Intrusion detection is one of the important security problems in todays cyber world. A significant number of techniques have been developed which are based on machine learning approaches. However, they are not very successful in identifying all types of intrusions. In this paper, a detailed investigation and analysis of various machine learning techniques have been carried out for finding the cause of problems associated with various machine learning techniques in detecting intrusive activities. Attack classification and mapping of the attack features is provided corresponding to each attack. Issues which are related to detecting low-frequency attacks using network attack dataset are also discussed and viable methods are suggested for improvement. Machine learning techniques have been analyzed and compared in terms of their detection capability for detecting the various category of attacks. Limitations associated with each category of them are also discussed. Various data mining tools for machine learning have also been included in the paper. At the end, future directions are provided for attack detection using machine learning techniques.

A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection

Open wireless sensor networks (WSNs) in Internet of things (IoT) has led to many zero-day security attacks. Since intrusion detection is a key security solution, this paper presents a lightweight machine learning-based intrusion detection technique with high performance for resource limited IoT wireless networks namely, IoT intrusion detection system (IoTIDS). IoTIDS is based on hybridization of genetic algorithm (GA) and grey wolf optimizer (GWO), termed as GA–GWO. The main aim of the hybrid algorithm for the IoTIDS is to reduce the dimensionality of the huge wireless network traffic through intelligent selecting the most informative traffic features. By hybridizing, we try to eliminate their weaknesses through GA and GWO strengths. The effectiveness of the GA–GWO on IoTIDS is evaluated using AWID (aegean wi-fi intrusion dataset) as a new real-world wireless intrusion dataset, after preprocessing it under different scenarios. The experimental results proved that the proposed GA–GWO individually not only improved the performance of the IoTIDS in terms of computational costs, but it also enabled the IoTIDS to detect ? with high accuracy and low false alarm rate. Furthermore, GA–GWO in comparison to the original GA and GWO and other recent existing methods like FS, weight, and parameter optimization of SVM based on the GA (FWP-SVM-GA) and binary GWO (BGWO) has proven to be more effective.

Hybridizing genetic algorithm and grey wolf optimizer to advance an intelligent and lightweight intrusion detection system for IoT wireless networks

Design of intrusion detection and prevention scheme for improving MANET security, with considered energy efficiency, detection rate, delay, and false positive rate are major research issues. Most of the existing solutions have suffered to obtain accurate detection rate in minimal time execution and energy consumption. In this work we proposed a Smart approach for intrusion detection and prevention system (SA-IDPS) to mitigate attacks in MANET by machine learning methods. Initially, mobile users are registered in Trusted Authority using One Way Hash Chain Function. Each mobile user submits their following information to verify authentication: finger vein biometric, user id, and latitude and longitude. Intrusion detection is executed using four entities: Packet Analyzer, Preprocessing Unit, Feature Extraction Unit and Classification Unit. In packet analyzer, we verify whether any attack pattern is found or not. It is implemented using Type 2 Fuzzy Controller which considers information from packet header. In preprocessing unit, logarithmic normalization and encoding schemes are considered, which is time series and suitable for any application. In feature extraction unit, Mutual Information is used where we extracts optimum set of features for packets classification. In classification unit, Bootstrapped Optimistic Algorithm for Tree Construction with Artificial Neural Network is used for packets classification, which classifies packets five classes: DoS, Probe, U2R, R2L, and Anomaly, and then Association Rule Tree are used to classify whether the attack is Frequent or Rare. In this case, historical table is used for packets classification. Finally, experiments are conducted and tested for evaluating the performance of proposed SA-IDPS scheme in terms of Detection Rate (%), False Positive Rate (%), Detection Delay (s), and Energy Consumption (J).

A Smart Approach for Intrusion Detection and Prevention System in Mobile Ad Hoc Networks Against Security Attacks

A comprehensive taxonomy of schemes to detect and mitigate blackhole attack and its variants in MANETs

Intrusion detection systems are one of the security tools widely deployed in network architectures in order to monitor, detect and eventually respond to any suspicious activity in the network. However, the constantly growing complexity of networks and the virulence of new attacks require more adaptive approaches for optimal responses. In this work, we propose a semi-supervised approach for network anomaly detection inspired from the biological negative selection process. Based on a reduced dataset with a filter/ranking feature selection technique, our algorithm, namely negative selection for network anomaly detection (NSNAD), generates a set of detectors and uses them to classify events as anomaly. Otherwise, they are matched against an Artificial Human Leukocyte Antigen in order to be classified as normal. The accuracy and the computational time of NSNAD are tested under three intrusion detection datasets: NSL-KDD, Kyoto2006+ and UNSW-NB15. We compare the performance of NSNAD against a fully supervised algorithm (Naive Bayes), an unsupervised clustering algorithm (K-means) and a semi-supervised algorithm (One-class SVM) with respect to multiple accuracy metrics. We also compare the time incurred by each algorithm in training and classification stages.

NSNAD: negative selection-based network anomaly detection approach with relevant feature subset

The Intrusion Detection System (IDS) deals with the huge amount of network data that includes redundant and irrelevant features causing slow training and testing procedure, higher resource usage and poor detection ratio. Feature selection is a vital preprocessing step in intrusion detection. Hence, feature selec-tion is an essential issue in intrusion detection and need to be addressed by selec-ting the appropriate feature selection algorithm. A major challenge to select the optimal feature selection methods can precisely calculate the relevance of fea-tures to the detection process and the redundancy among features. In this paper, we study the concepts and algorithms used for feature selection algorithms in the IDS. We conclude this paper by identifying the best feature selection algorithm to select the important and useful features from the network dataset.

Comparative study for feature selection algorithms in intrusion detection system

Web service plays a significant role in the Internet applications. According to the current researchers, the web services are highly prone to the cyber-attacks. The Intrusion Detection System (IDS)...

OMAMIDS: Ontology Based Multi-Agent Model Intrusion Detection System for Detecting Web Service Attacks

Providing security to Mobile Ad-hoc Networks (MANET) is a challenging and demanding task. It is important to secure the network against intrusions in MANET for assuring the development of services. For this purpose, some intrusion-detection systems (IDSs) have been developed in traditional works. However, these have some drawbacks, such as that there is no assurance for public key authentication, certificate validation between two nodes is not possible, and they require a large amount of time for processing. To overcome all these issues, a Trust-Based Authentication Routing with Bio-Inspired Intrusion Detection System (TRAB-IDS) is developed in this article. The main aim of this article is to provide security to the network against harmful intrusions. Here, the trust and deep packet inspection (DPI) concepts are integrated for improving the security. Moreover, the certificate authority generates a public and private key pair for initiating the route agent and authenticating the neighboring nodes. ...

A new trust-based mechanism for detecting intrusions in MANET

Intrusion detection is the method of analysing and monitoring the actions in the internet to recognise the ciphers of security issues. Nowadays, the existing intrusion detection algorithms concentrate on the issues of feature selection, because some of the features are redundant and irrelevant that yields lengthy detection procedures. This paper proposes a combined particle swarm optimisation with genetic algorithm CPSO-GA approach to improve the intrusion detection accuracy. Initially, the dataset is loaded and pre-processed to remove the noisy and redundant information. Then, the necessary features are selected based on the proposed CPSO-GA. The decision rules are formulated for the selected features to improve the attacker prediction. If any new type of attacker established, the dynamic features are analysed, because, the static features are not altered for any instances. The proposed approach achieves higher intrusion detection rate and lesser error percentage than the existing feature selection algorithms and decision tree classifiers.

A decision tree-based rule formation with combined PSO-GA algorithm for intrusion detection system

Mobile ad-hoc Network is a self organized wireless network which has a dynamic topology where nodes can be join or leave the network at anytime with large number of nodes. Due to its infrastructure less, dynamic topology and lack of centralization it is vulnerable to many security attacks. In this paper, we propose to detect the attack by using an Intrusion detection system that uses intuitionistic fuzzy logic which aims to detect distrust behavior of node and identify the attacks if it seems to be an attack based on given rules.

/pdf/an-efficient-and-secure-intrusion-detection-method-in-mobile-2kbp5e6od6.pdf

K. Anusha

Papers

Comparative study for feature selection algorithms in intrusion detection system

OMAMIDS: Ontology Based Multi-Agent Model Intrusion Detection System for Detecting Web Service Attacks

A new trust-based mechanism for detecting intrusions in MANET

A decision tree-based rule formation with combined PSO-GA algorithm for intrusion detection system

An Efficient And Secure Intrusion Detection Method In Mobile Adhoc Network Using Intuitionistic Fuzzy