey our grateful appreciation to the corresponding author of this paper,Gang Liang,who has offered advice with huge values in all stages when writing this essay to us.
文摘Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightened by the theory of Deep Learning Neural Networks,Hierarchy Distributed-Agents Model for Network Risk Evaluation,a newly developed model,is proposed.The architecture taken on by the distributed-agents model are given,as well as the approach of analyzing network intrusion detection using Deep Learning,the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented,and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built.Furthermore,to examine the proposed model,a series of experiments were conducted in terms of NSLKDD datasets.The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60%on NSL-KDD datasets.As the results acquired from the experiment indicate,the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.
文摘Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.
文摘Cyber-attacks on cyber-physical systems(CPSs)resulted to sensing and actuation misbehavior,severe damage to physical object,and safety risk.Machine learning(ML)models have been presented to hinder cyberattacks on the CPS environment;however,the non-existence of labelled data from new attacks makes their detection quite interesting.Intrusion Detection System(IDS)is a commonly utilized to detect and classify the existence of intrusions in the CPS environment,which acts as an important part in secure CPS environment.Latest developments in deep learning(DL)and explainable artificial intelligence(XAI)stimulate new IDSs to manage cyberattacks with minimum complexity and high sophistication.In this aspect,this paper presents an XAI based IDS using feature selection with Dirichlet Variational Autoencoder(XAIIDS-FSDVAE)model for CPS.The proposed model encompasses the design of coyote optimization algorithm(COA)based feature selection(FS)model is derived to select an optimal subset of features.Next,an intelligent Dirichlet Variational Autoencoder(DVAE)technique is employed for the anomaly detection process in the CPS environment.Finally,the parameter optimization of the DVAE takes place using a manta ray foraging optimization(MRFO)model to tune the parameter of the DVAE.In order to determine the enhanced intrusion detection efficiency of the XAIIDS-FSDVAE technique,a wide range of simulations take place using the benchmark datasets.The experimental results reported the better performance of the XAIIDSFSDVAE technique over the recent methods in terms of several evaluation parameters.
基金This project was supported by the National Natural Science Foundation of China (60672068)the National High Technology Development 863 Program of China (2006AA01Z436, 2007AA01Z452.)
文摘The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermea- sures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions, the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.
基金Supported by the National Natural Science Foundation of China (60373110, 60573130, 60502011)
文摘Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced, and its running mechanism is established. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is presented. This model implements the multi-layer and distributed active defense mechanism for network intrusion. The experiment results show that this model is a good solution to the network security defense.
文摘Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior characteristics are becoming increasingly complicated,posing significant hurdles to intrusion detection.The challenges in terms of false positives,false negatives,low detection accuracy,high running time,adversarial attacks,uncertain attacks,etc.lead to insecure Intrusion Detection System(IDS).To offset the existing challenge,the work has developed a secure Data Mining Intrusion detection system(DataMIDS)framework using Functional Perturbation(FP)feature selection and Bengio Nesterov Momentum-based Tuned Generative Adversarial Network(BNM-tGAN)attack detection technique.The data mining-based framework provides shallow learning of features and emphasizes feature engineering as well as selection.Initially,the IDS data are analyzed for missing values based on the Marginal Likelihood Fisher Information Matrix technique(MLFIMT)that identifies the relationship among the missing values and attack classes.Based on the analysis,the missing values are classified as Missing Completely at Random(MCAR),Missing at random(MAR),Missing Not at Random(MNAR),and handled according to the types.Thereafter,categorical features are handled followed by feature scaling using Absolute Median Division based Robust Scalar(AMDRS)and the Handling of the imbalanced dataset.The selection of relevant features is initiated using FP that uses‘3’Feature Selection(FS)techniques i.e.,Inverse Chi Square based Flamingo Search(ICS-FSO)wrapper method,Hyperparameter Tuned Threshold based Decision Tree(HpTT-DT)embedded method,and Xavier Normal Distribution based Relief(XavND-Relief)filter method.Finally,the selected features are trained and tested for detecting attacks using BNM-tGAN.The Experimental analysis demonstrates that the introduced DataMIDS framework produces an accurate diagnosis about the attack with low computation time.The work avoids false alarm rate of attacks and remains to be relatively robust against malicious attacks as compared to existing methods.
