A Hybrid Intrusion Detection System Based on Scalable K-Means+ Random Forest and Deep Learning

Liu, Chao; Gu, Zhaojun; Wang, Jialiang

doi:10.1109/access.2021.3082147

Cited by 109 publications

(40 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Kernel‐based extreme learning machine (KELM) with the supervised learning with enhanced gray wolf optimizer (EGWO) is used for delete attack 38 . K‐means and the random forest (RF) algorithms for the binary classification for delete attack 39 . Fuzzy logic‐based intrusion detection method is used to detect the malicious node 40 .…”

Section: Resultsmentioning

confidence: 99%

Detection of unique delete attack in wireless sensor network using gradient thresholding‐long short‐term memory algorithm

Selvi

Shen

2022

Concurrency and Computation

View full text Add to dashboard Cite

Wireless sensor network (WSN) is widely used in many fields, including agriculture, military, healthcare, monitoring, and surveillance. WSN application increases day by day due to growth in embedded and internet technologies. However, data security in WSN is challenging, and different types of attacks are increasing. Traditional intrusion detection methods analyze and identify attacks such as Denial of Service, anomaly detection, wormhole, sybil, and blackhole. Traditional methods never addressed the application layer's novel attack, such as the delete attack. Unique DELETE attack (DA) forms in the application layer and targets web servers and applications. Since unique DA use uniform resource locator requests, distinguishing them from legitimate traffic becomes difficult. The unique DA classify as unique (or) single, multiple, and repeated unique DELETE attacks; for detecting the unique DA types, gradient thresholding-long short-term memory (GT-LSTM) algorithm is proposed using packet per second and traffic rate data in WSN nodes. GT-LSTM algorithm detects unique DA through different thresholding at the training option layer in LSTM. Different gradient thresholding values in LSTM reduce the exploding gradients which fail to detect the unique DA nodes. Gradient thresholding in LSTM layers lies 1 to 3 for detecting unique DELETE attack nodes. The proposed method reduces detection time, improves accuracy, and identifies the hidden node that performs a unique DA in WSN. The unique DELETE Attack identification and performance through the proposed GT-LSTM is analyzed in the NS2 simulation environment and the test bed of WSN. Forms the experimental and simulation results, GT-LSTM performs better than fuzzy, KNN, and linear regression-based intruder detection systems. The proposed algorithm achieves 99% accuracy in detecting the DELETE attack nodes in WSN.

show abstract

Section: Resultsmentioning

confidence: 99%

Detection of unique delete attack in wireless sensor network using gradient thresholding‐long short‐term memory algorithm

Selvi

Shen

2022

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…The authors in [12] proposed an intrusion detection model that integrates deep learning technique. NSL-KDD and CIS-IDS2017 datasets were used to train and test the model.…”

Section: Related Workmentioning

confidence: 99%

Visualizing Realistic Benchmarked IDS Dataset: CIRA-CIC-DoHBrw-2020

et al. 2022

View full text Add to dashboard Cite

Intrusion Detection System (IDS) dataset is crucial to detect lateral movement of cyber-attacks. IDS dataset will help to train the IDS classifier model to achieve earliest detection. A good near-realism public dataset is essential to assist the development of advanced IDS classifier models. However, the available public IDS dataset has long been under scrutiny for its practicality to reflect real low-footprint cyber threats, render real-time network scenario, reflect recent malware attack over newly developed DoH protocol, disregard layer 3 information and finally publish contradictory results of classification and analysis between various studies which makes it non-reproducible and without shareable results. This problem can be resolved by sophisticatedly visualizing a new realistic, real-time, low footprint and up-to-date benchmarked dataset. Visualization helps to detect data deformation before designing the optimized and highly accurate classifier model. Therefore, this study aims to review a new realistic benchmarked IDS dataset and apply sophisticated technique to visualize them. The review starts by carefully examining production network features. These are then compared with various well-established public IDS datasets. Many of them are static, unrealistic metafeatures and disregard source and destination Internet Protocol (IP) information except CIRA-CIC-DoHBrw-2020 dataset. The study then applies Eigen Centrality (EC) technique from the graph theory to visualize this layer 3 (L3) information. Finally, using various visualization techniques such as Principal Component Analysis (PCA) and Gaussian Mixture Model (GMM), the study further analyzes and subsequently visualizes the data. Results show that the CIRA-CIC-DoHBrw-2020 simulated recent malware attack and has a very imbalanced dataset which reflects the realistic low-footprint cyber-attacks. The centrality graph clearly visualizes IPs that are compromised by recent DoH attack in real-time, and the study concludes decisively that smaller packet length of size 1000 to 2000 bytes is to fit an attack trait.

show abstract

“…Combining these processes improves the classification performance of a single tree classifier [ 51 , 52 ]. The assignment of a new observation vector to a class is based on a majority vote of the different decisions provided by each tree constituting the forest.…”

Section: Supervised Machine-learning Approachesmentioning

confidence: 99%

EMD-Based Method for Supervised Classification of Parkinson’s Disease Patients Using Balance Control Data

et al. 2022

View full text Add to dashboard Cite

There has recently been increasing interest in postural stability aimed at gaining a better understanding of the human postural system. This system controls human balance in quiet standing and during locomotion. Parkinson’s disease (PD) is the most common degenerative movement disorder that affects human stability and causes falls and injuries. This paper proposes a novel methodology to differentiate between healthy individuals and those with PD through the empirical mode decomposition (EMD) method. EMD enables the breaking down of a complex signal into several elementary signals called intrinsic mode functions (IMFs). Three temporal parameters and three spectral parameters are extracted from each stabilometric signal as well as from its IMFs. Next, the best five features are selected using the feature selection method. The classification task is carried out using four known machine-learning methods, KNN, decision tree, Random Forest and SVM classifiers, over 10-fold cross validation. The used dataset consists of 28 healthy subjects (14 young adults and 14 old adults) and 32 PD patients (12 young adults and 20 old adults). The SVM method has a performance of 92% and the Dempster–Sahfer formalism method has an accuracy of 96.51%.

show abstract

A Hybrid Intrusion Detection System Based on Scalable K-Means+ Random Forest and Deep Learning

Cited by 109 publications

References 37 publications

Detection of unique delete attack in wireless sensor network using gradient thresholding‐long short‐term memory algorithm

Detection of unique delete attack in wireless sensor network using gradient thresholding‐long short‐term memory algorithm

Visualizing Realistic Benchmarked IDS Dataset: CIRA-CIC-DoHBrw-2020

EMD-Based Method for Supervised Classification of Parkinson’s Disease Patients Using Balance Control Data

Contact Info

Product

Resources

About