Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
10,165
result(s) for
"Intrusion detection systems"
Sort by:
Network anomaly detection : a machine learning perspective
\"This book discusses detection of anomalies in computer networks from a machine learning perspective. It introduces readers to how computer networks work and how they can be attacked by intruders in search of fame, fortune, or challenge. The reader will learn how one can look for patterns in captured network traffic data to look for anomalous patterns that may correspond to attempts at unauthorized intrusion. The reader will be given a technical and sophisticated description of such algorithms and their applications in the context of intrusion detection in networks\"-- Provided by publisher.
Book
Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions
This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’
Xplore
. These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.
Journal Article
Encrypted Malicious Traffic Detection Based on Word2Vec
Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.
Journal Article
A hybrid IDS for detection and mitigation of sinkhole attack in 6LoWPAN networks
The
Internet of Things (IoT)
is an expanding field of computer networks where resource-constrained devices connect to the internet through various wireless technologies. IoT systems already cover a broad spectrum, including smart homes, smart hospital systems, and hazard detection systems, with their influence expected to grow in the coming years. However, IoT systems are not without their drawbacks, as security breaches and device malfunctions can lead to severe disruptions in the ecosystem. In this article, we introduce an edge-assisted hybrid intrusion detection system designed to detect and mitigate Sinkhole Attacks (SHAs) within the IoT ecosystem. The unique aspect of our proposed approach is its deployment on edge devices, enabling it to identify SHAs as close as possible to the relevant data sources. Furthermore, we provide a comparative analysis based on simulation results and real-world testbed experiments to support our proposed methodology. Our findings demonstrate considerable improvements in scalability, accuracy, precision, recall,
F
1 score, packet delivery ratio, per-node power consumption, overall IoT network energy consumption, and end-to-end delay.
Journal Article
Improving Collaborative Intrusion Detection System Using Blockchain and Pluggable Authentication Modules for Sustainable Smart City
The threat of cyber-attacks is ever increasing in today’s society. There is a clear need for better and more effective defensive tools. Intrusion detection can be defined as the detection of anomalous behavior either in the host or in the network. An intrusion detection system can be used to identify the anomalous behavior of the system. The two major tasks of intrusion detection are to monitor data and raise an alert to the system administrators when an intrusion takes place. The current intrusion detection system is incapable of tackling sophisticated attacks which take place on the entire network containing large number of nodes while maintaining a low number of login attempts on each node in the system. A collaborative intrusion detection system (CIDS) was designed to remove the inefficiency of the current intrusion detection system which failed to detect coordinated distributed attacks. The main problem in the CIDS is the concept of trust. Hosts in the network need to trust the data sent by other peers in the network. To bring in the concept of trust and implement the proof-of-concept, blockchain was used. Pluggable authentication modules (PAM) were also used to track login activity securely before an intruder could modify the login activity. To implement blockchain, an Ethereum-based private blockchain was used.
Journal Article
Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method
In recent years, many methods for intrusion detection systems (IDS) have been designed and developed in the research community, which have achieved a perfect detection rate using IDS datasets. Deep neural networks (DNNs) are representative examples applied widely in IDS. However, DNN models are becoming increasingly complex in model architectures with high resource computing in hardware requirements. In addition, it is difficult for humans to obtain explanations behind the decisions made by these DNN models using large IoT-based IDS datasets. Many proposed IDS methods have not been applied in practical deployments, because of the lack of explanation given to cybersecurity experts, to support them in terms of optimizing their decisions according to the judgments of the IDS models. This paper aims to enhance the attack detection performance of IDS with big IoT-based IDS datasets as well as provide explanations of machine learning (ML) model predictions. The proposed ML-based IDS method is based on the ensemble trees approach, including decision tree (DT) and random forest (RF) classifiers which do not require high computing resources for training models. In addition, two big datasets are used for the experimental evaluation of the proposed method, NF-BoT-IoT-v2, and NF-ToN-IoT-v2 (new versions of the original BoT-IoT and ToN-IoT datasets), through the feature set of the net flow meter. In addition, the IoTDS20 dataset is used for experiments. Furthermore, the SHapley additive exPlanations (SHAP) is applied to the eXplainable AI (XAI) methodology to explain and interpret the classification decisions of DT and RF models; this is not only effective in interpreting the final decision of the ensemble tree approach but also supports cybersecurity experts in quickly optimizing and evaluating the correctness of their judgments based on the explanations of the results.
Journal Article
Real-Time Intrusion Detection in IIoT Stream Data Using Window-Based Weighted Ensemble Techniques
The Industrial Internet of Things (IIoT) is a fast-expanding field of technology that radically transforms the industrial environment into an automated one. Network stream data offers a constant stream of real-time data from numerous sensors and devices, which is essential in IIoT systems. Assailants can more readily access network stream data when there is network automation, making network data collection more susceptible. For effective data analytics, we have to identify the counteract cyber threats. To gain relevant insights from this data, Intrusion Detection Systems (IDS) are required. To address this issue, the Automated Intrusion Detection Framework (AIDF)” is developed for network drift adaption in IIoT systems. This framework has a Window-based Weighted Ensemble (WWE) model with optimized feature selection using Whale Optimization. The effectiveness of the suggested framework for real-time network intrusion detection is evaluated using a dataset from both the real world and static. The proposed framework outperforms well compared to the state-of-the-art methods. This is applicable in several sectors, including banking, healthcare, and transportation, which may use the suggested framework to improve their cyber security posture and protect themselves from online threats.
Journal Article
Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity
Cyberspace has become an indispensable factor for all areas of the modern world. The world is becoming more and more dependent on the internet for everyday living. The increasing dependency on the internet has also widened the risks of malicious threats. On account of growing cybersecurity risks, cybersecurity has become the most pivotal element in the cyber world to battle against all cyber threats, attacks, and frauds. The expanding cyberspace is highly exposed to the intensifying possibility of being attacked by interminable cyber threats. The objective of this survey is to bestow a brief review of different machine learning (ML) techniques to get to the bottom of all the developments made in detection methods for potential cybersecurity risks. These cybersecurity risk detection methods mainly comprise of fraud detection, intrusion detection, spam detection, and malware detection. In this review paper, we build upon the existing literature of applications of ML models in cybersecurity and provide a comprehensive review of ML techniques in cybersecurity. To the best of our knowledge, we have made the first attempt to give a comparison of the time complexity of commonly used ML models in cybersecurity. We have comprehensively compared each classifier’s performance based on frequently used datasets and sub-domains of cyber threats. This work also provides a brief introduction of machine learning models besides commonly used security datasets. Despite having all the primary precedence, cybersecurity has its constraints compromises, and challenges. This work also expounds on the enormous current challenges and limitations faced during the application of machine learning techniques in cybersecurity.
Journal Article
A Survey on Intrusion Detection and Prevention Systems
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to identify intrusions. It alerts the system administrators about the detected intrusions and makes them responsible for restoring the affected system(s). To automatically handle intrusions, an IDS is integrated with a response component, and the combined system is known as an intrusion detection and response system (IDRS). An IDRS forms a reactive pair that detects and responds to intrusions affecting the system(s). To prevent the occurrence of intrusions proactively, an intrusion prevention system (IPS) is deployed with an IDRS. Intrusion prevention and detection system (IPDS) forms a strong line of defense against malicious attempts that try to violate the privacy and security of the monitored device(s). This paper is an up-to-date survey of 113 research articles published in the area of IPSs, IDSs, and IDRSs in the past 7 years. It provides several insights into the literature, highlighting various future research areas. It describes the characteristics, merits, and demerits of different types of IPSs, IDSs, and IDRSs, that are a pre-requisite for developing efficient IPDSs. The foundations of the three systems and the description of their complementary functionalities as a combined system are also explained in this paper. To the best of our knowledge, there exist survey papers that focus on IPS, IDS, and IDRS separately, but not all three systems together. This paper explains the interconnected roles of IPS, IDS, and IDRS to develop an IPDS.
Journal Article
Optimization of Intrusion Detection Systems Determined by Ameliorated HNADAM-SGD Algorithm
Information security is of pivotal concern for consistently streaming information over the widespread internetwork. The bottleneck flow of incoming and outgoing data traffic introduces the issues of malicious activities taken place by intruders, hackers and attackers in the form of authenticity obstruction, gridlocking data traffic, vandalizing data and crashing the established network. The issue of emerging suspicious activities is managed by the domain of Intrusion Detection Systems (IDS). The IDS consistently monitors the network for the identification of suspicious activities, and generates alarm and indication in the presence of malicious threats and worms. The performance of IDS is improved by using different machine learning algorithms. In this paper, the Nesterov-Accelerated Adaptive Moment Estimation–Stochastic Gradient Descent (HNADAM-SDG) algorithm is proposed to determine the performance of Intrusion Detection Systems IDS. The algorithm is used to optimize IDS systems by hybridization and tuning of hyperparameters. The performance of algorithm is compared with other classification algorithms such as logistic regression, ridge classifier and ensemble algorithms where the experimental analysis and computations show the improved accuracy with 99.8%, sensitivity with 99.7%, and specificity with 99.5%.
Journal Article