Network Intrusion Detection in Internet of Blended Environment Using Ensemble of Heterogeneous Autoencoders(E-HAE)

Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively.

Network-based anomaly intrusion detection with numeric-and-nominal mixed data

Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA （defense advanced research project agency） intrusion detection evaluation show that this approach can detect attacks effectively.

An Optimized and Hybrid Framework for Image Processing Based Network Intrusion Detection System

The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

Network management and multimedia data mining techniques have a great interest in analyzing and improving the network traffic process.In recent times,the most complex task in Software Defined Network(SDN)is security,which is based on a centralized,programmable controller.Therefore,monitoring network traffic is significant for identifying and revealing intrusion abnormalities in the SDN environment.Consequently,this paper provides an extensive analysis and investigation of the NSL-KDD dataset using five different clustering algorithms:K-means,Farthest First,Canopy,Density-based algorithm,and Exception-maximization(EM),using the Waikato Environment for Knowledge Analysis(WEKA)software to compare extensively between these five algorithms.Furthermore,this paper presents an SDN-based intrusion detection system using a deep learning(DL)model with the KDD(Knowledge Discovery in Databases)dataset.First,the utilized dataset is clustered into normal and four major attack categories via the clustering process.Then,a deep learning method is projected for building an efficient SDN-based intrusion detection system.The results provide a comprehensive analysis and a flawless reasonable study of different kinds of attacks incorporated in the KDD dataset.Similarly,the outcomes reveal that the proposed deep learning method provides efficient intrusion detection performance compared to existing techniques.For example,the proposed method achieves a detection accuracy of 94.21%for the examined dataset.

Designing Intrusion Detection System for Web Documents Using Neural Network

Cryptographic systems are the most widely used techniques for information security. These systems however have their own pitfalls as they rely on prevention as their sole means of defense. That is why most of the organizations are attracted to the intrusion detection systems. The intrusion detection systems can be broadly categorized into two types, Anomaly and Misuse Detection systems. An anomaly-based system detects com-puter intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. Misuse detection systems can detect almost all known attack patterns;they however are hardly of any use to de-tect yet unknown attacks. In this paper, we use Neural Networks for detecting intrusive web documents avail-able on Internet. For this purpose Back Propagation Neural (BPN) Network architecture is applied that is one of the most popular network architectures for supervised learning. Analysis is carried out on Internet Security and Acceleration (ISA) server 2000 log for finding out the web documents that should not be accessed by the unau-thorized persons in an organization. There are lots of web documents available online on Internet that may be harmful for an organization. Most of these documents are blocked for use, but still users of the organization try to access these documents and may cause problem in the organization network.

Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

Anomaly-Based Intrusion DetectionModel Using Deep Learning for IoT Networks

The rapid growth of Internet of Things(IoT)devices has brought numerous benefits to the interconnected world.However,the ubiquitous nature of IoT networks exposes them to various security threats,including anomaly intrusion attacks.In addition,IoT devices generate a high volume of unstructured data.Traditional intrusion detection systems often struggle to cope with the unique characteristics of IoT networks,such as resource constraints and heterogeneous data sources.Given the unpredictable nature of network technologies and diverse intrusion methods,conventional machine-learning approaches seem to lack efficiency.Across numerous research domains,deep learning techniques have demonstrated their capability to precisely detect anomalies.This study designs and enhances a novel anomaly-based intrusion detection system(AIDS)for IoT networks.Firstly,a Sparse Autoencoder(SAE)is applied to reduce the high dimension and get a significant data representation by calculating the reconstructed error.Secondly,the Convolutional Neural Network(CNN)technique is employed to create a binary classification approach.The proposed SAE-CNN approach is validated using the Bot-IoT dataset.The proposed models exceed the performance of the existing deep learning approach in the literature with an accuracy of 99.9%,precision of 99.9%,recall of 100%,F1 of 99.9%,False Positive Rate(FPR)of 0.0003,and True Positive Rate(TPR)of 0.9992.In addition,alternative metrics,such as training and testing durations,indicated that SAE-CNN performs better.

A Stacking-Based Deep Neural Network Approach for Effective Network Anomaly Detection

An anomaly-based intrusion detection system(A-IDS)provides a critical aspect in a modern computing infrastructure since new types of attacks can be discovered.It prevalently utilizes several machine learning algorithms(ML)for detecting and classifying network traffic.To date,lots of algorithms have been proposed to improve the detection performance of A-IDS,either using individual or ensemble learners.In particular,ensemble learners have shown remarkable performance over individual learners in many applications,including in cybersecurity domain.However,most existing works still suffer from unsatisfactory results due to improper ensemble design.The aim of this study is to emphasize the effectiveness of stacking ensemble-based model for A-IDS,where deep learning(e.g.,deep neural network[DNN])is used as base learner model.The effectiveness of the proposed model and base DNN model are benchmarked empirically in terms of several performance metrics,i.e.,Matthew’s correlation coefficient,accuracy,and false alarm rate.The results indicate that the proposed model is superior to the base DNN model as well as other existing ML algorithms found in the literature.

A new data normalization method for unsupervised anomaly intrusion detection

Unsupervised anomaly detection can detect attacks without the need for clean or labeled training data.This paper studies the application of clustering to unsupervised anomaly detection(ACUAD).Data records are mapped to a feature space.Anomalies are detected by determining which points lie in the sparse regions of the feature space.A critical element for this method to be effective is the definition of the distance function between data records.We propose a unified normalization distance framework for records with numeric and nominal features mixed data.A heuristic method that computes the distance for nominal features is proposed,taking advantage of an important characteristic of nominal features-their probability distribution.Then,robust methods are proposed for mapping numeric features and computing their distance,these being able to tolerate the impact of the value difference in scale and diversification among features,and outliers introduced by intrusions.Empirical experiments with the KDD 1999 dataset showed that ACUAD can detect intrusions with relatively low false alarm rates compared with other approaches.

A Framework for an Adaptive Anomaly Detection System with Fuzzy Data Mining

In this paper, we present an adaptive anomaly detection framework that isapplicable to network-based intrusion detection. Our framework employs fuzzy cluster algorithm to detect anomalies in an online, adaptive fashion without a priori knowledge of the underlying data. We evaluate our method by performing experiments over network records from the KDD CUP99 data set.

Data Stream Subspace Clustering for Anomalous Network Packet Detection

As the Internet offers increased connectivity between human beings, it has fallen prey to malicious users who exploit its resources to gain illegal access to critical information. In an effort to protect computer networks from external attacks, two common types of Intrusion Detection Systems (IDSs) are often deployed. The first type is signature-based IDSs which can detect intrusions efficiently by scanning network packets and comparing them with human-generated signatures describing previously-observed attacks. The second type is anomaly-based IDSs able to detect new attacks through modeling normal network traffic without the need for a human expert. Despite this advantage, anomaly-based IDSs are limited by a high false-alarm rate and difficulty detecting network attacks attempting to blend in with normal traffic. In this study, we propose a StreamPreDeCon anomaly-based IDS. StreamPreDeCon is an extension of the preference subspace clustering algorithm PreDeCon designed to resolve some of the challenges associated with anomalous packet detection. Using network packets extracted from the first week of the DARPA '99 intrusion detection evaluation dataset combined with Generic Http, Shellcode and CLET attacks, our IDS achieved 94.4% sensitivity and 0.726% false positives in a best case scenario. To measure the overall effectiveness of the IDS, the average sensitivity and false positive rates were calculated for both the maximum sensitivity and the minimum false positive rate. With the maximum sensitivity, the IDS had 80% sensitivity and 9% false positives on average. The IDS also averaged 63% sensitivity with a 0.4% false positive rate when the minimal number of false positives is needed. These rates are an improvement on results found in a previous study as the sensitivity rate in general increased while the false positive rate decreased.

Intrusion-detection model integrating anomaly with misuse for space information network

In recent years,following the development of space commutation,space information has become a critical part in space information network and will play a very significant role in winning future information war.A space information network with characteristics such as complex structure,special communication requirement,long delay,dependence on remote maintenance,and fragile ecological environment contains enormous security risks.Therefore,ensuring space information network safety is important.Intrusion-detection model as an important part of a network security system becomes a hot issue in space network security.We propose an intrusion-detection method that integrates anomaly with misuse,which supports automatic updates from a remote ground,and design a distributed intrusion-detection model of space information network.

An Efficient Unsupervised Learning Approach for Detecting Anomaly in Cloud

The Cloud system shows its growing functionalities in various industrial applications.The safety towards data transfer seems to be a threat where Network Intrusion Detection System(NIDS)is measured as an essential element to fulfill security.Recently,Machine Learning(ML)approaches have been used for the construction of intellectual IDS.Most IDS are based on ML techniques either as unsupervised or supervised.In supervised learning,NIDS is based on labeled data where it reduces the efficiency of the reduced model to identify attack patterns.Similarly,the unsupervised model fails to provide a satisfactory outcome.Hence,to boost the functionality of unsupervised learning,an effectual auto-encoder is applied for feature selection to select good features.Finally,the Naïve Bayes classifier is used for classification purposes.This approach exposes the finest generalization ability to train the data.The unlabelled data is also used for adoption towards data analysis.Here,redundant and noisy samples over the dataset are eliminated.To validate the robustness and efficiency of NIDS,the anticipated model is tested over the NSL-KDD dataset.The experimental outcomes demonstrate that the anticipated approach attains superior accuracy with 93%,which is higher compared to J48,AB tree,Random Forest(RF),Regression Tree(RT),Multi-Layer Perceptrons(MLP),Support Vector Machine(SVM),and Fuzzy.Similarly,False Alarm Rate(FAR)and True Positive Rate(TPR)of Naive Bayes(NB)is 0.3 and 0.99,respectively.When compared to prevailing techniques,the anticipated approach also delivers promising outcomes.

Novel design concepts for network intrusion systems based on dendritic cells processes

An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.

基于GATv2的网络入侵异常检测方法

【目的】随着网络环境日益复杂化,其所遭受的威胁也愈发严重。入侵检测作为网络安全主动防御的重要手段之一,需要提供更健壮、更有效的检测方法来应对这些挑战。【方法】图神经网络在异常检测方面表现优异。本文基于GATv2(一种改进的图神经网络方法)来构建网络入侵检测的图神经网络方法E-ResGATv2。具体来说,首先将网络流量数据构建成网络流量图,然后通过图形转换来将流量图转换成适合图神经网络处理的图形,以此检测入侵异常流量,并将残差学习集成到图神经网络聚合信息的过程中。【结果】在两个公开入侵检测数据集上的实验结果表明,E-ResGATv2方法的检测效果要好于原始图神经方法,并且具有更强的抗噪能力。【结论】在与机器学习方法取得相似检测效果的情况下,图神经网络方法表现出更强的抗干扰能力,这在复杂多变的网络环境中具有实际意义。

基于特征选择和进化神经网络的网络异常入侵检测方法

由于网络信息数量庞大,内部存在大量冗余特征信息,异常检测时容易受其影响,导致检测效率降低,无法保障网络运行安全。为此提出基于特征选择和进化神经网络的网络异常入侵检测方法。应用主成分分析法选择合适的网络运行数据特征,基于进化神经网络构建异常入侵检测模型,阐述网络异常入侵检测过程,并制定特征数据提取模式与异常入侵判定规则,从而获取最终网络异常入侵检测结果。实验数据显示,提出方法获得异常入侵检测特征数量与最佳特征数量相同,网络异常入侵检测相对准确率最大值为98%,以此证明所提方法检测异常入侵精准性高。

Two-Dimensional Projection-Based Wireless Intrusion Classification Using Lightweight EfficientNet

Internet of Things(IoT)networks leverage wireless communication protocols,which adversaries can exploit.Impersonation attacks,injection attacks,and flooding are several examples of different attacks existing in Wi-Fi networks.Intrusion Detection System(IDS)became one solution to distinguish those attacks from benign traffic.Deep learning techniques have been intensively utilized to classify the attacks.However,the main issue of utilizing deep learning models is projecting the data,notably tabular data,into an image.This study proposes a novel projection from wireless network attacks data into a grid-based image for feeding one of the Convolutional Neural Network(CNN)models,EfficientNet.We define the particular sequence of placing the attribute values in a grid that would be captured as an image.Combining the most important subset of attributes and EfficientNet,we aim for an accurate and lightweight IDS module deployed in IoT networks.We examine the proposed model using the Wi-Fi attacks dataset,called the AWID2 dataset.We achieve the best performance by a 99.91%F1 score and 0.11%false-positive rate.In addition,our proposed model achieved comparable results with other statistical machine learning models,which shows that our proposed model successfully exploited the spatial information of tabular data to maintain detection accuracy.