An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine

Raman, Mrigank; Kirthivasan, Kannan; Liscano, Ramiro; Sriram, V. S. Shankar

doi:10.1016/j.knosys.2017.07.005

Cited by 201 publications

(46 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Challenge 1: Supervised vs unsupervised Learning: Recently, there have been studies where supervised machine learning is used for attack detection [7,14,[25][26][27]. Although these models possess a high detection rate and generate few false alarms for known attacks, they fail to detect the unknown or new attacks due to the lack of signatures.…”

Section: Challenges: Model Creationmentioning

confidence: 99%

Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems

Ahmed

Mathur

2020

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

View full text Add to dashboard Cite

Data-centric approaches are becoming increasingly common in the creation of defense mechanisms for critical infrastructure such as the electric power grid and water treatment plants. Such approaches often use well-known methods from machine learning and system identification, i.e., the Multi-Layer Perceptron, Convolutional Neural Network, and Deep Auto Encoders to create process anomaly detectors. Such detectors are then evaluated using data generated from an operational plant or a simulator; rarely is the assessment conducted in real time on a live plant. Regardless of the method to create an anomaly detector, and the data used for performance evaluation, there remain significant challenges that ought to be overcome before such detectors can be deployed with confidence in city-scale plants or large electric power grids. This position paper enumerates such challenges that the authors have faced when creating data-centric anomaly detectors and using them in a live plant. CCS CONCEPTS • Security and privacy → Intrusion/anomaly detection; • Computer systems organization → Sensors and actuators; Embedded systems; Dependable and fault-tolerant systems and networks.

show abstract

Section: Challenges: Model Creationmentioning

confidence: 99%

Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems

Ahmed

Mathur

2020

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

View full text Add to dashboard Cite

show abstract

“…Attack categories conclude Fuzzers, Analysis, Backdoor, DoS, Exploit, Generic, Reconnaissance, Shellcode, and Worm. 7, dbytes (8), rate(9), sttl (10), dttl (11), sload (12), dload (13), sloss (14), dloss (15) Content features swin (16), dwin (17), stcpb (18), dtcpb (19), smean (20), dmean (21), trans_depth (22), res_bdy_len(23) Time features sintpkt (24), dintpkt (25), sjit (26), djit (27), tcprtt (28), synack (29), ackdat (30) Addition features ct_srv_src (31), ct_state_ttl(32), ct_dst_ltm (33), ct_src_dport_ltm(34), ct_dst_sport_ltm (35), ct_dst_src_ltm (36), is_ftp_login (37), ct_ftp_cmd (38), ct_flw_http_mthd(39), ct_src_ltm(40),ct_srv_dst(41),is_sm_ips_ports(42)…”

Section: Network Traffic Datasetsmentioning

confidence: 99%

“…In addition to recall rate mentioned above, Acc(Accuracy), DR(Detection rate) and FAR(False alarm rate) are also adopted as evaluation indexes of anomaly detection methods [36].…”

Section: Experimental Evaluation Indexmentioning

confidence: 99%

A Novel Network Anomaly Detection Method based on Data Balancing and Recursive Feature Addition

2020

KSII TIIS

View full text Add to dashboard Cite

Network anomaly detection system plays an essential role in detecting network anomaly and ensuring network security. Anomaly detection system based machine learning has become an increasingly popular solution. However, due to the unbalance and high-dimension characteristics of network traffic, the existing methods unable to achieve the excellent performance of high accuracy and low false alarm rate. To address this problem, a new network anomaly detection method based on data balancing and recursive feature addition is proposed. Firstly, data balancing algorithm based on improved KNN outlier detection is designed to select part respective data on each category. Combination optimization about parameters of improved KNN outlier detection is implemented by genetic algorithm. Next, recursive feature addition algorithm based on correlation analysis is proposed to select effective features, in which a cross contingency test is utilized to analyze correlation and obtain a features subset with a strong correlation. Then, random forests model is as the classification model to detection anomaly. Finally, the proposed algorithm is evaluated on benchmark datasets KDD Cup 1999 and UNSW_NB15. The result illustrates the proposed strategies enhance accuracy and recall, and decrease the false alarm rate. Compared with other algorithms, this algorithm still achieves significant effects, especially recall in the small category.

show abstract

“…In Ref. [17], they presented an intrusion detection technology using the Hypergraph based Genetic algorithm for parameter setting and feature selection in SVM. It used the superior properties of hypergraphs to generate initial populations to ensure the search for optimal solutions, and provided a weighted objective function to maintain the Trade-offs among the maximum detection rate, the minimum false alarm rate, and the number of optimal features.…”

Section: Ids Of Combining Svm With Other Intelligentmentioning

confidence: 99%

Intrusion detection system based on improved abc algorithm with tabu search

Chen

Chang

et al. 2019

IEEJ Transactions Elec Engng

View full text Add to dashboard Cite

An intrusion detection system (IDS) plays an important role in cyber security to detect network attacks. To improve the effectiveness of IDS, a new intrusion detection approach based on the support vector machine and improved Artificial Bee Colony algorithm (ABC) with Tabu Search (TS) is proposed. In the new method, to solve the problem of redundant network data and insufficient model parameters, a synchronous optimization strategy for feature selection and parameter calculation is proposed. At the same time, the idea of TS is a substitute for the greedy selection property of ABC, and two different selection probability formulas are provided in the early and later evolution of the ABC algorithm. The experimental results show that the newly proposed method performs better than other existing methods, especially in terms of detection accuracy and false negative rate. Besides, the detection rate of Probe attack and DoS attack reached 99.987 and 99.687%, respectively.

show abstract

An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine

Cited by 201 publications

References 31 publications

Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems

Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems

A Novel Network Anomaly Detection Method based on Data Balancing and Recursive Feature Addition

Intrusion detection system based on improved abc algorithm with tabu search

Contact Info

Product

Resources

About