The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learn...The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learning(ML)to learn from pastexperience attack i.e.signatures based and identify the new ones.Even though these methods are effective,but they have to suffer from large computational costs due to considering all the traffic features,together.Moreover,emerging technologies like the Internet of Things(Io T),big data,etc.are getting advanced day by day;as a result,network traffics are also increasing rapidly.Therefore,the issue of computational cost needs to be addressed properly.Thus,in this research,firstly,the ML methods have been used with the feature selection technique(FST)to reduce the number of features by picking out only the important ones from NSL-KDD,CICIDS2017,and CIC-DDo S2019datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network.The experimental result demonstrated that the proposed model i.e.Decision tree(DT)with Recursive feature elimination(RFE)performs better than other classifiers with RFE in terms of accuracy,specificity,precision,sensitivity,F1-score,and G-means on the investigated datasets.展开更多
Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervise...Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.展开更多
Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data ...Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).展开更多
文摘The key objective of intrusion detection systems(IDS)is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal.These IDS uses many methods of machine learning(ML)to learn from pastexperience attack i.e.signatures based and identify the new ones.Even though these methods are effective,but they have to suffer from large computational costs due to considering all the traffic features,together.Moreover,emerging technologies like the Internet of Things(Io T),big data,etc.are getting advanced day by day;as a result,network traffics are also increasing rapidly.Therefore,the issue of computational cost needs to be addressed properly.Thus,in this research,firstly,the ML methods have been used with the feature selection technique(FST)to reduce the number of features by picking out only the important ones from NSL-KDD,CICIDS2017,and CIC-DDo S2019datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network.The experimental result demonstrated that the proposed model i.e.Decision tree(DT)with Recursive feature elimination(RFE)performs better than other classifiers with RFE in terms of accuracy,specificity,precision,sensitivity,F1-score,and G-means on the investigated datasets.
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
文摘Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.
文摘Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).
