基于机器学习的入侵检测系统

入侵检测系统是保障网络信息安全的重要手段,针对现有的入侵检测技术存在的不足.提出了基于机器学习的入侵检测系统的实现方案.简要介绍几种适合用于入侵检测系统中的机器学习算法,重点阐述基于神经网络、数据挖掘和人工免疫技术的入侵检测系统的性能特点.     

浅析NIDS及其实现

简要分析和介绍计算机网络入侵检测系统的主要类型及其技术,给出一个网络入侵检测系统的技术实现机理。     

数据挖掘技术在网络入侵检测中的应用探讨

入侵检测技术是一种保护网络免受攻击的网络安全技术,它是继防火墙、数据加密等传统安全保护措施之后的新一代网络安全保障技术。首先介绍几种传统的网络入侵检测技术,然后分析数据挖掘的几种算法并就其在网络入侵检测系统中的应用和优势做相应探讨。     

基于陷阱机制的诱骗防御系统的设计

与传统的防火墙技术和入侵检测技术不同,基于陷阱技术的安全系统不仅能主动吸引入侵者攻击进入陷阱环境,通过观察和记录攻击行为,研究入侵者所使用的攻击工具、攻击策略及方法,同时能有效解决入侵与入侵检测之间的矛盾,更好地保护正常网络的安全。     

基于数据挖掘的入侵检测系统研究

基于数据挖掘技术,针对当前入侵检测系统的不足,把层次聚类算法与模糊c-均值算法相结合,设计出一种较优的入侵检测系统,实验证明该系统具有较高的检测率和良好的自适性。     

网络入侵防御系统设计与测试

该文主要研究云计算网络环境下的入侵检测与防御技术,在总结传统入侵检测技术的基础上,对云计算环境中的入侵检测系统进行比较全面的研究,开发以神经网络技术为基础的网络入侵防御系统。对于入侵检测模块,重点对数据捕获、行为规则匹配以及神经网络判别模块进行分析,并通过具体的测试检验其实现结果。     

入侵检测系统及其在网络安全中的应用

本文首先介绍了网络的安全现状,指出网络的安全形式并没有随着技术的发展而有所缓和,相反却更为严峻,因此有必要研究网络安全问题和开发入侵检测系统。随后介绍了入侵检测系统的基本概念、常用检测方法,并对入侵检测系统的分类进行了阐述。最后提出了目前的入侵检测系统所存在的问题。     

计算机网络入侵检测系统

随着网络技术的快速发展,网络入侵事件的发生也渐渐的增多。从网络安全立体、纵深、多层次防御的角度出发,入侵检测系统和技术得到的高度重视。本文在对计算机网络入侵检测系统的介绍的基础上,重点对其工作过程及关键技术和当前存在的问题进行了研究和分析。     

基于脚本类入侵检测系统的抵御WEB攻击技术

入侵检测技术是继"防火墙"、"数据加密"等传统安全保护措施后新一代的安全保障技术。入侵检测系统,顾名思义,就是能够及时发现入侵行为的系统。它通过对网络中的若干关键点收集网络数据信息并对其进行分析,从中鉴别网络中违反安全策略的行为和被攻击的迹象。     

异常网络入侵检测技术

异常入侵检测技术能够有效的保护计算机系统和网络免遭恶意活动的破坏。异常检测技术能够检测到新的攻击行为,是入侵检测系统发展的热点。但这种技术方法目前还不是很完备.首先介绍入侵检测的功能、通用模型及分类。然后回顾常用的几种异常入侵检测技术。最后列举当前异常检测系统所要面临的挑战。     

A Fused Machine Learning Approach for Intrusion Detection System

The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection.     

MEM-TET: Improved Triplet Network for Intrusion Detection System

With the advancement of network communication technology, network traffic shows explosive growth. Consequently, network attacks occur frequently. Network intrusion detection systems are still the primary means of detecting attacks. However, two challenges continue to stymie the development of a viable network intrusion detection system: imbalanced training data and new undiscovered attacks. Therefore, this study proposes a unique deep learning-based intrusion detection method. We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data. Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train. Finally, the distance relationship between the triples determines whether the traffic is an attack. In addition, to improve the accuracy of detecting unknown attacks, this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space. The proposed approach’s effectiveness, stability, and significance are evaluated against advanced models on the Android Adware and General Malware Dataset (AAGM17), Knowledge Discovery and Data Mining Cup 1999 (KDDCUP99), Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset (CICIDS2017), UNSW-NB15, Network Security Lab-Knowledge Discovery and Data Mining (NSL-KDD) datasets. The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection.     

Statistical Process Control‐Based Intrusion Detection and Monitoring

Intrusion detection systems have a vital role in protecting computer networks and information systems. In this article, we applied a statistical process control (SPC)–monitoring concept to a certain type of traffic data to detect a network intrusion. We proposed an SPC‐based intrusion detection process and described it and the source and the preparation of data used in this article. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. This article applies SPC charting methods for intrusion detection. In particular, it uses the basic security module host audit data from the MIT Lincoln Laboratory and applies the Shewhart chart, the cumulative sum chart, and the exponential weighted moving average chart to detect a denial of service intrusion attack. The case study shows that these SPC techniques are useful for detecting and monitoring intrusions. Copyright © 2013 John Wiley & Sons, Ltd.     

Optimal Deep Reinforcement Learning for Intrusion Detection in UAVs

In recent years, progressive developments have been observed in recent technologies and the production cost has been continuously decreasing. In such scenario, Internet of Things (IoT) network which is comprised of a set of Unmanned Aerial Vehicles (UAV), has received more attention from civilian to military applications. But network security poses a serious challenge to UAV networks whereas the intrusion detection system (IDS) is found to be an effective process to secure the UAV networks. Classical IDSs are not adequate to handle the latest computer networks that possess maximum bandwidth and data traffic. In order to improve the detection performance and reduce the false alarms generated by IDS, several researchers have employed Machine Learning (ML) and Deep Learning (DL) algorithms to address the intrusion detection problem. In this view, the current research article presents a deep reinforcement learning technique, optimized by Black Widow Optimization (DRL-BWO) algorithm, for UAV networks. In addition, DRL involves an improved reinforcement learning-based Deep Belief Network (DBN) for intrusion detection. For parameter optimization of DRL technique, BWO algorithm is applied. It helps in improving the intrusion detection performance of UAV networks. An extensive set of experimental analysis was performed to highlight the supremacy of the proposed model. From the simulation values, it is evident that the proposed method is appropriate as it attained high precision, recall, F-measure, and accuracy values such as 0.985, 0.993, 0.988, and 0.989 respectively.     

An Intrusion Detection Algorithm Based on Feature Graph

With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time.     

Network Intrusion Detection Using CFAR Abrupt-Change Detectors

In this paper, the constant false alarm rate (CFAR) detectors are proposed for network intrusion detection. By using an autoregressive system to model the network traffic, predictor error is shown to closely follow a Gaussian distribution. CFAR detector approaches are then developed on the prediction error distribution. In the present study, we consider the optimal CFAR, the cell-averaging CFAR, and the order statistics CFAR. The use of these CFAR techniques can significantly improve the detection performance. In addition, we propose the use of fusion of these CFAR detectors by using Dempster-Shafer and Bayesian techniques. Computer simulations based on the DARPA traffic data show that the proposed approach achieves higher detection probabilities than the conventional detection method. Even under different types of attacks, the intrusion detection performances based on the proposed CFAR detectors shows consistent improvement.     

Enhanced Deep Autoencoder Based Feature Representation Learning for Intelligent Intrusion Detection System

In the era of Big data, learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system (IDS). Owing to the lack of accurately labeled network traffic data, many unsupervised feature representation learning models have been proposed with state-of-the-art performance. Yet, these models fail to consider the classification error while learning the feature representation. Intuitively, the learnt feature representation may degrade the performance of the classification task. For the first time in the field of intrusion detection, this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder (DAE) for learning the robust feature representation and one-class support vector machine (OCSVM) for finding the more compact decision hyperplane for intrusion detection. Specially, the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously. This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection. Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model. First, the ablation evaluation on benchmark dataset, NSL-KDD validates the design decision of the proposed model. Next, the performance evaluation on recent intrusion dataset, UNSW-NB15 signifies the stable performance of the proposed model. Finally, the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.     

Central Aggregator Intrusion Detection System for Denial of Service Attacks

Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles (EVs) to be used by the smart grid through the central aggregator. Since the central aggregator is connected to the smart grid through a wireless network, it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system. However, existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network. In this paper, the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed. The proposed system, central aggregator–intrusion detection system (CA-IDS), works as a security gateway for EVs to analyze and monitor incoming traffic for possible DoS attacks. EVs are registered with a Central Aggregator (CAG) to exchange authenticated messages, and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG. A denial of service (DoS) attack is simulated at CAG in a vehicle-to-grid (V2G) network manipulating various network parameters such as transmission overhead, receiving capacity of destination, average packet size, and channel availability. The proposed system is compared with existing intrusion detection systems using different parameters such as throughput, jitter, and accuracy. The analysis shows that the proposed system has a higher throughput, lower jitter, and higher accuracy as compared to the existing schemes.     

基于模糊概率赋值的新型贝叶斯异常检测模型

提出了一种结合模糊决策与贝叶斯方法的异常检测模型，该模型将系统中与安全相关的事件进行分类，并以模糊隶属度函数的形式给出各类事件发生异常的实时置信度。异常检测系统综合某时刻所有实时概率取值，做出贝叶斯决策。同简单使用阈值方法的贝叶斯入侵检测模型相比，采用了模糊概率赋值的贝叶斯异常检测模型，在提高对问题描述的精确性同时，由于它对多种类型安全相关事件提供支持而具有更好的适应性，可以更全面地对更复杂的系统行为进行建模。     

A Network Traffic Classification Model Based on Metric Learning

Attacks on websites and network servers are among the most critical threats in network security. Network behavior identification is one of the most effective ways to identify malicious network intrusions. Analyzing abnormal network traffic patterns and traffic classification based on labeled network traffic data are among the most effective approaches for network behavior identification. Traditional methods for network traffic classification utilize algorithms such as Naive Bayes, Decision Tree and XGBoost. However, network traffic classification, which is required for network behavior identification, generally suffers from the problem of low accuracy even with the recently proposed deep learning models. To improve network traffic classification accuracy thus improving network intrusion detection rate, this paper proposes a new network traffic classification model, called ArcMargin, which incorporates metric learning into a convolutional neural network (CNN) to make the CNN model more discriminative. ArcMargin maps network traffic samples from the same category more closely while samples from different categories are mapped as far apart as possible. The metric learning regularization feature is called additive angular margin loss, and it is embedded in the object function of traditional CNN models. The proposed ArcMargin model is validated with three datasets and is compared with several other related algorithms. According to a set of classification indicators, the ArcMargin model is proofed to have better performances in both network traffic classification tasks and open-set tasks. Moreover, in open-set tasks, the ArcMargin model can cluster unknown data classes that do not exist in the previous training dataset.