A Survey on the Use of Data Clustering for Intrusion Detection System in Cybersecurity

Bohara, Binita; Bhuyan, Jay; Wu, Fan; Ding, Junhua

doi:10.5121/ijnsa.2020.12101

Cited by 18 publications

(9 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IP addresses have been pseudonymized, and their payloads and non-attack traffic have been removed from the dataset for security reasons, limiting its usability. This dataset found its application in detecting low rate stealthy as well as highrate flooding DDoS attacks (Behal & Kumar, 2016). This type of DoS attack attempts to prevent access to the targeted server by consuming Protič.…”

Section: Caida Ddosmentioning

confidence: 99%

“…(Omar et al, 2013;Jie et al 2018). A number of authors examine, describe and compare various datasets such as ADFA-LF, ADFA-WD, AWID, CAIDA, CIC-IDS-2017, CSE-CIC-2018, DARPA 98, SCX 2012, KDD Cup '99, Kyoto 2006+, NSL-KDD and UNSW-NB15 data sets, which differ in the number of features, type of attacks and purpose (Protić, 2018;Bohara et al, 2020;Borisniya & Patel, 2015; Thakkar &…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity attacks: Which dataset should be used to evaluate an intrusion detection system?

Protić,

Stanković

2023

Vojnotehnički glasnik

View full text Add to dashboard Cite

Introduction: Analyzing the high-dimensional datasets used for intrusion detection becomes a challenge for researchers. This paper presents the most often used data sets. ADFA contains two data sets containing records from Linux/Unix. AWID is based on actual traces of normal and intrusion activity of an IEEE 802.11 Wi-Fi network. CAIDA collects data types in geographically and topologically diverse regions. In CIC-IDS2017, HTTP, HTTPS, FTP, SSH, and email protocols are examined. CSECIC-2018 includes abstract distribution models for applications, protocols, or lower-level network entities. DARPA contains data of network traffic. ISCX 2012 dataset has profiles on various multi-stage attacks and actual network traffic with background noise. KDD Cup '99 is a collection of data transfer from a virtual environment. Kyoto 2006+ contains records of real network traffic. It is used only for anomaly detection. NSL-KDD corrects flaws in the KDD Cup '99 caused by redundant and duplicate records. UNSW-NB-15 is derived from real normal data and the synthesized contemporary attack activities of the network traffic. Methods: This study uses both quantitative and qualitative techniques. The scientific references and publicly accessible information about given dataset are used. Results: Datasets are often simulated to meet objectives required by a particular organization. The number of real datasets are very small compared to simulated dataset. Anomaly detection is rarely used today. Conclusion: 95 The main characteristics and a comparative analysis of the data sets in terms of the date they were created, the size, the number of features, the traffic types, and the purpose are presented.

show abstract

Section: Caida Ddosmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cybersecurity attacks: Which dataset should be used to evaluate an intrusion detection system?

Protić,

Stanković

2023

Vojnotehnički glasnik

View full text Add to dashboard Cite

show abstract

“…In the last few decades, researchers have investigated the intrusion detection systems for various purposes and on the different datasets. In [11] and [12] the authors compare the DARPA98, KDD CUP '99, NSL-KDD, Kyoto 2006+ and CAIDA datasets. In addition, the authors in [13] have compared a signature-based and anomaly-based classification and examined the ISCX2012, CIC-IDS-2017 and CSE-CIC-2018 datasets in the context of the feature selection and the attack types.…”

Section: Literature Reviewmentioning

confidence: 99%

Wk-fnn design for detection of anomalies in the computer network traffic

Protic

Stanković

Antic

2022

Facta Univ Electron Energ

View full text Add to dashboard Cite

Anomaly-based intrusion detection systems identify abnormal computer network traffic based on deviations from the derived statistical model that describes the normal network behavior. The basic problem with anomaly detection is deciding what is considered normal. Supervised machine learning can be viewed as binary classification, since models are trained and tested on a data set containing a binary label to detect anomalies. Weighted k-Nearest Neighbor and Feedforward Neural Network are high-precision classifiers for decision-making. However, their decisions sometimes differ. In this paper, we present a WK-FNN hybrid model for the detection of the opposite decisions. It is shown that results can be improved with the xor bitwise operation. The sum of the binary ?ones? is used to decide whether additional alerts are activated or not.

show abstract

“…Motive of research is focused towards predicting anomaly detection in a network environment based on numerical and categorical data to predict and improve accuracy for prediction of attacks using novel predefined signature patterns. Efficiency and importance of predicting attacks are framed to be compromised when an intrusion occurs in any protected network [1]. It is found to be important in today's world since intrusion plays a sequential role in trusted networks with a supervised intrusion detection method.…”

Section: Introductionmentioning

confidence: 99%

Host Intrusion Detection System Using Novel Predefined Signature Patterns by Comparing Random Forest over Decision Tree Algorithm

Chowdary

Vinod

2022

Advances in Parallel Computing Algorithms, Tools and Paradigms

View full text Add to dashboard Cite

The objective of the work is to identify anomaly intrusion detection in a user network environment using information accessing and retrieval from homogeneous network databases. Here machine learning algorithms namely Random Forest and Decision Tree are been used to categorize passive and active attack. To accomplish focused accuracy, sample size of n=10 in Random Forest and n=10 in Decision Tree was repeated for 20 intervals for well-organized and precise investigation on categorized images with G power in 80% and threshold 0.05%, CI 95% mean and standard deviation. The existing works proves the sequential implemented in focus to intrusion detection, while comparing Random Forest and Decision Tree has classified and predicted the values from the network intrusion to generate accuracy with Random Forest has higher accuracy (76.37%) compared to Decision Tree accuracy (71.57%) with a significance of P<0.001 (2-tailed). Prediction in identifying anomaly intrusion detection systems shows that Random Forest has higher accuracy over Decision Tree.

show abstract

A Survey on the Use of Data Clustering for Intrusion Detection System in Cybersecurity

Cited by 18 publications

References 7 publications

Cybersecurity attacks: Which dataset should be used to evaluate an intrusion detection system?

Cybersecurity attacks: Which dataset should be used to evaluate an intrusion detection system?

Wk-fnn design for detection of anomalies in the computer network traffic

Host Intrusion Detection System Using Novel Predefined Signature Patterns by Comparing Random Forest over Decision Tree Algorithm

Contact Info

Product

Resources

About