A New Database Intrusion Detection Approach Based on Hybrid Meta-Heuristics

A new secured database management system architecture using intrusion detection systems(IDS)is proposed in this paper for organizations with no previous role mapping for users.A simple representation of Structured Query Language queries is proposed to easily permit the use of the worked clustering algorithm.A new clustering algorithm that uses a tube search with adaptive memory is applied to database log files to create users’profiles.Then,queries issued for each user are checked against the related user profile using a classifier to determine whether or not each query is malicious.The IDS will stop query execution or report the threat to the responsible person if the query is malicious.A simple classifier based on the Euclidean distance is used and the issued query is transformed to the proposed simple representation using a classifier,where the Euclidean distance between the centers and the profile’s issued query is calculated.A synthetic data set is used for our experimental evaluations.Normal user access behavior in relation to the database is modelled using the data set.The false negative(FN)and false positive(FP)rates are used to compare our proposed algorithm with other methods.The experimental results indicate that our proposed method results in very small FN and FP rates.

A Distributed Intrusion Detection Model via Nondestructive Partitioning and Balanced Allocation for Big Data

There are two key issues in distributed intrusion detection system,that is,maintaining load balance of system and protecting data integrity.To address these issues,this paper proposes a new distributed intrusion detection model for big data based on nondestructive partitioning and balanced allocation.A data allocation strategy based on capacity and workload is introduced to achieve local load balance,and a dynamic load adjustment strategy is adopted to maintain global load balance of cluster.Moreover,data integrity is protected by using session reassemble and session partitioning.The simulation results show that the new model enjoys favorable advantages such as good load balance,higher detection rate and detection efficiency.

MA-IDS: A Distributed Intrusion Detection System Based on Data Mining

Aiming at the shortcomings in intrusion detection systems (IDSs) used incommercial and research fields, we propose the MA-IDS system, a distributed intrusion detectionsystem based on data mining. In this model, misuse intrusion detection system CM1DS) and anomalyintrusion de-lection system (AIDS) are combined. Data mining is applied to raise detectionperformance, and distributed mechanism is employed to increase the scalability and efficiency. Host-and network-based mining algorithms employ an improved. Bayes-ian decision theorem that suits forreal security environment to minimize the risks incurred by false decisions. We describe the overallarchitecture of the MA-IDS system, and discuss specific design and implementation issue.

Performance Study of Distributed Multi-Agent Intrusion Detection System

Traditional Intrusion Detection System （IDS） based on hosts or networks no longer meets the security requirements in today＇s network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributed intrusion detection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusion detection is higher than 92% on the average.

A High-level Architecture for Intrusion Detection on Heterogeneous Wireless Sensor Networks: Hierarchical, Scalable and Dynamic Reconfigurable

Networks protection against different types of attacks is one of most important posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. Now, there are some of proposed solutions to protect Wireless Sensor Networks (WSNs) against different types of intrusions;but no one of them has a comprehensive view to this problem and they are usually designed in single-purpose;but, the proposed design in this paper has been a comprehensive view to this issue by presenting a complete Intrusion Detection Architecture (IDA). The main contribution of this architecture is its hierarchical structure;i.e. it is designed and applicable, in one, two or three levels, consistent to the application domain and its required security level. Focus of this paper is on the clustering WSNs, designing and deploying Sensor-based Intrusion Detection System (SIDS) on sensor nodes, Cluster-based Intrusion Detection System (CIDS) on cluster-heads and Wireless Sensor Network wide level Intrusion Detection System (WSNIDS) on the central server. Suppositions of the WSN and Intrusion Detection Architecture (IDA) are: static and heterogeneous network, hierarchical, distributed and clustering structure along with clusters' overlapping. Finally, this paper has been designed a questionnaire to verify the proposed idea;then it analyzed and evaluated the acquired results from the questionnaires.

A Multi-Leveled Approach to Intrusion Detection and the Insider Threat

When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.

Optimization of Stealthwatch Network Security System for the Detection and Mitigation of Distributed Denial of Service (DDoS) Attack: Application to Smart Grid System

The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.

Adaptive Butterfly Optimization Algorithm(ABOA)Based Feature Selection and Deep Neural Network(DNN)for Detection of Distributed Denial-of-Service(DDoS)Attacks in Cloud

Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.

An immune based dynamic intrusion detection model

With the dynamic description method for self and antigen, and the concept of dynamic immune tolerance for lymphocytes in network-security domain presented in this paper, a new immune based dynamic intrusion detection model (Idid) is proposed. In Idid, the dynamic models and the corresponding recursive equations of the lifecycle of ma- ture lymphocytes, and the immune memory are built. Therefore, the problem of the dynamic description of self and nonself in computer immune systems is solved, and the defect of the low efficiency of mature lymphocyte generating in traditional computer immune systems is overcome. Simu- lations of this model are performed, and the comparison experiment results show that the proposed dynamic intrusion detection model has a better adaptability than the traditional methods.

Building a highly available and intrusion tolerant database security and protection system （ DSPS）

Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

A Neuro-genetic Based Short-term Forecasting Framework for Network Intrusion Prediction System

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by ＂authorized＂ users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system （IDS） is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference （KDD 2009） intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS （NGIDS） involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this work show that the system achieves improvement in terms of misclassification cost when compared with conventional IDS. The results of the experiments show that this system can be deployed based on a real network or database environment for effective prediction of both normal attacks and new attacks.

DDoS Attack Detection in Cloud Computing Based on Ensemble Feature Selection and Deep Learning

Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks.

Developing a Secure Framework Using Feature Selection and Attack Detection Technique

Intrusion detection is critical to guaranteeing the safety of the data in the network.Even though,since Internet commerce has grown at a breakneck pace,network traffic kinds are rising daily,and network behavior characteristics are becoming increasingly complicated,posing significant hurdles to intrusion detection.The challenges in terms of false positives,false negatives,low detection accuracy,high running time,adversarial attacks,uncertain attacks,etc.lead to insecure Intrusion Detection System(IDS).To offset the existing challenge,the work has developed a secure Data Mining Intrusion detection system(DataMIDS)framework using Functional Perturbation(FP)feature selection and Bengio Nesterov Momentum-based Tuned Generative Adversarial Network(BNM-tGAN)attack detection technique.The data mining-based framework provides shallow learning of features and emphasizes feature engineering as well as selection.Initially,the IDS data are analyzed for missing values based on the Marginal Likelihood Fisher Information Matrix technique(MLFIMT)that identifies the relationship among the missing values and attack classes.Based on the analysis,the missing values are classified as Missing Completely at Random(MCAR),Missing at random(MAR),Missing Not at Random(MNAR),and handled according to the types.Thereafter,categorical features are handled followed by feature scaling using Absolute Median Division based Robust Scalar(AMDRS)and the Handling of the imbalanced dataset.The selection of relevant features is initiated using FP that uses‘3’Feature Selection(FS)techniques i.e.,Inverse Chi Square based Flamingo Search(ICS-FSO)wrapper method,Hyperparameter Tuned Threshold based Decision Tree(HpTT-DT)embedded method,and Xavier Normal Distribution based Relief(XavND-Relief)filter method.Finally,the selected features are trained and tested for detecting attacks using BNM-tGAN.The Experimental analysis demonstrates that the introduced DataMIDS framework produces an accurate diagnosis about the attack with low computation time.The work avoids false alarm rate of attacks and remains to be relatively robust against malicious attacks as compared to existing methods.

入侵检测技术在计算机数据库中的应用

随着信息技术的快速发展,计算机数据库成为攻击者的主要目标,入侵检测技术(IDT)逐渐成为维护网络安全的重要工具。IDT通过监控和分析网络流量,能有效识别和预防未授权的访问及恶意攻击。该技术不仅可以防御病毒和恶意软件,还能有效管理内部威胁。在计算机数据库环境中,IDT能提高数据的真实性和有效性,确保系统的稳定运行。结合数据加密、访问控制、安全审计与监控等技术,可以形成更加全面的防御策略,为数据库提供多层次的保护。文中分析了IDT在计算机数据库中的应用,包括技术实现、挑战应对、成功案例以及与其他安全技术的综合应用。

A Hierarchy Distributed-Agents Model for Network Risk Evaluation Based on Deep Learning

Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic,which is especially relevant in Network Intrusion Detection.In this paper,as enlightened by the theory of Deep Learning Neural Networks,Hierarchy Distributed-Agents Model for Network Risk Evaluation,a newly developed model,is proposed.The architecture taken on by the distributed-agents model are given,as well as the approach of analyzing network intrusion detection using Deep Learning,the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented,and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built.Furthermore,to examine the proposed model,a series of experiments were conducted in terms of NSLKDD datasets.The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60%on NSL-KDD datasets.As the results acquired from the experiment indicate,the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.

Utilizing Machine Learning with Unique Pentaplet Data Structure to Enhance Data Integrity

Data protection in databases is critical for any organization,as unauthorized access or manipulation can have severe negative consequences.Intrusion detection systems are essential for keeping databases secure.Advancements in technology will lead to significant changes in the medical field,improving healthcare services through real-time information sharing.However,reliability and consistency still need to be solved.Safeguards against cyber-attacks are necessary due to the risk of unauthorized access to sensitive information and potential data corruption.Dis-ruptions to data items can propagate throughout the database,making it crucial to reverse fraudulent transactions without delay,especially in the healthcare industry,where real-time data access is vital.This research presents a role-based access control architecture for an anomaly detection technique.Additionally,the Structured Query Language(SQL)queries are stored in a new data structure called Pentaplet.These pentaplets allow us to maintain the correlation between SQL statements within the same transaction by employing the transaction-log entry information,thereby increasing detection accuracy,particularly for individuals within the company exhibiting unusual behavior.To identify anomalous queries,this system employs a supervised machine learning technique called Support Vector Machine(SVM).According to experimental findings,the proposed model performed well in terms of detection accuracy,achieving 99.92%through SVM with One Hot Encoding and Principal Component Analysis(PCA).

面向雾计算的个性化轻量级分布式网络入侵检测系统

随着物联网技术不断发展,低时延高动态大带宽的新型物联网应用不断出现。这些需求导致海量设备和信息广泛聚集在网络边缘,因而推动了雾计算架构的出现和深入发展。而随着雾计算架构的广泛深入应用,为了保障其安全所部署的分布式网络安全架构也面临着雾计算本身所带来的挑战,如雾计算节点计算和网络通信资源的局限性以及雾计算应用的高动态性限制了复杂网络入侵检测算法的边缘化部署。为了有效解决上述问题,提出了一个面向雾计算架构的个性化轻量级分布式网络入侵检测系统(PLD-NIDS)。该系统基于卷积神经网络架构训练大规模复杂网络流入侵检测模型,同时进一步采集各雾计算节点的网络流量类型分布情况,提出个性化模型蒸馏算法和基于加权一阶泰勒近似剪枝算法对复杂模型进行快速个性化压缩,突破了传统模型压缩算法在面对大量个性化节点时由于压缩计算开销过大而只能提供单一压缩模型用于边缘节点部署的局限性。根据实验结果,所提的PLD-NIDS架构能够实现边缘入侵检测模型的快速个性化压缩。与传统模型剪枝算法相比,所提出的架构在计算损耗和模型精度上取得了较好平衡。在模型精度上,所提的加权一阶泰勒近似剪枝算法与传统一阶泰勒近似剪枝算法相比,在同样的0.2%模型精度损失条件下能够提升约4%的模型压缩比。

智能配用电系统的网络攻击检测与保护控制技术:发展与挑战

先进信息技术在智能配用电系统(Smart power distribution and utilization system,SPDUS)中的广泛应用,加深了系统信息侧与电力物理侧的耦合程度,智能配用电系统已逐渐转变为信息-物理空间高度融合、信息资源与物理资源相互结合与协调的智能配用电信息物理系统(Smart power distribution and utilization cyber physical system,SPDU-CPS)。本文重点从面向SPDU-CPS的网络攻击入侵检测、网络攻击防御保护以及自愈控制三个角度,对国内外相关技术的发展与挑战进行总结、梳理。在网络攻击入侵检测方面,总结了基于偏差类、基于特征类以及混合类网络攻击检测方法的检测思路及实施路径;在网络攻击防御保护方面,总结了提升信息网络防御能力的信息侧保护方法、基于资源优化配置和数据校正保护的物理侧保护方法以及融合两侧信息及保护功能的信息物理协同保护方法;在自愈控制方面,对传统电力物理侧自愈控制以及基于信息物理协同的自愈控制现有研究进行了归纳和整理。最后,结合SPDU-CPS的特点及发展趋势,对未来研究方向进行了展望。

V2G网络中基于联邦学习和CNN-BiLSTM的DDoS攻击检测

DDoS攻击是V2G网络的重要威胁之一,它可以在短时间内耗尽服务器的通信资源。此前方法以集中式模型为主,将数据从边缘设备传输到中央服务器进行训练可能会将数据暴露给各种攻击。研究了一种基于联邦学习的入侵检测系统,首先,考虑到V2G网络数据的高维性和数据间的时间依赖性,将采集的数据通过改进的特征选择算法进行降维,减少冗余特征,再将处理后的数据传入到融合了卷积神经网络和双向长短时记忆网络的混合模型中,捕获数据中的时间依赖性,并引入批标准化防止神经网络训练过程中出现梯度消失问题;其次,为了防止隐私泄露,结合联邦学习的固有特性,允许数据留在本地用于神经网络模型的训练;为了解决联邦学习通信造成网络负载压力过大的问题,设计了一种通过设置动态通信阈值筛选参与更新最优边缘设备的方案以减轻网络负载压力。实验结果表明,该方法的准确率可以高达99.95%,单轮通信时间减少了1.7 s。

船舶数字通信的分布式入侵防御系统构建

构建船舶数字通信的分布式入侵防御系统可以提高船舶网络的安全性、可用性和管理效率,保护船舶的敏感信息和商业利益,确保船舶的正常运行和通信安全,具有非常重要的开发价值。本文研究核心在于分布式入侵防御系统的关键技术开发,包括信息的加密技术、数据库技术、安全通信技术以及防御系统的业务逻辑层搭建等,基于Windows平台开发了船舶数字通信的分布式入侵防御系统。