The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learn...The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learning(ML)to learn from pastexperience attack i.e.signatures based and identify the new ones.Even though these methods are effective,but they have to suffer from large computational costs due to considering all the traffic features,together.Moreover,emerging technologies like the Internet of Things(Io T),big data,etc.are getting advanced day by day;as a result,network traffics are also increasing rapidly.Therefore,the issue of computational cost needs to be addressed properly.Thus,in this research,firstly,the ML methods have been used with the feature selection technique(FST)to reduce the number of features by picking out only the important ones from NSL-KDD,CICIDS2017,and CIC-DDo S2019datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network.The experimental result demonstrated that the proposed model i.e.Decision tree(DT)with Recursive feature elimination(RFE)performs better than other classifiers with RFE in terms of accuracy,specificity,precision,sensitivity,F1-score,and G-means on the investigated datasets.展开更多
The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this d...The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this development has expanded the potential targets that hackers might exploit.Without adequate safeguards,data transmitted on the internet is significantly more susceptible to unauthorized access,theft,or alteration.The identification of unauthorised access attempts is a critical component of cybersecurity as it aids in the detection and prevention of malicious attacks.This research paper introduces a novel intrusion detection framework that utilizes Recurrent Neural Networks(RNN)integrated with Long Short-Term Memory(LSTM)units.The proposed model can identify various types of cyberattacks,including conventional and distinctive forms.Recurrent networks,a specific kind of feedforward neural networks,possess an intrinsic memory component.Recurrent Neural Networks(RNNs)incorporating Long Short-Term Memory(LSTM)mechanisms have demonstrated greater capabilities in retaining and utilizing data dependencies over extended periods.Metrics such as data types,training duration,accuracy,number of false positives,and number of false negatives are among the parameters employed to assess the effectiveness of these models in identifying both common and unusual cyberattacks.RNNs are utilised in conjunction with LSTM to support human analysts in identifying possible intrusion events,hence enhancing their decision-making capabilities.A potential solution to address the limitations of Shallow learning is the introduction of the Eccentric Intrusion Detection Model.This model utilises Recurrent Neural Networks,specifically exploiting LSTM techniques.The proposed model achieves detection accuracy(99.5%),generalisation(99%),and false-positive rate(0.72%),the parameters findings reveal that it is superior to state-of-the-art techniques.展开更多
Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
The phenomenal increase in device connectivity is making the signaling and resource-based operational integrity of networks at the node level increasingly prone to distributed denial of service(DDoS)attacks.The curren...The phenomenal increase in device connectivity is making the signaling and resource-based operational integrity of networks at the node level increasingly prone to distributed denial of service(DDoS)attacks.The current growth rate in the number of Internet of Things(IoT)attacks executed at the time of exchanging data over the Internet represents massive security hazards to IoT devices.In this regard,the present study proposes a new hybrid optimization technique that combines the firefly optimization algorithm with global searches for use in attack detection on IoT devices.We preprocessed two datasets,CICIDS and UNSW-NB15,to remove noise and missing values.The next step is to perform feature extraction using principal component analysis(PCA).Next,we utilize a globalized firefly optimization algorithm(GFOA)to identify and select vectors that indicate low-rate attacks.We finally switch to the Naïve Bayes(NB)classifier at the classification stage to compare it with the traditional extreme gradient boosting classifier in this attack-dimension classifying scenario,demonstrating the superiority of GFOA.The study concludes that the method by GFOA scored outstandingly,with accuracy,precision,and recall levels of 89.76%,84.7%,and 90.83%,respectively,and an F-measure of 91.11%against the established method that had an F-measure of 64.35%.展开更多
Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervise...Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.展开更多
Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data ...Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).展开更多
文摘The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learning(ML)to learn from pastexperience attack i.e.signatures based and identify the new ones.Even though these methods are effective,but they have to suffer from large computational costs due to considering all the traffic features,together.Moreover,emerging technologies like the Internet of Things(Io T),big data,etc.are getting advanced day by day;as a result,network traffics are also increasing rapidly.Therefore,the issue of computational cost needs to be addressed properly.Thus,in this research,firstly,the ML methods have been used with the feature selection technique(FST)to reduce the number of features by picking out only the important ones from NSL-KDD,CICIDS2017,and CIC-DDo S2019datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network.The experimental result demonstrated that the proposed model i.e.Decision tree(DT)with Recursive feature elimination(RFE)performs better than other classifiers with RFE in terms of accuracy,specificity,precision,sensitivity,F1-score,and G-means on the investigated datasets.
基金This work was supported partially by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)Support Program(IITP-2024-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet.Regrettably,this development has expanded the potential targets that hackers might exploit.Without adequate safeguards,data transmitted on the internet is significantly more susceptible to unauthorized access,theft,or alteration.The identification of unauthorised access attempts is a critical component of cybersecurity as it aids in the detection and prevention of malicious attacks.This research paper introduces a novel intrusion detection framework that utilizes Recurrent Neural Networks(RNN)integrated with Long Short-Term Memory(LSTM)units.The proposed model can identify various types of cyberattacks,including conventional and distinctive forms.Recurrent networks,a specific kind of feedforward neural networks,possess an intrinsic memory component.Recurrent Neural Networks(RNNs)incorporating Long Short-Term Memory(LSTM)mechanisms have demonstrated greater capabilities in retaining and utilizing data dependencies over extended periods.Metrics such as data types,training duration,accuracy,number of false positives,and number of false negatives are among the parameters employed to assess the effectiveness of these models in identifying both common and unusual cyberattacks.RNNs are utilised in conjunction with LSTM to support human analysts in identifying possible intrusion events,hence enhancing their decision-making capabilities.A potential solution to address the limitations of Shallow learning is the introduction of the Eccentric Intrusion Detection Model.This model utilises Recurrent Neural Networks,specifically exploiting LSTM techniques.The proposed model achieves detection accuracy(99.5%),generalisation(99%),and false-positive rate(0.72%),the parameters findings reveal that it is superior to state-of-the-art techniques.
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
文摘The phenomenal increase in device connectivity is making the signaling and resource-based operational integrity of networks at the node level increasingly prone to distributed denial of service(DDoS)attacks.The current growth rate in the number of Internet of Things(IoT)attacks executed at the time of exchanging data over the Internet represents massive security hazards to IoT devices.In this regard,the present study proposes a new hybrid optimization technique that combines the firefly optimization algorithm with global searches for use in attack detection on IoT devices.We preprocessed two datasets,CICIDS and UNSW-NB15,to remove noise and missing values.The next step is to perform feature extraction using principal component analysis(PCA).Next,we utilize a globalized firefly optimization algorithm(GFOA)to identify and select vectors that indicate low-rate attacks.We finally switch to the Naïve Bayes(NB)classifier at the classification stage to compare it with the traditional extreme gradient boosting classifier in this attack-dimension classifying scenario,demonstrating the superiority of GFOA.The study concludes that the method by GFOA scored outstandingly,with accuracy,precision,and recall levels of 89.76%,84.7%,and 90.83%,respectively,and an F-measure of 91.11%against the established method that had an F-measure of 64.35%.
文摘Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.
文摘Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).
