Recently, network attacks launched by malicious attackers have seriously affected modern life and enterprise production, and these network attack samples have the characteristic of type imbalance, which undoubtedly increases the difficulty of intrusion detection. In response to this problem, it would naturally be very meaningful to design an intrusion detection system (IDS) to effectively and quickly identify and detect malicious behaviors. In our work, we have proposed a method for an IDS-combined incremental extreme learning machine (I-ELM) with an adaptive principal component (A-PCA). In this method, the relevant features of network traffic are adaptively selected, where the best detection accuracy can then be obtained by I-ELM. We have used the NSL-KDD standard dataset and UNSW-NB15 standard dataset to evaluate the performance of our proposed method. Through analysis of the experimental results, we can see that our proposed method has better computation capacity, stronger generalization ability, and higher accuracy.
This paper studies denial-of-services (DoS) attacks against industrial cyber-physical systems (ICPSs) for which we built a proper ICPS model and attack model. According to the impact of different attack rates on systems, instead of directly studying the time delay caused by the attacks some security zones are identified, which display how a DoS attack destroys the stable status of the ICPS. Research on security zone division is consistent with the fact that ICPSs’ communication devices actually have some capacity for large network traffic. The research on DoS attacks’ impacts on ICPSs by studying their operation conditions in different security zones is simplified further. Then, a detection method and a mimicry security switch strategy are proposed to defend against malicious DoS attacks and bring the ICPS under attack back to normal. Lastly, practical implementation experiments have been carried out to illustrate the effectiveness and efficiency of the method we propose.
SummaryClass imbalance makes traditional intrusion detection system have low detection rate (DR) and high false positive rate (FR) for minority class, which is unsuitable for practical needs. In order to improve the DRs and reduce FRs of minority classes, we propose a novel intrusion detection method, which combines convolutional neural networks (CNNs) algorithm with threshold modification method based on receiver operating characteristic (ROC) curve. In this method, we use CNNs as a classifier and modify threshold of the classifier through ROC curve. In addition, NSLKDD dataset and UNSW‐NB15 dataset have been carried out to evaluate the performance of this method. The experimental results illustrate that the proposed method has a better performance no matter in improving DRs or reducing FRs of minority classes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.