The success of any Intrusion Detection System (IDS) is a complicated problem due to its nonlinearity and the quantitative or qualitative network traffic data stream with numerous features. As a result, in order to
get rid of this problem, several types of intrusion detection methods with different levels of accuracy have been proposed which leads the choice of an effective and robust method for IDS as a very important topic in information security. In this regard, the support vector machine (SVM) has been playing an important role to provide potential solutions for the IDS problem. However, the practicability of introducing SVM is
affected by the difficulties in selecting appropriate kernel and its parameters. From this viewpoint, this paper presents the work to apply different kernels for SVM in ID Son the KDD’99 Dataset and NSL-KDD dataset as well as to find out which kernel is the best for SVM. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99train and test dataset prior to apply different kernel for SVM. This RRE-KDD consists of both KDD99Train+ and KDD99 Test+ dataset for training and testing purposes, respectively. The way to derive RRE-KDD data set is different from that of NSL-KDD
data set. The experimental results indicate that Laplace kernel can achieve higher detection rate and lower false positive rate with higher precision than other kernel son both RRE-KDD and NSL-KDD datasets. It is also found that the performances of other kernels are dependent on datasets.
PERFORMANCE EVALUATION OF MACHINE LEARNING TECHNIQUES FOR DOS DETECTION IN WI...IJNSA Journal
The nature of Wireless Sensor Networks (WSN) and the widespread of using WSN introduce many security threats and attacks. An effective Intrusion Detection System (IDS) should be used to detect attacks. Detecting such an attack is challenging, especially the detection of Denial of Service (DoS) attacks. Machine learning classification techniques have been used as an approach for DoS detection. This paper conducted an experiment using Waikato Environment for Knowledge Analysis (WEKA)to evaluate the efficiency of five machine learning algorithms for detecting flooding, grayhole, blackhole, and scheduling at DoS attacks in WSNs. The evaluation is based on a dataset, called WSN-DS. The results showed that the random forest classifier outperforms the other classifiers with an accuracy of 99.72%.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not present in training data. Further combining the algorithms into a two-stage process may yield even higher accuracy.
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...IJMER
—This paper proposes a technique uses decision tree for dataset and to find the basic
parameters for creating the membership functions of fuzzy inference system for Intrusion Detection and
Forensics. Approach of generating rules using clustering methods is limited to the problems of
clustering techniques. To trait to solve this problem, several solutions have been proposed using
various Techniques. One such Technique is proposed to be applied here, for an analysis to Intrusion
Detection and Forensics. . Fuzzy Inference approach and decision algorithms are investigated in this
work. Decision tree is used to identify the parameters to create the fuzzy inference system. Fuzzy
inference system used as an input and the final ANFIS structure is generated for intrusion detection
and forensics. The experiments and evaluations of the proposed method were done with NSL-KDD
intrusion detection dataset.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBE...IJNSA Journal
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
PERFORMANCE EVALUATION OF MACHINE LEARNING TECHNIQUES FOR DOS DETECTION IN WI...IJNSA Journal
The nature of Wireless Sensor Networks (WSN) and the widespread of using WSN introduce many security threats and attacks. An effective Intrusion Detection System (IDS) should be used to detect attacks. Detecting such an attack is challenging, especially the detection of Denial of Service (DoS) attacks. Machine learning classification techniques have been used as an approach for DoS detection. This paper conducted an experiment using Waikato Environment for Knowledge Analysis (WEKA)to evaluate the efficiency of five machine learning algorithms for detecting flooding, grayhole, blackhole, and scheduling at DoS attacks in WSNs. The evaluation is based on a dataset, called WSN-DS. The results showed that the random forest classifier outperforms the other classifiers with an accuracy of 99.72%.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not present in training data. Further combining the algorithms into a two-stage process may yield even higher accuracy.
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...IJMER
—This paper proposes a technique uses decision tree for dataset and to find the basic
parameters for creating the membership functions of fuzzy inference system for Intrusion Detection and
Forensics. Approach of generating rules using clustering methods is limited to the problems of
clustering techniques. To trait to solve this problem, several solutions have been proposed using
various Techniques. One such Technique is proposed to be applied here, for an analysis to Intrusion
Detection and Forensics. . Fuzzy Inference approach and decision algorithms are investigated in this
work. Decision tree is used to identify the parameters to create the fuzzy inference system. Fuzzy
inference system used as an input and the final ANFIS structure is generated for intrusion detection
and forensics. The experiments and evaluations of the proposed method were done with NSL-KDD
intrusion detection dataset.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBE...IJNSA Journal
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionIJNSA Journal
Based on the analysis and distribution of network attacks in KDDCup99 dataset and real time traffic, this paper proposes a design of multi stage filter which is an efficient and effective approach in dealing with various categories of attacks in networks. The first stage of the filter is designed using Enhanced Adaboost with Decision tree algorithm to detect the frequent attacks occurs in the network and the second stage of the filter is designed using enhanced Adaboost with Naïve Byes algorithm to detect the moderate attacks occurs in the network. The final stage of the filter is used to detect the infrequent
attack which is designed using the enhanced Adaboost algorithm with Naïve Bayes as a base learner. Performance of this design is tested with the KDDCup99 dataset and is shown to have high detection rate with low false alarm rates.
The document discusses feature selection and classification methods for detecting denial-of-service (DoS) attacks in intrusion detection systems. It proposes using Random Forests for feature selection and k-Nearest Neighbors for classification on the KDD99 dataset. Experimental results show that the proposed approach of using Random Forests to select important features before classifying with k-Nearest Neighbors increases detection accuracy while decreasing false positives compared to other algorithms.
Implementation of digital image watermarking techniques using dwt and dwt svd...eSAT Journals
Abstract
These days, in every field there is gigantic utilization of computerized substance. Data took care of on web and mixed media system framework is in advanced structure. Computerized watermarking is only the innovation in which there is inserting of different data in advanced substance, which we need to shield from illicit replicating. Computerized picture watermarking is concealing data in any structure (content, picture, sound and video) in unique picture without corrupting its perceptual quality. On the off chance that of Discrete Wavelet Transform (DWT), deterioration of the first picture is completed to insert the watermark. Moreover, if there should arise an occurrence of cross breed system (DWT-SVD) firstly picture is decayed by and after that watermark is installed in solitary qualities acquired by application of Singular Value Decomposition (SVD). DWT and SVD are utilized in combination to enhance the nature of watermarking. We have the procedures which are looked at on the premise of Peak Signal to Noise Ratio (PSNR) esteem at various benefits of scaling component; high estimation of PSNR is coveted because it displays great intangibility of the strategy.
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...IJCNCJournal
An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
Intrusion detection is one of the standard stages to protect computers in network security framework from several attacks. False alarms problem is critical in intrusion detection, which motivates many researchers to discover methods to minify false alarms. This paper proposes a procedure for classifying the type of intrusion according to multi-operations and multi-layer classifier for handling false alarms in intrusion detection. The proposed system is tested using on KDDcup99 benchmark. The performance showed that results obtained from three consequent classifiers are better than a single classifier. The accuracy reached 98% based on 25 features instead of using all features of KDDCup99 dataset.
High performance intrusion detection using modified k mean & naïve bayeseSAT Journals
Abstract
Internet Technology is growing at exponential rate day by day, making data security of computer systems more complex and critical. There has been multiple methodology implemented for the same in recent time as detailed in [1], [3]. Availability of larger bandwidth has made the multiple large computer server network connected worldwide and thus increasing the load on the necessity to secure data and Intrusion detection system (IDS) is one of the most efficient technique to maintain security of computer system. The proposed system is designed in such a way that are helpful in identifying malicious behavior and improper use of computer system. In this report we proposed a hybrid technique for intrusion detection using data mining algorithms. Our main objective is to do complete analysis of intrusion detection Dataset to test the implemented system.In This report we will propose a new methodology in which Modified k-mean is used for clustering whereas Naïve Bayes for the classification. These two data mining techniques will be used for Intrusion detection in large horizontally distributed database.
Keywords: Intrusion Detection, Modified K-Mean, Naïve Bays
Network Intrusion Detection System Based on Modified Random Forest Classifier...IRJET Journal
The document discusses a network intrusion detection system based on modified random forest classifiers. It proposes a modified random forest algorithm (MRFA) that combines unpruned classifiers and CART with bagging to select the best features for building decision trees. The MRFA is tested on the KDD Cup 99 and NSL-KDD datasets using performance metrics like true positive rate, false positive rate, precision and F-measure. The experimental results show the MRFA achieves better performance than naive bayes, J-48 and original random forest classifiers.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
An Analysis Of Cloud ReliabilityApproaches Based on Cloud Components And Reli...ijafrc
This document discusses several techniques for improving reliability in cloud computing systems. It analyzes approaches based on cloud components and reliability techniques, including adaptive fault tolerance, cloud service reliability modeling, fault-tolerant and reliable computation, fault tolerance and resilience, fault tolerance middleware, and a system-level approach. The key components of cloud reliability are discussed, such as virtual machines, cloud managers, and fault tolerance methods. Comparisons are made between the techniques based on their methodology for measuring and ensuring reliability.
Survey of network anomaly detection using markov chainijcseit
This document summarizes research on using Markov chain models for anomaly detection in network intrusion detection systems. It first provides background on intrusion detection and different approaches. It then reviews several related works that use techniques like k-means clustering, decision trees, genetic algorithms, and Markov chains. The paper proposes using a k-means algorithm combined with a Markov chain model to detect attacks. The Markov chain model analyzes system state transitions over time to probabilistically model normal behavior and detect anomalies. The existing system has low detection and prevention rates. Future work could explore using eigenvectors and thresholds to improve performance.
Intrusion Detection System Based on K-Star Classifier and Feature Set ReductionIOSR Journals
Abstract: Network security and Intrusion Detection Systems (IDS’s) is an important security related research
area. This paper applies K-star algorithm with filtering analysis in order to build a network intrusion detection
system. For our experimental analysis and as a case study, we have used the new NSL-KDD dataset, which is a
modified dataset for KDDCup 1999 intrusion detection benchmark dataset. With a split of 66.0% for the
training set and the remainder for the testing set a 2 class classifications has been implemented. WEKA which is
a java based open source software consists of a collection of machine learning algorithms for Data mining tasks
has been used in the testing process. The experimental results show that the proposed approach is very accurate
with low false positive rate and high true positive rate and it takes less learning time in comparison with other
existing approaches used for efficient network intrusion detection.
Keywords: Information Gain, Intrusion Detection System, Instance-based classifier, K-Star, Weka.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
This summarizes a research paper that proposes a new approach called CSVAC (Combined Support Vector with Ant Colony) for intrusion detection. The approach combines two algorithms, Support Vector Machine (SVM) and Ant Colony Optimization (ACO), to classify network data as normal or abnormal. SVM is used to generate a separating hyperplane and find support vectors, while ACO performs clustering around the support vectors. The clusters are added to the SVM training set and it is retrained in an iterative process until the detection rate exceeds a threshold. The paper evaluates this approach on the standard KDD99 dataset and finds it achieves superior results to other algorithms in terms of accuracy and efficiency.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
The document proposes modifications to the AODV routing protocol to prevent denial of service attacks in mobile ad hoc networks. It describes how a malicious node can currently overload the network by flooding route requests. The proposed scheme limits the number of route requests a node can accept or forward to prevent this attack. It also blacklists nodes that exceed the route request limit to isolate misbehaving nodes. Simulations show the proposed approach reduces packet loss compared to the standard AODV protocol when under a denial of service attack.
Deep Convolutional Neural Network based Intrusion Detection SystemSri Ram
In the present era, the cyberspace is growing tremendously and Intrusion detection system (IDS) plays an key role in it to ensure the information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network based IDS is to differentiate between normal and malicious traffic data and raise alert in case of an attack. Apart from the traditional signature and anomaly based approaches, many researchers have employed various Deep Learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of Deep Convolutional Neural Network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...IJMER
This document summarizes an algorithm called Ant-Miner that uses ant colony optimization to discover classification rules for network intrusion detection. Ant-Miner works by having artificial ants explore paths in a data structure representing the classification problem to discover rules. As more ants take the same path, the path is reinforced through pheromone updating, eventually leading to the discovery of classification rules. The authors apply Ant-Miner to a standard intrusion detection dataset and find it outperforms other classification methods in terms of accuracy and classification rate.
Material didáctico realizado con el fin de contribuir al aprendizaje de estos elementos de la estadística en la investigación como lo son la validez y la confiabilidad.
Марина Росс, CEO & Founder, LLC Nanobarrier.
В рамках VII ежегодной межрегиональной научно-практической конференции по вопросам естественнонаучного, технологического и технопредпринимательского образования.
Narciso era el hijo de una ninfa y un río griego que era conocido por su gran belleza. Al escuchar los elogios constantes sobre su apariencia, se volvió presumido y arrogante. Eventualmente se enamoró de su propia imagen reflejada en el agua, pasando horas contemplándose a sí mismo. Un día, en su obsesión, intentó besar su reflejo y cayó al río, ahogándose. Los dioses lo transformaron en la flor que lleva su nombre.
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionIJNSA Journal
Based on the analysis and distribution of network attacks in KDDCup99 dataset and real time traffic, this paper proposes a design of multi stage filter which is an efficient and effective approach in dealing with various categories of attacks in networks. The first stage of the filter is designed using Enhanced Adaboost with Decision tree algorithm to detect the frequent attacks occurs in the network and the second stage of the filter is designed using enhanced Adaboost with Naïve Byes algorithm to detect the moderate attacks occurs in the network. The final stage of the filter is used to detect the infrequent
attack which is designed using the enhanced Adaboost algorithm with Naïve Bayes as a base learner. Performance of this design is tested with the KDDCup99 dataset and is shown to have high detection rate with low false alarm rates.
The document discusses feature selection and classification methods for detecting denial-of-service (DoS) attacks in intrusion detection systems. It proposes using Random Forests for feature selection and k-Nearest Neighbors for classification on the KDD99 dataset. Experimental results show that the proposed approach of using Random Forests to select important features before classifying with k-Nearest Neighbors increases detection accuracy while decreasing false positives compared to other algorithms.
Implementation of digital image watermarking techniques using dwt and dwt svd...eSAT Journals
Abstract
These days, in every field there is gigantic utilization of computerized substance. Data took care of on web and mixed media system framework is in advanced structure. Computerized watermarking is only the innovation in which there is inserting of different data in advanced substance, which we need to shield from illicit replicating. Computerized picture watermarking is concealing data in any structure (content, picture, sound and video) in unique picture without corrupting its perceptual quality. On the off chance that of Discrete Wavelet Transform (DWT), deterioration of the first picture is completed to insert the watermark. Moreover, if there should arise an occurrence of cross breed system (DWT-SVD) firstly picture is decayed by and after that watermark is installed in solitary qualities acquired by application of Singular Value Decomposition (SVD). DWT and SVD are utilized in combination to enhance the nature of watermarking. We have the procedures which are looked at on the premise of Peak Signal to Noise Ratio (PSNR) esteem at various benefits of scaling component; high estimation of PSNR is coveted because it displays great intangibility of the strategy.
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...IJCNCJournal
An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
Intrusion detection is one of the standard stages to protect computers in network security framework from several attacks. False alarms problem is critical in intrusion detection, which motivates many researchers to discover methods to minify false alarms. This paper proposes a procedure for classifying the type of intrusion according to multi-operations and multi-layer classifier for handling false alarms in intrusion detection. The proposed system is tested using on KDDcup99 benchmark. The performance showed that results obtained from three consequent classifiers are better than a single classifier. The accuracy reached 98% based on 25 features instead of using all features of KDDCup99 dataset.
High performance intrusion detection using modified k mean & naïve bayeseSAT Journals
Abstract
Internet Technology is growing at exponential rate day by day, making data security of computer systems more complex and critical. There has been multiple methodology implemented for the same in recent time as detailed in [1], [3]. Availability of larger bandwidth has made the multiple large computer server network connected worldwide and thus increasing the load on the necessity to secure data and Intrusion detection system (IDS) is one of the most efficient technique to maintain security of computer system. The proposed system is designed in such a way that are helpful in identifying malicious behavior and improper use of computer system. In this report we proposed a hybrid technique for intrusion detection using data mining algorithms. Our main objective is to do complete analysis of intrusion detection Dataset to test the implemented system.In This report we will propose a new methodology in which Modified k-mean is used for clustering whereas Naïve Bayes for the classification. These two data mining techniques will be used for Intrusion detection in large horizontally distributed database.
Keywords: Intrusion Detection, Modified K-Mean, Naïve Bays
Network Intrusion Detection System Based on Modified Random Forest Classifier...IRJET Journal
The document discusses a network intrusion detection system based on modified random forest classifiers. It proposes a modified random forest algorithm (MRFA) that combines unpruned classifiers and CART with bagging to select the best features for building decision trees. The MRFA is tested on the KDD Cup 99 and NSL-KDD datasets using performance metrics like true positive rate, false positive rate, precision and F-measure. The experimental results show the MRFA achieves better performance than naive bayes, J-48 and original random forest classifiers.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
An Analysis Of Cloud ReliabilityApproaches Based on Cloud Components And Reli...ijafrc
This document discusses several techniques for improving reliability in cloud computing systems. It analyzes approaches based on cloud components and reliability techniques, including adaptive fault tolerance, cloud service reliability modeling, fault-tolerant and reliable computation, fault tolerance and resilience, fault tolerance middleware, and a system-level approach. The key components of cloud reliability are discussed, such as virtual machines, cloud managers, and fault tolerance methods. Comparisons are made between the techniques based on their methodology for measuring and ensuring reliability.
Survey of network anomaly detection using markov chainijcseit
This document summarizes research on using Markov chain models for anomaly detection in network intrusion detection systems. It first provides background on intrusion detection and different approaches. It then reviews several related works that use techniques like k-means clustering, decision trees, genetic algorithms, and Markov chains. The paper proposes using a k-means algorithm combined with a Markov chain model to detect attacks. The Markov chain model analyzes system state transitions over time to probabilistically model normal behavior and detect anomalies. The existing system has low detection and prevention rates. Future work could explore using eigenvectors and thresholds to improve performance.
Intrusion Detection System Based on K-Star Classifier and Feature Set ReductionIOSR Journals
Abstract: Network security and Intrusion Detection Systems (IDS’s) is an important security related research
area. This paper applies K-star algorithm with filtering analysis in order to build a network intrusion detection
system. For our experimental analysis and as a case study, we have used the new NSL-KDD dataset, which is a
modified dataset for KDDCup 1999 intrusion detection benchmark dataset. With a split of 66.0% for the
training set and the remainder for the testing set a 2 class classifications has been implemented. WEKA which is
a java based open source software consists of a collection of machine learning algorithms for Data mining tasks
has been used in the testing process. The experimental results show that the proposed approach is very accurate
with low false positive rate and high true positive rate and it takes less learning time in comparison with other
existing approaches used for efficient network intrusion detection.
Keywords: Information Gain, Intrusion Detection System, Instance-based classifier, K-Star, Weka.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
This summarizes a research paper that proposes a new approach called CSVAC (Combined Support Vector with Ant Colony) for intrusion detection. The approach combines two algorithms, Support Vector Machine (SVM) and Ant Colony Optimization (ACO), to classify network data as normal or abnormal. SVM is used to generate a separating hyperplane and find support vectors, while ACO performs clustering around the support vectors. The clusters are added to the SVM training set and it is retrained in an iterative process until the detection rate exceeds a threshold. The paper evaluates this approach on the standard KDD99 dataset and finds it achieves superior results to other algorithms in terms of accuracy and efficiency.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
The document proposes modifications to the AODV routing protocol to prevent denial of service attacks in mobile ad hoc networks. It describes how a malicious node can currently overload the network by flooding route requests. The proposed scheme limits the number of route requests a node can accept or forward to prevent this attack. It also blacklists nodes that exceed the route request limit to isolate misbehaving nodes. Simulations show the proposed approach reduces packet loss compared to the standard AODV protocol when under a denial of service attack.
Deep Convolutional Neural Network based Intrusion Detection SystemSri Ram
In the present era, the cyberspace is growing tremendously and Intrusion detection system (IDS) plays an key role in it to ensure the information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network based IDS is to differentiate between normal and malicious traffic data and raise alert in case of an attack. Apart from the traditional signature and anomaly based approaches, many researchers have employed various Deep Learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of Deep Convolutional Neural Network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...IJMER
This document summarizes an algorithm called Ant-Miner that uses ant colony optimization to discover classification rules for network intrusion detection. Ant-Miner works by having artificial ants explore paths in a data structure representing the classification problem to discover rules. As more ants take the same path, the path is reinforced through pheromone updating, eventually leading to the discovery of classification rules. The authors apply Ant-Miner to a standard intrusion detection dataset and find it outperforms other classification methods in terms of accuracy and classification rate.
Material didáctico realizado con el fin de contribuir al aprendizaje de estos elementos de la estadística en la investigación como lo son la validez y la confiabilidad.
Марина Росс, CEO & Founder, LLC Nanobarrier.
В рамках VII ежегодной межрегиональной научно-практической конференции по вопросам естественнонаучного, технологического и технопредпринимательского образования.
Narciso era el hijo de una ninfa y un río griego que era conocido por su gran belleza. Al escuchar los elogios constantes sobre su apariencia, se volvió presumido y arrogante. Eventualmente se enamoró de su propia imagen reflejada en el agua, pasando horas contemplándose a sí mismo. Un día, en su obsesión, intentó besar su reflejo y cayó al río, ahogándose. Los dioses lo transformaron en la flor que lleva su nombre.
Este documento resume la historia de la teoría sociológica. Explica que los antecedentes se remontan a pensadores de la Ilustración como Montesquieu y Voltaire. Auguste Comte acuñó el término "sociología" en 1824 para referirse al estudio de la sociedad. Émile Durkheim estableció la sociología como una ciencia autónoma distinta de la filosofía y la psicología en el siglo XIX. Otros pensadores influyentes fueron Marx, Weber, Habermas y Fouc
Tiffany Cutler holds two Bachelor's degrees in Early Childhood Education Administration and Psychology, as well as a Master's degree in Health and Wellness Psychology. She has over 2 years of retail experience in stocking and receiving roles at Target. Her previous work experience also includes roles as a security guard and in sales. She has strong leadership, communication, and computer skills.
Este documento discute los conceptos de validez en el contexto de la evaluación. Explica tres tipos de validez: validez de contenido, que se refiere a la correspondencia entre el rasgo evaluado y lo incluido en la prueba; validez de criterio, que mide la eficacia de la prueba al comparar un rasgo con variables externas; y validez de constructo, que se basa en la evidencia que fundamenta la interpretación de las puntuaciones en la prueba. También define la justificación como establecer los fundamentos
El informe analiza la violencia de género en Andalucía en 2012. Destaca que el 65% de adolescentes entre 14 y 16 años tienen actitudes sexistas y que 1/3 de las víctimas mortales son menores de 30 años. Refuerza el programa de atención psicológica a adolescentes víctimas, de las cuales el 67% ha sufrido agresiones físicas y violencia sexual. También describe la campaña 'No es amor, rompe con la desigualdad' y los esfuerzos para coordinar instituciones, sindicatos y
The document provides a summary of the November 2016 residential real estate market conditions in Redondo Beach. It includes statistics on total sales, median sales price, days on market, active listings, and months of inventory for November 2016 compared to previous months and years. The key findings are that total sales and median prices increased from November 2015 to 2016 while months of inventory decreased, though days on market and some active listings also rose.
El documento habla sobre las características de la evaluación educativa. Describe tres tipos de evaluación: la autoevaluación, en la que los estudiantes se evalúan a sí mismos; la coevaluación, que implica la interacción entre estudiantes y profesores; y la heteroevaluación, donde los estudiantes evalúan el trabajo de sus compañeros. Además, define la evaluación como un proceso administrativo para lograr objetivos políticos a través de los mejores métodos.
Este documento ofrece consejos para dormir mejor. Explica que los problemas de sueño son comunes y que el insomnio significa dificultad para conciliar o mantener el sueño. Identifica varias causas potenciales del insomnio como factores ambientales, médicos, de ansiedad o depresión, o el consumo de estimulantes como cafeína o alcohol. Finalmente, proporciona recomendaciones para mejorar la higiene del sueño.
Este documento describe los "paseos" y "sacas" que ocurrieron durante la Guerra Civil Española, donde los asesinos buscaban y secuestraban a personas del bando opuesto para ejecutarlos en fosas comunes o cunetas. También habla sobre las "sacas" donde personas eran sacadas de prisión con el pretexto de un traslado pero en realidad eran ejecutadas. Finalmente, menciona la Ley de Memoria Histórica de 2007 que reconoce a las víctimas de la Guerra Civil y la dictadura pero no
Andalucía ha invertido 250 millones de euros en investigación en salud en los últimos 4 años. La nueva estrategia 2014-2018 busca mejorar la salud de los andaluces a través de la generación de conocimiento e innovación, consolidando la investigación como una línea clave de actividad en la sanidad pública y fomentando la transferencia de resultados a la atención sanitaria. Se centrará en 8 líneas de acción como asegurar que la investigación tenga aplicaciones prácticas y establecer la innovación tecnológica como eje fundamental
El documento presenta una introducción a un caso de estudio sobre un programa experto en e-commerce. Explica que analizará quiénes son los involucrados y su objetivo, la situación actual, la visión futura, cómo alcanzar esa visión y cómo dirigir el negocio hacia ella. También menciona los competidores potenciales y las políticas de precios, ventas, servicio al cliente, responsabilidad social y posicionamiento en internet que se utilizarán.
El plan anual presenta 4 unidades de aprendizaje para el curso de 2° básico de historia, geografía y ciencias sociales. Cada unidad aborda objetivos, contenidos y tiempo relacionados con el estudio de los pueblos originarios de Chile, la influencia de españoles e inmigrantes en la sociedad chilena, el patrimonio cultural y natural del país, y la importancia de normas para el cuidado mutuo y del medio ambiente.
La estrategia de I+D+i en Salud en Andalucíasaludand
En las últimas décadas, Andalucía ha incrementado significativamente la inversión en I+D+i en salud, duplicando el gasto directo y triplicando la financiación competitiva. Como resultado, se ha producido un aumento en la infraestructura, el personal investigador y la producción científica. El objetivo es continuar desarrollando los recursos para la investigación y convertir a Andalucía en un referente nacional e internacional en este campo.
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...IRJET Journal
This document presents a comparative study of deep learning approaches for network intrusion detection. It employs deep neural networks to predict attacks on network intrusion detection systems using the KDD Cup-99 dataset. A DNN with 3 layers demonstrated superior performance compared to other machine learning algorithms and DNNs with varying layers. The study finds that deep learning techniques can function at a superhuman level when combined with intrusion detection systems due to their ability to adapt to new data and detect novel attacks.
Intrusion Detection System for Classification of Attacks with Cross Validationinventionjournals
Now days, due to rapidly uses of internet, the patterns of network attacks are increasing. There are various organizations and institutes are using internet and access or share the sensitive information in network. To protect information from unauthorized or intruders is one of the important issues. In this paper, we have used decision tree techniques like C4.5 and CART as classifier for classification of attacks. We have proposed an ensemble model that is combination of C4.5 and Classification and Regression Tree (CART) as robust classifier for classification of attacks. We have used NSL-KDD data set with binary and multiclass problem with 10-fold cross validation. The proposed ensemble model gives satisfactory accuracy as 99.67% and 99.53% in case of binary class and multiclass NSL-KDD data set respectively.
This document proposes and evaluates a hybrid intrusion detection system that uses Random Forests for feature selection and k-Nearest Neighbors for classification. It aims to detect Denial of Service (DoS) attacks, which are among the most common and threatening cyberattacks. The system is evaluated on the well-known KDD Cup 99 intrusion detection dataset. Experimental results show that the proposed approach of using Random Forests for feature selection followed by k-Nearest Neighbors classification increases the average detection rate and decreases the average false positive rate compared to other algorithms. This helps build an intrusion detection system that is both computationally efficient and effective at detecting known and unknown DoS attacks.
DDoS Attack Detection and Botnet Prevention using Machine LearningIRJET Journal
This document discusses using machine learning to detect distributed denial of service (DDoS) attacks and prevent botnets. It proposes using classifiers like logistic regression, support vector machines, K-nearest neighbors, decision trees, and AdaBoost to detect DDoS attacks based on the NSL KDD dataset, achieving accuracies from 82.28% to 90.4%. It also plans to add botnet prevention features to reduce the creation of botnets and the intensity of future DDoS attacks, which could help individual users. The document reviews several related works applying machine learning for DDoS detection and phishing URL classification.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
This document discusses using a random forest classifier with feature selection to improve intrusion detection. It begins with background on intrusion detection systems and challenges. It then proposes using genetic algorithms for feature selection to identify the most important features from a dataset. A random forest classifier is used for classification, which combines decision trees to improve accuracy. The methodology involves feature selection, classification with random forest, and detection. Feature weights are calculated and cross-validation is used to analyze detection rates for individual attacks. The goal is to improve accuracy, reduce training time, and better detect minority attacks through this approach.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
Application of neural network and PSO-SVM in intrusion detection of networkIRJET Journal
This document proposes a new approach for network intrusion detection that uses machine learning and deep learning techniques. Specifically, it uses a 1D convolutional neural network (CNN) for feature extraction from network traffic data, and a support vector machine (SVM) classifier optimized with particle swarm optimization (PSO) for attack classification. The proposed approach is evaluated on the widely-used NSL-KDD network traffic dataset, which contains labeled examples of normal traffic and different types of network attacks. The CNN is used to extract features from the dataset, which are then classified with the PSO-optimized SVM to detect intrusions and different attack types. The approach aims to better identify stealthy attacks that may blend in with normal traffic.
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...IJCNCJournal
An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.
Literature Review on DDOS Attacks Detection Using SVM algorithm.IRJET Journal
This document provides a literature review on detecting DDoS attacks using machine learning algorithms like SVM in SDN environments. It summarizes 10 research papers on this topic, identifying gaps such as specifying the number of clusters in advance for detection and dealing with non-linearly separable training data for SVM. The document also describes using SVM and advanced SVM techniques on the KDD99 and CIC-IDS 2018 datasets to classify network traffic as normal or malicious in an SDN environment, finding SVM provides better accuracy than other algorithms. It concludes SVM works well in their simulated environment and plan to implement advanced SVM to gain higher accuracy in detecting DDoS attacks.
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...Dr. Amrita .
This document provides a survey of feature selection methods for intrusion detection systems. It discusses three categories of feature selection approaches: filter, wrapper, and hybrid. The KDD Cup 99 dataset is commonly used to evaluate feature selection methods, which contains 41 features divided into four categories. Performance is typically evaluated based on metrics like detection rate, false alarm rate, and accuracy rates derived from a confusion matrix. Feature selection aims to select a minimal subset of relevant features to improve detection performance while reducing computational requirements.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not in the training data. Further combining the algorithms into a two-stage model is suggested to improve performance.
Statistical performance assessment of supervised machine learning algorithms ...IAESIJAI
Several studies have shown that an ensemble classifier's effectiveness is directly correlated with the diversity of its members. However, the algorithms used to build the base learners are one of the issues encountered when using a stacking ensemble. Given the number of options, choosing the best ones might be challenging. In this study, we selected some of the most extensively applied supervised machine learning algorithms and performed a performance evaluation in terms of well-known metrics and validation methods using two internet of things (IoT) intrusion detection datasets, namely network-based anomaly internet of things (N-BaIoT) and internet of things intrusion detection dataset (IoTID20). Friedman and Dunn's tests are used to statistically examine the significant differences between the classifier groups. The goal of this study is to encourage security researchers to develop an intrusion detection system (IDS) using ensemble learning and to propose an appropriate method for selecting diverse base classifiers for a stacking-type ensemble. The performance results indicate that adaptive boosting, and gradient boosting (GB), gradient boosting machines (GBM), light gradient boosting machines (LGBM), extreme gradient boosting (XGB) and deep neural network (DNN) classifiers exhibit better trade-off between the performance parameters and classification time making them ideal choices for developing anomaly-based IDSs.
Network Intrusion Detection System using Machine LearningIRJET Journal
This document discusses using machine learning algorithms to develop a network intrusion detection system (IDS). It analyzes different machine learning algorithms like support vector machines (SVM) and naive bayes and evaluates their performance on detecting intrusions using the NSL-KDD dataset. The paper reviews related work applying machine learning to IDS and discusses algorithms like SVM and naive bayes in more detail. It proposes developing a hybrid multi-level model to improve accuracy and handling large volumes of data. The system architecture and conclusions are also summarized.
This document discusses a novel method for intrusion awareness using Distributed Situational Awareness (D-SA). It proposes using D-SA and support vector machines (SVM) for network intrusion detection and classification. The method is evaluated using the KDD Cup 1999 intrusion detection dataset. Experimental results show the proposed D-SA method achieves higher detection rates compared to rule-based classification techniques.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
LSTM deep learning method for network intrusion detection system IJECEIAES
The security of the network has become a primary concern for organizations. Attackers use different means to disrupt services, these various attacks push to think of a new way to block them all in one manner. In addition, these intrusions can change and penetrate the devices of security. To solve these issues, we suggest, in this paper, a new idea for Network Intrusion Detection System (NIDS) based on Long Short-Term Memory (LSTM) to recognize menaces and to obtain a long-term memory on them, in order to stop the new attacks that are like the existing ones, and at the same time, to have a single mean to block intrusions. According to the results of the experiments of detections that we have realized, the Accuracy reaches up to 99.98 % and 99.93 % for respectively the classification of two classes and several classes, also the False Positive Rate (FPR) reaches up to only 0,068 % and 0,023 % for respectively the classification of two classes and several classes, which proves that the proposed model is effective, it has a great ability to memorize and differentiate between normal traffic and attacks, and its identification is more accurate than other Machine Learning classifiers.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
An efficient intrusion detection using relevance vector machineIAEME Publication
The document summarizes an efficient intrusion detection system using Relevance Vector Machine (RVM). It begins with an introduction to intrusion detection and types of attacks. Then it discusses related work using data mining techniques like SVM for intrusion detection. The proposed methodology preprocesses data from the KDD Cup 99 dataset, performs normalization, and classifies using RVM. RVM can provide sparse solutions and inferences with low computation. Experimental results on the KDD Cup 99 dataset show the technique achieves higher detection rates than regular SVM algorithms.
Similar to PERFORMANCE EVALUATION OF DIFFERENT KERNELS FOR SUPPORT VECTOR MACHINE USED IN INTRUSION DETECTION SYSTEM (20)
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation w...IJCNCJournal
Paper Title
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation with Hybrid Beam Forming Power Transfer in WSN-IoT Applications
Authors
Reginald Jude Sixtus J and Tamilarasi Muthu, Puducherry Technological University, India
Abstract
Non-Orthogonal Multiple Access (NOMA) helps to overcome various difficulties in future technology wireless communications. NOMA, when utilized with millimeter wave multiple-input multiple-output (MIMO) systems, channel estimation becomes extremely difficult. For reaping the benefits of the NOMA and mm-Wave combination, effective channel estimation is required. In this paper, we propose an enhanced particle swarm optimization based long short-term memory estimator network (PSOLSTMEstNet), which is a neural network model that can be employed to forecast the bandwidth required in the mm-Wave MIMO network. The prime advantage of the LSTM is that it has the capability of dynamically adapting to the functioning pattern of fluctuating channel state. The LSTM stage with adaptive coding and modulation enhances the BER.PSO algorithm is employed to optimize input weights of LSTM network. The modified algorithm splits the power by channel condition of every single user. Participants will be first sorted into distinct groups depending upon respective channel conditions, using a hybrid beamforming approach. The network characteristics are fine-estimated using PSO-LSTMEstNet after a rough approximation of channels parameters derived from the received data.
Keywords
Signal to Noise Ratio (SNR), Bit Error Rate (BER), mm-Wave, MIMO, NOMA, deep learning, optimization.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL:https://aircconline.com/abstract/ijcnc/v14n5/14522cnc05.html
Pdf URL: https://aircconline.com/ijcnc/V14N5/14522cnc05.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
June 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Enhanced Traffic Congestion Management with Fog Computing - A Simulation-Base...IJCNCJournal
Abstract: Accurate latency computation is essential for the Internet of Things (IoT) since the connected
devices generate a vast amount of data that is processed on cloud infrastructure. However, the cloud is not
an optimal solution. To overcome this issue, fog computing is used to enable processing at the edge while
still allowing communication with the cloud. Many applications rely on fog computing, including traffic
management. In this paper, an Intelligent Traffic Congestion Mitigation System (ITCMS) is proposed to
address traffic congestion in heavily populated smart cities. The proposed system is implemented using fog
computing and tested in a crowdedCairo city. The results obtained indicate that the execution time of the
simulation is 4,538 seconds, and the delay in the application loop is 49.67 seconds. The paper addresses
various issues, including CPU usage, heap memory usage, throughput, and the total average delay, which
are essential for evaluating the performance of the ITCMS. Our system model is also compared with other
models to assess its performance. A comparison is made using two parameters, namely throughput and the
total average delay, between the ITCMS, IOV (Internet of Vehicle), and STL (Seasonal-Trend
Decomposition Procedure based on LOESS). Consequently, the results confirm that the proposed system
outperforms the others in terms of higher accuracy, lower latency, and improved traffic efficiency.
Call for Papers -International Journal of Computer Networks & Communications ...IJCNCJournal
International Journal of Computer Networks & Communications (IJCNC)
Citations, h-index, i10-index of IJCNC
---- Scopus, ERA Listed, WJCI Indexed ----
Scopus Cite Score 2022--1.8
https://airccse.org/journal/ijcnc.html
IJCNC is listed in ERA 2023 as per the Australian Research Council (ARC) Journal Ranking
Scope & Topics
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Authors are solicited to contribute to this journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the Computer Networks & Communications.
Topics of Interest
· Network Protocols & Wireless Networks
· Network Architectures
· High speed networks
· Routing, switching and addressing techniques
· Next Generation Internet
· Next Generation Web Architectures
· Network Operations & management
· Adhoc and sensor networks
· Internet and Web applications
· Ubiquitous networks
· Mobile networks & Wireless LAN
· Wireless Multimedia systems
· Wireless communications
· Heterogeneous wireless networks
· Measurement & Performance Analysis
· Peer to peer and overlay networks
· QoS and Resource Management
· Network Based applications
· Network Security
· Self-Organizing Networks and Networked Systems
· Optical Networking
· Mobile & Broadband Wireless Internet
· Recent trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers for this journal through E-mail: ijcnc@airccse.org or through Submission System. Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated for this Journal.
Important Dates
· Submission Deadline : June 22, 2024
· Notification : July 22, 2024
· Final Manuscript Due : July 29, 2024
· Publication Date : Determined by the Editor-in-Chief
Contact Us
Here's where you can reach us: ijcnc@airccse.org or ijcnc@aircconline.com
For other details please visit - http://airccse.org/journal/ijcnc.html
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Blockchain Enforced Attribute based Access Control with ZKP for Healthcare Se...IJCNCJournal
The relationship between doctors and patients is reinforced through the expanded communication channels provided by remote healthcare services, resulting in heightened patient satisfaction and loyalty. Nonetheless, the growth of these services is hampered by security and privacy challenges they confront. Additionally, patient electronic health records (EHR) information is dispersed across multiple hospitals in different formats, undermining data sovereignty. It allows any service to assert authority over their EHR, effectively controlling its usage. This paper proposes a blockchain enforced attribute-based access control in healthcare service. To enhance the privacy and data-sovereignty, the proposed system employs attribute-based access control, zero-knowledge proof (ZKP) and blockchain. The role of data within our system is pivotal in defining attributes. These attributes, in turn, form the fundamental basis for access control criteria. Blockchain is used to keep hospital information in public chain but EHR related data in private chain. Furthermore, EHR provides access control by using the attributed based cryptosystem before they are stored in the blockchain. Analysis shows that the proposed system provides data sovereignty with privacy provision based on the attributed based access control.
EECRPSID: Energy-Efficient Cluster-Based Routing Protocol with a Secure Intru...IJCNCJournal
A revolutionary idea that has gained significance in technology for Internet of Things (IoT) networks backed by WSNs is the " Energy-Efficient Cluster-Based Routing Protocol with a Secure Intrusion Detection" (EECRPSID). A WSN-powered IoT infrastructure's hardware foundation is hardware with autonomous sensing capabilities. The significant features of the proposed technology are intelligent environment sensing, independent data collection, and information transfer to connected devices. However, hardware flaws and issues with energy consumption may be to blame for device failures in WSN-assisted IoT networks. This can potentially obstruct the transfer of data. A reliable route significantly reduces data retransmissions, which reduces traffic and conserves energy. The sensor hardware is often widely dispersed by IoT networks that enable WSNs. Data duplication could occur if numerous sensor devices are used to monitor a location. Finding a solution to this issue by using clustering. Clustering lessens network traffic while retaining path dependability compared to the multipath technique. To relieve duplicate data in EECRPSID, we applied the clustering technique. The multipath strategy might make the provided protocol more dependable. Using the EECRPSID algorithm, will reduce the overall energy consumption, minimize the End-to-end delay to 0.14s, achieve a 99.8% Packet Delivery Ratio, and the network's lifespan will be increased. The NS2 simulator is used to run the whole set of simulations. The EECRPSID method has been implemented in NS2, and simulated results indicate that comparing the other three technologies improves the performance measures.
Analysis and Evolution of SHA-1 Algorithm - Analytical TechniqueIJCNCJournal
A 160-bit (20-byte) hash value, sometimes called a message digest, is generated using the SHA-1 (Secure Hash Algorithm 1) hash function in cryptography. This value is commonly represented as 40 hexadecimal digits. It is a Federal Information Processing Standard in the United States and was developed by the National Security Agency. Although it has been cryptographically cracked, the technique is still in widespread usage. In this work, we conduct a detailed and practical analysis of the SHA-1 algorithm's theoretical elements and show how they have been implemented through the use of several different hash configurations.
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative AnalysisIJCNCJournal
Deep learning is currently extensively employed across a range of research domains. The continuous advancements in deep learning techniques contribute to solving intricate challenges. Activation functions (AF) are fundamental components within neural networks, enabling them to capture complex patterns and relationships in the data. By introducing non-linearities, AF empowers neural networks to model and adapt to the diverse and nuanced nature of real-world data, enhancing their ability to make accurate predictions across various tasks. In the context of intrusion detection, the Mish, a recent AF, was implemented in the CNN-BiGRU model, using three datasets: ASNM-TUN, ASNM-CDX, and HOGZILLA. The comparison with Rectified Linear Unit (ReLU), a widely used AF, revealed that Mish outperforms ReLU, showcasing superior performance across the evaluated datasets. This study illuminates the effectiveness of AF in elevating the performance of intrusion detection systems.
An Hybrid Framework OTFS-OFDM Based on Mobile Speed EstimationIJCNCJournal
The Future wireless communication systems face the challenging task of simultaneously providing high-quality service (QoS) and broadband data transmission, while also minimizing power consumption, latency, and system complexity. Although Orthogonal Frequency Division Multiplexing (OFDM) has been widely adopted in 4G and 5G systems, it struggles to cope with a significant delay and Doppler spread in high mobility scenarios. To address these challenges, a novel waveform named Orthogonal Time Frequency Space (OTFS). Designers aim to outperform OFDM by closely aligning signals with the channel behaviour. In this paper, we propose a switching strategy that empowers operators to select the most appropriate waveform based on an estimated speed of the mobile user. This strategy enables the base station to dynamically choose the waveform that best suits the mobile user’s speed. Additionally, we suggest retaining an Integrated Sensing and Communication (ISAC) radar approach for accurate Doppler estimation. This provides precise information to facilitate the waveform selection procedure. By leveraging the switching strategy and harnessing the Doppler estimation capabilities of an ISAC radar.Our proposed approach aims to enhance the performance of wireless communication systems in high mobility cases. Considering the complexity of waveform processing, we introduce an optimized hybrid system that combines OTFS and OFDM, resulting in reduced complexity while still retaining performance benefits.This hybrid system presents a promising solution for improving the performance of wireless communication systems in higher mobility.The simulation results validate the effectiveness of our approach, demonstrating its potential advantages for future wireless communication systems. The effectiveness of the proposed approach is validated by simulation results as it will be illustrated.
Enhanced Traffic Congestion Management with Fog Computing - A Simulation-Base...IJCNCJournal
Accurate latency computation is essential for the Internet of Things (IoT) since the connected devices generate a vast amount of data that is processed on cloud infrastructure. However, the cloud is not an optimal solution. To overcome this issue, fog computing is used to enable processing at the edge while still allowing communication with the cloud. Many applications rely on fog computing, including traffic management. In this paper, an Intelligent Traffic Congestion Mitigation System (ITCMS) is proposed to address traffic congestion in heavily populated smart cities. The proposed system is implemented using fog computing and tested in a crowdedCairo city. The results obtained indicate that the execution time of the simulation is 4,538 seconds, and the delay in the application loop is 49.67 seconds. The paper addresses various issues, including CPU usage, heap memory usage, throughput, and the total average delay, which are essential for evaluating the performance of the ITCMS. Our system model is also compared with other models to assess its performance. A comparison is made using two parameters, namely throughput and the total average delay, between the ITCMS, IOV (Internet of Vehicle), and STL (Seasonal-Trend Decomposition Procedure based on LOESS). Consequently, the results confirm that the proposed system outperforms the others in terms of higher accuracy, lower latency, and improved traffic efficiency.
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
May 2024, Volume 16, Number 3 - The International Journal of Computer Network...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...TechSoup
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
How to Manage Reception Report in Odoo 17Celine George
A business may deal with both sales and purchases occasionally. They buy things from vendors and then sell them to their customers. Such dealings can be confusing at times. Because multiple clients may inquire about the same product at the same time, after purchasing those products, customers must be assigned to them. Odoo has a tool called Reception Report that can be used to complete this assignment. By enabling this, a reception report comes automatically after confirming a receipt, from which we can assign products to orders.
How to Setup Default Value for a Field in Odoo 17Celine George
In Odoo, we can set a default value for a field during the creation of a record for a model. We have many methods in odoo for setting a default value to the field.
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...EduSkills OECD
Andreas Schleicher, Director of Education and Skills at the OECD presents at the launch of PISA 2022 Volume III - Creative Minds, Creative Schools on 18 June 2024.
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
How to Download & Install Module From the Odoo App Store in Odoo 17Celine George
Custom modules offer the flexibility to extend Odoo's capabilities, address unique requirements, and optimize workflows to align seamlessly with your organization's processes. By leveraging custom modules, businesses can unlock greater efficiency, productivity, and innovation, empowering them to stay competitive in today's dynamic market landscape. In this tutorial, we'll guide you step by step on how to easily download and install modules from the Odoo App Store.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Gender and Mental Health - Counselling and Family Therapy Applications and In...
PERFORMANCE EVALUATION OF DIFFERENT KERNELS FOR SUPPORT VECTOR MACHINE USED IN INTRUSION DETECTION SYSTEM
1. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
DOI: 10.5121/ijcnc.2016.8604 39
PERFORMANCE EVALUATION OF DIFFERENT
KERNELS FOR SUPPORT VECTOR MACHINE USED
IN INTRUSION DETECTION SYSTEM
Md. Al Mehedi Hasan1
, Shuxiang Xu2
, Mir Md. Jahangir Kabir2
and Shamim
Ahmad1
1
Department of Computer Science and Engineering, University of Rajshahi, Bangladesh.
2
School of Engineering and ICT, University of Tasmania, Australia.
ABSTRACT
The success of any Intrusion Detection System (IDS) is a complicated problem due to its nonlinearity and
the quantitative or qualitative network traffic data stream with numerous features. As a result, in order to
get rid of this problem, several types of intrusion detection methods with different levels of accuracy have
been proposed which leads the choice of an effective and robust method for IDS as a very important topic
in information security. In this regard, the support vector machine (SVM) has been playing an important
role to provide potential solutions for the IDS problem. However, the practicability of introducing SVM is
affected by the difficulties in selecting appropriate kernel and its parameters. From this viewpoint, this
paper presents the work to apply different kernels for SVM in ID Son the KDD’99 Dataset and NSL-KDD
dataset as well as to find out which kernel is the best for SVM. The important deficiency in the KDD’99
data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data
set RRE-KDD by eliminating redundant record from KDD’99train and test dataset prior to apply different
kernel for SVM. This RRE-KDD consists of both KDD99Train+ and KDD99Test+dataset for training and
testing purposes, respectively. The way to derive RRE-KDD data set is different from that of NSL-KDD
data set. The experimental results indicate that Laplace kernel can achieve higher detection rate and lower
false positive rate with higher precision than other kernel son both RRE-KDD and NSL-KDD datasets. It is
also found that the performances of other kernels are dependent on datasets.
KEYWORDS
Intrusion Detection, KDD’99, NSL-KDD, Support Vector Machine, Kernel, Kernel Selection
1. INTRODUCTION
In spite of having great advantages of Internet, still then it has compromised the stability and
security of the systems connected to it. Although static defense mechanisms such as firewalls and
software updates can provide a reasonable level of security, more dynamic mechanisms such as
intrusion detection systems (IDSs) should also be utilized [1]. Intrusion detection is the process of
monitoring events occurring in a computer system or network and analyzing them for signs of
2. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
40
intrusions. The IDSs are simply classified as host-based or network-based. The former is operated
on information collected from within an individual computer system and the latter collect raw
network packets and analyze for signs of intrusions. There are two different detection techniques
employed in IDS to search for attack patterns: Misuse and Anomaly. Misuse detection systems
find known attack signatures in the monitored resources. The anomaly detection systems find
attacks by detecting changes in the pattern of utilization or behavior of the system [2].
As network attacks have been increased significantly over the past few years, Intrusion Detection
Systems (IDSs) have become a necessary addition to the security infrastructure of most
organizations [3]. Deploying highly effective IDS systems is extremely challenging and has
emerged as a significant field of research, because it is not theoretically possible to set up a
system with no vulnerabilities [4]. Several machine learning (ML) algorithms, for instance Neural
Network [5], Genetic Algorithm [6, 7], Fuzzy Logic [4, 8, 9], clustering algorithm [10] and more
have been extensively employed to detect intrusion activities from large quantity of complex and
dynamic data sets.In recent times, support vector machine (SVM) has been extensively applied to
provide potential solutions for the IDS problem. But, the selection of an appropriate kernel and its
parameters for a certain classification problem influence the performance of the SVM. The reason
behind it is that different kernel functions construct different SVMs and affect the generalization
ability and learning ability of SVM. However, there is no theoretical method for selecting kernel
function and its parameters. Literature survey showed that for all practical purposes, most of the
researchers applied Radial Basis Function (RBF) kernel to build SVM based intrusion detection
system [11, 12, 13, 14] and found the value of its parameter by using different technique and
moreover some research paper did not mention value of the kernel parameter [13]and some others
used the default value of the software package used [15].Surprisingly still there are many other
kernel functions which are not yet applied in intrusion detection. But the nature of classification
problem requires applying of different kernels for SVM to ensure optimal result [13]. This
requirement motivated us to apply different kernel functions for SVM rather than just of using
RBF in IDS, which, in turn, may provide better accuracy and detection rate. At the same time, we
have also tried to find out parameter value to the corresponding kernel.
The remainder of the paper is organized as follows: Section 2 provides the description of the
KDD’99 and NSL-KDD dataset. We outline mathematical overview of SVM in Section 3.
Dataset and Experimental setup is presented in Section 4.Preprocessing and SVM model selection
are drawn in Section 5 and 6 respectively. Finally, Section 7 reports the experimental result
followed by conclusion in Section 8.
2. KDDCUP’99 DATASET
Under the sponsorship of Defense Advanced Research Projects Agency (DARPA) and Air Force
Research Laboratory (AFRL), MIT Lincoln Laboratory has collected and distributed the datasets
for the evaluation of researches in computer network intrusion detection systems [16]. The
KDD’99 dataset is a subset of the DARPA benchmark dataset prepared by Sal Stofo and Wenke
Lee [17]. The KDD data set was acquired from raw tcp dump data for a length of nine weeks. It is
made up of a large number of network traffic activities that include both normal and malicious
connections. The KDD99 data set includes three independent sets; ‘‘whole KDD’’, ‘‘10%
3. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
41
KDD’’, and ‘‘corrected KDD’’. Most of researchers used ‘‘10% KDD’’ and ‘‘corrected KDD’’
as training and testing set, respectively [18]. The training set contains a total of 22 training attack
types. The ‘‘corrected KDD’’ testing set includes an additional 17 types of attacks and excludes 2
types (spy, warezclient) of attacks from training set. There are 37 attack types which are included
in the testing set, as shown in Table 1 and Table 2. The simulated attacks fall in one of the four
categories [1, 18, 19]: (a) Denial of Service Attack (DoS), (b) User to Root Attack (U2R), (c)
Remote to Local Attack (R2L), (d) Probing Attack. A connection in the KDD-99 dataset is
represented by 41 features, each of which is in one of the continuous, discrete and symbolic form,
with significantly varying ranges [20].
Table 1: Attacks in KDD’99 Training Dataset
Classification of
Attacks
Attack Name
Probing Port-sweep, IP-sweep, Nmap, Satan
DoS Neptune, Smurf, Pod, Teardrop, Land, Back
U2R Buffer-overflow, Load-module, Perl, Rootkit
R2L Guess-password, Ftp-write, Imap, Phf, Multihop, spy, warezclient,
Warezmaster
Table 2: Attacks in KDD’99 Testing Dataset
Classification of
Attacks
Attack Name
Probing Port-Sweep, Ip-Sweep, Nmap, Satan, Saint, Mscan
DoS Neptune, Smurf, Pod, Teardrop, Land, Back, Apache2,Udpstorm,
Processtable,Mail-Bomb
U2R Buffer-Overflow, Load-Module, Perl, Rootkit, Xterm, Ps,
Sqlattack
R2L Guess-Password, Ftp-Write, Imap, Phf, Multihop, Warezmaster,
Snmpgetattack, Named, Xlock, Xsnoop, Send-Mail, Http-
Tunnel, Worm, Snmp-Guess
2.1. INHERENT PROBLEMS OF THE KDD’99 AND OUR PROPOSED SOLUTION
Statistical analysis on KDD’99 dataset found important issues which highly affects the
performance of evaluated systems and results in a very poor evaluation of anomaly detection
approaches [13]. The most important deficiency in the KDD data set is the huge number of
redundant records. Analyzing KDD train and test sets, Mohbod Tavallaee found that about 78%
and 75% of the records are duplicated in the train and test set, respectively [15]. This large
amount of redundant records in the train set will cause learning algorithms to be biased towards
the more frequent records, and thus prevent it from learning infrequent records which are usually
more harmful to networks such as U2R attacks. The existence of these repeated records in the test
set, on the other hand, will cause the evaluation results to be biased by the methods which have
better detection rates on the frequent records.
4. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
42
To solve these issues, we have derived a new data set RRE-KDD by eliminating redundant record
from KDD’99 train and test dataset (10% KDD and corrected KDD), so the classifiers will not be
biased towards more frequent records. This RRE-KDD dataset consists of KDD99Train+ and
KDD99Test+ dataset for training and testing purposes, respectively. The numbers of records in
the train and test sets are now reasonable, which makes it affordable to run the experiments on the
complete set without the need to randomly select a small portion.
2.2. NSL-KDD DATASET
To overcome the problem of KDD’99 dataset, researchers have proposed a new data set, NSL-
KDD, which consists of selected records of the complete KDD data set [15]. The development of
NSL-KDD dataset was different than our approach. The NSL-KDD dataset also does not include
redundant records in the train set, so the classifiers will not be biased towards more frequent
records. The numbers of records in the train and test sets are also reasonable, which makes it
affordable to run the experiments on the complete set without the need to randomly select a small
portion. Consequently, evaluation results of different research works will be consistent and
comparable.
3. SVM CLASSIFICATION
The theory of support vector machine (SVM) is from statistics and the basic principle of SVM is
finding the optimal linear hyper plane in the feature space that maximally separates the two target
classes [21, 22, 23]. There are two types of data namely linearly separable and non-separable
data. To handle these data, two types of classifier, linear and non-linear, are used in pattern
recognition field.
3.1. LINEAR CLASSIFIER
Consider the problem of separating the set of training vectors belong to two linear separate
classes, , , , , … … , , where ∈ , ∈ {−1, +1} with a hyper plane +
= 0. Finding a separating hyperplane can be posed as a constraint satisfaction problem. The
constraint problem can be defined to determine w and b such that:
+ ≥ 1 = +1
+ ≤ −1 = −1
ℎ = 1,2,3, … … , !
Considering the maximum margin classifier, there is hard margin SVM, applicable to a linearly
separable dataset, and then modifies it to handle non-separable data. This leads to the following
constrained optimization problem:
" ! " # $,%
1
2
‖ ‖
Subject to: + ≥ 1, = 1,2,3, … … , !(1)
5. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
43
The constraints in this formulation ensure that the maximum margin classifier classifies each
example correctly, which is possible since we assumed that the data is linearly separable. In
practice, data is often not linearly separable and in that case, a greater margin can be achieved by
allowing the classifier to misclassify some points. To allow errors, the optimization problem now
becomes:
" !$,%
1
2
‖ ‖ + ' ( )
*
Subject to: + ≥ 1 − ) , = 1,2,3, … … . , !(2)
) ≥ 0, = 1,2,3, … … , !
The constant' > 0 sets the relative importance of maximizing the margin and minimizing the
amount of slack. This formulation is called the soft-margin SVM [21, 22, 23]. Using the method
of Lagrange multipliers, we can obtain the dual formulation which is expressed in terms of
variables- [22, 23]:
". " # / ( - −
1
2
( ( - -0
0*
0 0
**
Subject to:∑ - = 0,* 0 < - < ' for all = 1,2,3, … … , !(3)
The dual formulation leads to an expansion of the weight vector in terms of the input examples:
= ( -
*
Finally, the linear classifier based on a linear discriminant function takes the following form
= ∑ - + (4)
3.2. NON-LINEAR CLASSIFIER
In many applications a non-linear classifier provides better accuracy. The naive way of making a
non-linear classifier out of a linear classifier is to map our data from the input space X to a feature
space F using a non-linear function∅: 5 → 7. In the space F, the discriminant function is:
= ∅ + .
Now, examine what happens when the nonlinear mapping is introduced into equation (3). We
have to optimize
". " # / ( - −
1
2
( ( - -0
0*
0∅ ∅ 0
**
Subject to:∑ - = 0* , 0 < - < 'for all = 1,2,3, … … , ! (5)
6. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
44
Notice that the mapped data only occurs as an inner product in the objectives. Now, we can apply
a little mathematically rigorous magic known as kernels. By Mercer’s theorem, we know that for
certain mapping ∅ and any two points and 0, the inner product of the mapped points can be
evaluated using the kernel function without ever explicitly knowing the mapping [24] . The
kernel function can be defined as
89 , 0: = ∅ ∅ 0
Substituting the kernel in the equation (5), the optimization takes the following form:
". " # / ( - −
1
2
( ( - -0
0*
089 , 0:
**
Subject to:∑ - = 0 * ,0 < - < 'for all = 1,2,3, … … , ! (6)
Finally, in terms of the kernel function the discriminant function takes the following form:
= ( - 8 , +
3.3. KERNEL AND ITS PARAMETERS SELECTION
A kernel function and its parameter have to be chosen to build a SVM classifier [14]. In this
work, four main kernels have been used to build SVM classifier. They are
1. Linear kernel: ;9 , 0: =< , 0 >
2. Polynomial kernel:; , 0 = < , 0 > +1 <
, d is the degree of polynomial.
3. Gaussian kernel:;9 , 0: = exp −
@ABCAD@
E
F
, G is the width of the function.
4. Laplace Kernel:;9 , 0: = exp −
@ABCAD@
F
, G is the width of the function.
Training an SVM finds the large margin hyper plane, i.e. sets the parameters- . The SVM has
another set of parameters called hyperparameters: The soft margin constant, C, and any
parameters the kernel function may depend on (width of a Gaussian kernel or degree of a
polynomial kernel)[25]. The soft margin constant C adds penalty term to the optimization
problem. For a large value of C, a large penalty is assigned to errors/margin errors and creates
force to consider points close to the boundary and decreases the margin. A smaller value of C
allows to ignore points close to the boundary, and increases the margin.
Kernel parameters also have a significant effect on the decision boundary [25]. The degree of the
polynomial kernel and the width parameter σ of the Gaussian kernel or Laplace Kernel control the
flexibility of the resulting classifier. The lowest degree polynomial is the linear kernel, which is
not sufficient when a non-linear relationship between features exists. Higher degree polynomial
7. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
45
kernels are flexible enough to discriminate between the two classes with a sizable margin and
greater curvature for a fixed value of the soft-margin constant. On the other hand in Gaussian
Kernel or Laplace Kernel, for a fixed value of the soft-margin constant, large values of σ the
decision boundary is nearly linear. As σ decreases the flexibility of the decision boundary
increases and small values of σ lead to over fitting [25].
A question frequently posed by practitioners is "which kernel should I use for my data?". There
are several answers to this question. The first is that it is, like most practical questions in machine
learning, data-dependent, so several kernels should be tried. That being said, we typically follow
the following procedure: Try a linear kernel first, and then see if we can improve on its
performance using a non-linear kernel [21, 25].
3.4. MULTICLASS SUPPORT VECTOR MACHINE
Support vector machines are formulated for two class problems. But because support vector
machines employ direct decision functions, an extension to multiclass problems is not
straightforward [12, 21]. There are several types of support vector machines that handle
multiclass problems. We used here only One-vs-All multiclass support vector machines for our
research work. The One-Vs-All technique is extended from the binary two-class problem to
perform classification tasks with ; > 2classes. In this approach, the base classifier (in our case -
SVM) is trained on K copies of the K class original training set, with each copy having the Kth
label as the positive label, and all other labels as the negative label (combined class).We denote
the optimal separating hyper plane discriminating the class j and the combined class as
H0
= xI
wK L
+ bNL
, j = 1, ,2,3, … . , K
where the superscript in K0
stands for the class which should be separated from the other
observations.After finding the all k optimal separating hyper planes, the final classifier has been
defined by
Q = . H". 0 H0
In this approach the index of the largest component of the discriminant vector
H , H , … … , HQ
is assigned to the vector x. In other words, each input is classified by
all K models, and the output is chosen by the model with the highest degree of confidence.
4. DATASETS AND EXPERIMENTS
Investigating the existing papers on the anomaly detection which have used the KDD data set, we
found that a subset of KDD’99 dataset has been used for training and testing instead of using the
whole KDD’99 dataset [13, 15, 26, 27,28]. Existing papers on the anomaly detection mainly used
two common approaches to apply KDD [15]. In the first, KDD’99 training portion is employed
for sampling both the train and test sets. However, in the second approach, the training samples
are randomly collected from the KDD train set, while the samples for testing are arbitrarily
selected from the KDD test set. The basic characteristics of the original KDD’99 and RRE-
KDD(KDD99Train+ and KDD99Test+)intrusion detection datasets in terms of number of
8. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
46
samples is given in Table 3. The distribution of the number of samples of each class of NSL-
KDD dataset is also given in Table 3. Although the distribution of the number of samples of
attack is different on different research papers, we have used the Table 1 and 2 to find out the
distribution of attack [1, 3,18].In our experiment, whole train(KDD99Train+ and KDD
Train+NSL-KDD) dataset has been used to train our classifier and the test (KDD99Test+ and
KDD Test+NSL-KDD) set has been used to test the classifier. All experiments were performed
using Intel core i5 2.27 GHz processor with 4GB RAM, running Windows 7.
To select the best model in model selection phase, we have drawn 10% samples from both of the
training set (KDD99Train+ and KDD Train+NSL-KDD) to tune the parameters of all kernels and
another 10% samples from the training set (KDD99Train+ and KDD Train+NSL-KDD) to
validate those parameters, as shown in Table 3. In our experiment, four different types of kernel
have been used.
Table 3: Number of Samples of Each Attack in Dataset
Dataset Various Independent
Sets
Normal DoS Probing R2L U2R Total
Original
KDD’99
Dataset
WholeKDD (Original
KDD)
972780 3883370 41102 1126 52 4898430
10% KDD (Original
KDD)
97278 391458 4107 1126 52 494021
KDD corrected(Original
KDD)
60593 229853 4166 16347 70 311029
RRE-KDD
Dataset
KDD99Train+ 87832 54572 2130 999 52 145585
KDD99Test+ 47913 23568 2678 3058 70 77287
Train Set (For Model
Selection)
8784 5458 213 100 6 14561
Validation Set
(For Model Selection)
8784 5458 213 100 6 14561
NSL-KDD
Dataset
KDDTrain+NSL-KDD 67343 45927 11656 995 52 125973
KDDTest+NSL-KDD 9711 7458 2421 2887 67 22544
Train SetNSLKDD
(For Model Selection)
6735 4593 1166 100 6 12600
Validation Set
NSLKDD
(For Model Selection)
6735 4593 1166 100 6 12600
5. PRE-PROCESSING
SVM classification system is not able to process the train (KDD99Train+ and KDDTrain+NSL-
KDD) and test (KDD99Test+ and KDDTest+NSL-KDD) dataset in its current format. SVM
requires that each data instance is represented as a vector of real numbers. Hence preprocessing
was required before SVM classification system could be built. Preprocessing contains the
following processes: The features in columns 2, 3, and 4 in the KDD’99 dataset or NSL-KDD
dataset are the protocol type, the service type, and the flag, respectively. The value of the protocol
type may be tcp, udp, or icmp; the service type could be one of the 66 different network services
9. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
47
(RRE-KDD Dataset) or 70 different network services (NSL-KDD dataset) such as http and smtp;
and the flag has 11 possible values such as SF or S2. Hence, the categorical features in the KDD
dataset must be converted into a numeric representation. This is done by the usual binary
encoding – each categorical variable having possible m values is replaced with m-1 dummy
variables. Here a dummy variable have value one for a specific category and having zero for all
category. After converting category to numeric, we got 115 variables for each samples of the
RRE-KDD dataset and 119 variables for each samples of the NSL-KDD dataset. Some
researchers used only integer code to convert category features to numeric representation instead
of using dummy variables which is not statistically meaningful way for this type of conversion
[13, 18].The final step of pre-processing is scaling the training data, i.e. normalizing all features
so that they have zero mean and a standard deviation of 1. This avoids numerical instabilities
during the SVM calculation. We then used the same scaling of the training data on the test set.
Attack names were mapped to one of the five classes namely Normal, DoS (Denial of Service),
U2R (user-to-root: unauthorized access to root privileges), R2L (remote-to-local: unauthorized
access to local from a remote machine), and Probe (probing: information gathering attacks).
6. SVM MODEL SELECTION
In order to generate highly performing SVM classifiers capable of dealing with real data an
efficient model selection is required. In our experiment, Grid-search technique has been used to
find the best model for SVM with different kernel. In our experiments, this method selects the
values of parameters considering highest accuracy and then time if more than one position in
search space has the same accuracy. In our experiment, Sequential Minimization Optimization
with the following options in Mat lab, shown in Table 4, has been used. We have considered the
range of the parameter in the grid search which converged within the maximum iteration using
the train set (For Model Selection) and validation set (For Model selection) shown in Table 3.
We have tuned SVM separately for each of the dataset (RRE-KDD and NSL-KDD dataset) using
their corresponding train and validation set which has been derived for model selection purposes.
In this section, we will give the procedure for SVM model selection for our derived RRE-KDD
dataset in details with the obtained result in graphical presentation, however, result found for
NSL-KDD dataset presented in tabular form.
Table 4: Sequential Minimization Optimization Options
Option Value
Max Iter 1000000
Kernel Cache Limit 10000
6.1. MODEL SELECTION FOR RRE-KDD DATASET
For linear kernel, to find out the parameter value C, we have considered the value from 2-8
to 26
as
our searching space. The resulting search space for linear kernel is shown in Figure 1. We have
taken the parameter value C=4 which provides highest accuracy 99.31% accuracy in the
validation set to train the whole train data (KDD99Train+) and test the test data (KDD99Test+).
10. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
48
For polynomial kernel, to find the parameter value C (penalty term for soft margin) and d (poly
order), we have considered the value from 2-8
to 26
for C and from 1 to 3 for d as our searching
space. The resulting search space for polynomial kernel is shown in Figure 2. We have taken the
parameters value d=2 and C=0.0039 which provides highest accuracy 99.70% accuracy in the
validation set to train the whole train data (KDD99Train+) and test the test data (KDD99Test+).
Figure 1: Parameter (C) tuning for Linear
Kernel
Figure 2: Parameters (C, d) tuning for
Polynomial Kernel
For radial basis kernel, to find the parameter value C (penalty term for soft margin) and σ, we
have considered the value from 2-8
to 26
for C and from 2-8
to 26
for sigma as our searching space.
The resulting search space for radial basis kernel is shown in Figure 3. We have taken parameter
value C=32 and σ=16 which provides highest accuracy 99.01% among the search space in the
validation set to train the whole train data (KDD99Train+) and test the test data (KDD99Test+).
Figure 3: Parameter (C, σ) tuning for Radial Basis kernel Figure 4: Parameters (C, σ) tuning for Laplace kernel
Again, for Laplace kernel, to find the parameter value C (penalty term for soft margin) and σ, we
have considered the value from 2-8
to 26
for C and from 2-8
to 26
for sigma as our searching space.
11. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
49
The resulting search space for Laplace kernel is shown in Figure 4. We have taken parameter
value C=64 and σ=8 which provides highest accuracy 99.70% accuracy in the validation set to
train the whole train data (KDD99Train+) and test the test data (KDD99Test+).
6.2. MODEL SELECTION FOR NSL-KDD DATASET
We have followed the same procedure discussed in section 6.1 to select the model for SVM for
NSL-KDD dataset. The optimal parameter value which we took for each of the kernel is shown in
Table 5. This parameter value has been used to train the whole train data (KDDTrain+NSL-KDD)
and test the test data (KDDTest+NSL-KDD).
Table 5: Optimal Parameter Value for Each of the Kernel for NSL-KDD Dataset
Kernel C d σ
Linear 16 - -
Polynomial 0.0625 2 -
Radial Basis 32 - 2
Laplace 32 - 4
7. SIMULATION RESULTS
The final training/testing phase is concerned with the development and evaluation on a test set of
the final SVM model created on the basis of optimal hyper-parameters found in the model
selection phase [21]. After finding the parameters, we have built the model using the whole
training dataset (KDD99Train+ and KDDTrain+NSL-KDD) for each of the kernel tricks. Finally
we have tested the model using the test dataset (KDD99Test+ and KDDTest+NSL-KDD). The
training and testing results are given in Table 6 according to the classification accuracy. From
Table 6, it is observed that the Laplace kernel produces higher detection rate on both RRE-KDD
dataset and NSL-KDD datasets than other kernels. It is also noticed that the linear and polynomial
kernel performs better than RBF kernel on NSL-KDD dataset, whereas, RBF kernel performs
better than linear and polynomial kernel on RRE-KDD dataset.
Table 6: Training and Testing Accuracy of Different Kernels on RRE-KDD and NSL-KDD Datasets
Kernel
Training Accuracy Testing Accuracy
RRE-KDD Dataset NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
Linear 77.82 86.56 36.93 63.60
Polynomial 99.73 99.31 91.27 73. 54
Radial Basis 99.79 99.80 92.99 56.88
Laplace 99.97 99.91 93.19 79.08
12. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
50
Table 7: False Positive Rate (%) of Different Kernels for Each of the Attack Types Including Normal.
Kernel
Dos Normal Probing R2L U2R Average
False Positive
Rate
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
Linear 8.04 58.5 91.55 3.99 12.14 21.11 84.7 99.92 94.29 98.87 58.14 56.48
Polynomial 9.55 27.46 1.52 5.34 43.09 37.42 83.29 81.58 92.86 97.37 46.06 49.83
Radial
Basis
3.84 70.53 1.94 3.25 42.64 51.63 77.76 97.6 85.71 100
42.38 64.60
Laplace 3.62 12.2 1.27 4.45 40.44 27.51 87.38 86.53 67.14 97 39.97 45.74
The obtained false positive and precision rates for each of kernel are given in Table 7 and 8
respectively. The Laplace kernel gives lower false positive rate and higher precision than other
kernels for both RRE-KDD dataset and NSL-KDD dataset. It is noted that Table7 and 8 provides
detail performance of different kernels on different datasets as summarized in Table 6.
Table 8: Precision (%) of Different Kernels for Each of the Attack Types Including Normal.
Kernel
Dos Normal Probing R2L U2R Average
Precision
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
RRE-KDD
Dataset
NSL-KDD
Dataset
Linear 36.12 90.31 100 67.31 19.63 36.7 44.07 9.52 2.12 15.38 40.39 43.84
Polynomial 97.64 89.69 90.14 70.08 63 52.44 83.49 94.29 6.67 41.18 68.19 69.54
Radial
Basis 96.32 99.55 92.99 53.91 63.81 41.25 85.64 93.55 34.48 0 74.65 57.65
Laplace 96.8 94.03 92.29 70.92 74.74 77.04 94.14 96.74 85.18 88.89 88.63 85.52
8. CONCLUSION
In this research work, we evaluated the performance of different kernels for SVM used in IDS.
The performances of the different kernels based approach has been observed on the basis of their
accuracy in terms of false positive rate and precision. The results indicate that the performance of
the SVM classification depends mainly on the types of kernels and their parameters. The obtained
results justify the motivation of this work that only a single kernel cannot be considered for SVM
used in IDS to achieve the optimal performance. Research in intrusion detection using SVM
approach is still demanding due to its better performance. The research community working on
SVM based classification will be benefited with the results of this study.
13. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
51
REFERENCES
[1] Kayacik H. G., Zincir-Heywood A. N., Heywood M. I., "Selecting Features for Intrusion Detection:
A Feature Relevance Analysis on KDD 99 Benchmark", Proceedings of the PST 2005 –
International Conference on Privacy, Security, and Trust, pp. 85-89, 2005.
[2] Adetunmbi A. Olusola., Adeola S. Oladele., Daramola O. Abosede. "Analysis of KDD ’99 Intrusion
Detection Dataset for Selection of Relevance Features", Proceedings of the World Congress on
Engineering and Computer Science 2010 Vol I WCECS 2010, October 20-22, 2010.
[3] HeshamAltwaijry, SaeedAlgarny, "Bayesian based intrusion detection system", Journal of King
Saud University – Computer and Information Sciences, pp.1–6, 2012.
[4] O. Adetunmbi Adebayo, Zhiwei Shi, Zhongzhi Shi, Olumide S. Adewale, "Network Anomalous
Intrusion Detection using Fuzzy-Bayes", IFIP International Federation for Information Processing,
Vol: 228, pp: 525-530, 2007.
[5] Cannady J, “Artificial Neural Networks for Misuse Detection”, Proceedings of the ’98 National
Information System Security Conference (NISSC’98), pp. 443-456, 1998.
[6] Susan M. Bridges and Rayford B. Vaughn, “Fuzzy Data Mining And Genetic Algorithms Applied
To Intrusion Detection”, Proceedings of the National Information Systems Security Conference
(NISSC), Baltimore, MD, pp.16-19, October 2000.
[7] Pal, B.,Hasan, M.A.M., "Neural network & genetic algorithm based approach to network intrusion
detection & comparative analysis of performance," Computer and Information Technology (ICCIT),
2012 15th International Conference on, pp.150-154, 22-24 Dec. 2012.
[8] Abadeh, M.S., Habibi, J., "Computer Intrusion Detection Using an Iterative Fuzzy Rule Learning
Approach", Proceedings of the IEEE International Conference on Fuzzy Systems, pp: 1-6, London,
2007.
[9] BharanidharanShanmugam, NorbikBashahIdris, "Improved Intrusion Detection System Using Fuzzy
Logic for Detecting Anomaly and Misuse Type of Attacks", Proceedings of the International
Conference of Soft Computing and Pattern Recognition, pp: 212-217, 2009.
[10] Qiang Wang and VasileiosMegalooikonomou, "A clustering algorithm for intrusion detection", in
Proceedings of the conference on Data Mining, Intrusion Detection, Information Assurance, and
Data Networks Security, vol. 5812, pp. 31-38, March 2005.
[11] Vipin Das, VijayaPathak, Sattvik Sharma, Sreevathsan, MVVNS. Srikanth, Gireesh Kumar T,
"Network Intrusion Detection System Based On Machine Learning Algorithms", International
Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010.
[12] ArvindMewada, PraffulGedam, Shamaila Khan, M. Udayapal Reddy, "Network Intrusion Detection
Using Multiclass Support Vector Machine", Special Issue of IJCCT Vol. 1 Issue 2, 3, 4; 2010 for
International Conference [ACCTA-2010], August 2010.
[13] Heba F. Eid, Ashraf Darwish, Aboul Ella Hassanien, Ajith Abraham, "Principle Components
Analysis and Support Vector Machine based Intrusion Detection System", 10th International
Conference on Intelligent Systems Design and Applications, 2010.
[14] V. Jaiganesh, Dr. P. Sumathi, "Intrusion Detection Using Kernelized Support Vector Machine
WithLevenbergmarquardt Learning", International Journal of Engineering Science and Technology
(IJEST), Vol. 4 No. 03 March 2012.
[15] MahbodTavallaee, EbrahimBagheri, Wei Lu, Ali A. Ghorbani, “A Detailed Analysis of the KDD
CUP 99 Data Set”, Proceedings of the 2009 IEEE Symposium on Computational Intelligence in
Security and Defense Applications (CISDA 2009), 2009.
[16] MIT Lincoln Laboratory, DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/CST.html,
MA, USA. July, 2010.
[17] KDD’99 dataset, http://kdd.ics.uci.edu/databases, Irvine, CA, USA, July, 2010.
14. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
52
[18] M. Bahrololum, E. Salahi, M. Khaleghi, "Anomaly Intrusion Detection Design Using Hybrid Of
Unsupervised And Supervised Neural Network", International Journal of Computer Networks &
Communications (IJCNC), Vol. 1, No. 2, July 2009.
[19] Nadiammai, G. V., M. Hemalatha. "Effective approach toward Intrusion Detection System using
data mining techniques." Egyptian Informatics Journal 15(1), pp. 37-50, 2014.
[20] Aggarwal, Preeti, and Sudhir Kumar Sharma. "Analysis of KDD Dataset Attributes-Class wise for
Intrusion Detection." Procedia Computer Science, 57, pp. 842-851, 2015.
[21] Md. Al Mehedi Hasan, Mohammed Nasser, Biprodip Pal, Shamim Ahmad,“Support Vector
Machine and Random Forest Modeling for Intrusion Detection System (IDS)” Journal of Intelligent
Learning Systems and Applications, Vol.6 No.1, PP. 45-52, February 2014.
[22] Vladimir N. Vapnik, “The Nature of Statistical Learning Theory”, Second Edition, Springer, New
York, ISBN 0-387-98780-0, 1999.
[23] Bernhard Scholkopf, Alexander J. Smola, "Learning with Kernels: Support Vector Machines,
Regularization, Optimization, and Beyond", The MIT Press Cambridge, Massachusetts London,
England, 2001.
[24] Kristin P. Bennett, Colin Cambell, "Support Vector Machines: Hype or
Hallelujah?",SIGKDDExplorations, Volume 2, Issue 2, pp.1-13, 2000.
[25] A. Ben-Hur, J. Weston. "A User’s guide to Support Vector Machines", In Biological Data Mining.
OlivieroCarugo and Frank Eisenhaber (eds.) Springer Protocols, 2009.
[26] Fangjun KUANG, Weihong XU, Siyang ZHANG, Yanhua WANG, Ke LIU , "A Novel Approach
of KPCA and SVM for Intrusion Detection", Journal of Computational Information Systems, pp.
3237-3244, 2012.
[27] Shilpalakhina, Sini Joseph, Bhupendraverma, "Feature Reduction using Principal Component
Analysis for Effective Anomaly–Based Intrusion Detection on NSL-KDD", International Journal of
Engineering Science and Technology Vol. 2(6), pp.1790-1799, 2010.
[28] Vasan, K. Keerthi, B. Surendiran., "Dimensionality reduction using Principal Component Analysis
for network intrusion detection." Perspectives in Science, 2016.
AUTHORS
Md. Al MehediHasan is currently a PhD Fellow in the Department of Computer
Science and Engineering (CSE) of Rajshahi University (RU), Bangladesh. He got B.Sc.
(Hons) and M.Sc degree in Computer Science and Engineering from Rajshahi
University, Bangladesh. After working as a lecturer (from 2007), he is an assistant
professor (from 2010) in the Dept. of Computer Science and Engineering, Rajshahi
University of Engineering and Technology, Bangladesh. His interested areas of research
are Artificial Intelligence, Pattern Recognition, Image Processing, Machine Learning,
Computer Vision, Probabilistic and Statistical Inference, Operating System,
Bioinformatics, and Computational Biology.
ShuxiangXu is currently a lecturer of School of Engineering and ICT, University of
Tasmania, Australia. He received a Bachelor of Applied Mathematics from University
of Electronic Science and Technology of China (1986), China, a Master of Applied
Mathematics from Sichuan Normal University (1989), China, and a PhD in Computing
from University of Western Sydney (2000), Australia. He received an Overseas
Postgraduate Research Award from the Australian government in 1996 to research his
Computing PhD. His current interests include the theory and applications of Artificial
Neural Networks, Genetic Algorithms, and Data Mining.
15. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.6, November 2016
53
Mir Md Jahangir Kabir is currently an Assistant Professor of the Department of
Computer Science and Engineering, Rajshahi University of Engineering and
Technology, Bangladesh. He received B.Sc. in Computer Science and Engineering
from Rajshahi University of Engineering and Technology, Bangladesh (2004), a M.Sc.
in Information Technology from University of Stuttgart, Germany (2009) and a P.hD.
in University of Tasmania, Australia (2016). After working as a lecturer (from 2004),
he is an assistant professor (from 2010) in the Dept. of Computer Science and
Engineering, Rajshahi University of Engineering and Technology, Bangladesh.
He received an Overseas Postgraduate Research Award from the Australian
government in 2013 to research in PhD. His research interests include the theory
and applications of Data Mining, Genetic Algorithm, Machine Learning and Artificial
Intelligence.
Dr. Shamim Ahmad: Received his Doctor of Engineering in Electrical Engineering
from Chubu university, Japan. He got his B.Sc (Hons) and MSc degree in Applied
Physics and Electronic Engineering from Rajshahi University, Bangladesh. Following
that he worked as research student in the department of Computer Engineering, Inha
University, South Korea. Currently he is working as Professor in the department of
Computer Engineering of Rajshahi University. He was the former head of that
department. His interested areas of research are Embedded System, Data Miming and
Digital Image Processing.