A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection

Mishra, Preeti; Varadharajan, Vijay; Tupakula, Udaya; Pilli, Emmanuel S.

doi:10.1109/comst.2018.2847722

Cited by 512 publications

(290 citation statements)

References 150 publications

Supporting

Mentioning

283

Contrasting

Unclassified

Order By: Relevance

“…This means that a device must not be permanently "blocked" after the occurrence of a DDoS attack was enabled in some degree by that device. We also think that machine learning techniques [29,30] can complement and enhance our rule-based detection mechanism, giving it the capability of detecting new and sophisticated cyber-attacks. Aligned with [31], we also think that the best and effective approach to battle against DDoS attacks is to build a defense mechanism as close as possible to the attack source that generates rogue traffic.…”

Section: Discussionmentioning

confidence: 99%

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

Manso

Moura

Serrão³

2019

Information

110

View full text Add to dashboard Cite

The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

show abstract

Section: Discussionmentioning

confidence: 99%

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

Manso

Moura

Serrão³

2019

Information

110

View full text Add to dashboard Cite

show abstract

“…Mishra.et al [6] done surveys on machine learning based IDS usingmixture of all IDS datasets mostly used DARPA [7], KDD'99 [8] [9]and NSL-KDD[10] and other datasets. Many IDS researchers have applied their Intrusion Detection System on one or more datasets.…”

Section: Related Workmentioning

confidence: 99%

“…The existing datasets do not represent the comprehensive representation of the modern orientation of network traffic and attack scenarios.These reasons have instigated a serious challenge for the cyber security research group at the Australian Centre for Cyber Security (ACCS) and other researchers of this domain around the globe. The raw network packets of the UNSW-NB15 dataset [6]…”

Section: Unsw-nb15 Datasetmentioning

confidence: 99%

Unsw-Nb15 Dataset and Machine Learning Based Intrusion Detection Systems

Sonule¹,

Kalla²,

Jain³

et al. 2020

IJEAT

View full text Add to dashboard Cite

The network attacks become the most important security problems in the today’s world. There is a high increase in use of computers, mobiles, sensors,IoTs in networks, Big Data, Web Application/Server,Clouds and other computing resources. With the high increase in network traffic, hackers and malicious users are planning new ways of network intrusions. Many techniques have been developed to detect these intrusions which are based on data mining and machine learning methods. Machine learning algorithms intend to detect anomalies using supervised and unsupervised approaches.Both the detection techniques have been implemented using IDS datasets like DARPA98, KDDCUP99, NSL-KDD, ISCX, ISOT.UNSW-NB15 is the latest dataset. This data set contains nine different modern attack types and wide varieties of real normal activities. In this paper, a detailed survey of various machine learning based techniques applied on UNSW-NB15 data set have been carried out and suggested thatUNSW-NB15 is more complex than other datasets and is assumed as a new benchmark data set for evaluating NIDSs.

show abstract

“…Therefore, our goal is only to generate an example model that can be replaced or customized in future framework applications. Besides, we choose the Random Forest algorithm because it is one of the most popular ensemble classifiers and has been widely used as a technique for intrusion detection …”

Section: The Framertp4 Frameworkmentioning

confidence: 99%

A real‐time attack defense framework for 5G network slicing

et al. 2020

View full text Add to dashboard Cite

Network Slicing (NS) is a key enabler to support 5G network services on-demand. However, since NS is a result of the recent advancement in Software-Defined Networking and Network Function Virtualization, it introduces new security issues which include attacks against an NS instance within an operator network and interslice security threats. In this scenario, identifying and mitigating attacks in real-time is of paramount importance to improve security aspects. However, it is far from being straightforward. Therefore, this work proposes the FrameRTP4, a P4-based framework that aims to deliver real-time attack detection and mitigation mechanisms in 5G NS scenarios. For this, it provides a P4-based switch that implements an Service Function Chaining protocol layer, an efficient and scalable Access Control List for the detection and mitigation of known attacks, and a monitoring system aiming to reduce the overhead induced on the control channel. Furthermore, it delivers an orchestrator that aims to control all switches in order to enable lifecycle management of NS instances and P4 table rules. Besides, it also performs some autonomous tasks such as the wildcard rules generation and the detection of new threats by using machine learning algorithms. Preliminary results point to the potential benefits of FrameRTP4 to be part of a 5G NS infrastructure. K E Y W O R D S5G, bloom filter, cybersecurity, network function virtualization, network slice, P4

show abstract

A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection

Cited by 512 publications

References 150 publications

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

Unsw-Nb15 Dataset and Machine Learning Based Intrusion Detection Systems

A real‐time attack defense framework for 5G network slicing

Contact Info

Product

Resources

About