An intrusion detection system using network traffic profiling and online sequential extreme learning machine

Singh, Raman; Kumar, Harish; Singla, R. K.

doi:10.1016/j.eswa.2015.07.015

Cited by 232 publications

(91 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper [6], an author utilized The main learning algorithms, SVM, Bayes Naive, and J48, for feature categorization. In this paper [7], an author presented a technique based on the Online Sequential Extreme Learning Machine (OS-ELM). In this paper [8], an author presented a multilevel hybrid intrusion detection model using a combination of K-means, SVM, as well as ELM algorithms.…”

Section: Literature Reviewmentioning

confidence: 99%

Anomaly Web-based Intervention Disclosure Structure using a Steady Hybrid Feature Selection and AdaBoost Algorithms

Solanki¹

2018

IJRASET

View full text Add to dashboard Cite

All the features in a dataset are not crucial in consideration some are either redundant or irrelevant. An effective dimensionality reduction technique is feature selection. It is needed for clustering of web document. The primary relevance of a safe network is Intrusion detection system. The is false alarm report of intrusion to the network as well as intrusion detection accuracy that happens due to the huge size of network data are problems of these security systems. This paper comes up with a new reliable hybrid method for an anomaly network-based IDS using Hybrid Feature selection as well as AdaBoost algorithms. They are used to achieve a high detection rate (DR) with low false positive rate (FPR). Hybrid Feature selection algorithm is used for feature selection. AdaBoost are used not only to evaluate but also to categories the features. The simulation result on NSL-KDD dataset makes sure that this reliable hybrid method has a compelling divergence from other IDS. The accuracy as well as detection rate of this method has been improved in comparison with legendary methods. Keywords: Hybrid Feature Selection, AdaBoost , Anomaly IDS, Network IDS, Dataset. I. INTRODUCTIONThis with the fast growth of information technology as well as network, people can grab more data from the network. The data characteristics dimension is becoming more and more. The classification accuracy of the intrusion detection is improved by the comprehensive information of the data. The security of network activities highly considered in the computer networks due to increase in Internet attacks. all abnormal patterns as well as should be identified by an IDS. It uses monitoring, detecting as well as responding to unauthorized activities within the system. The data is categorized into two main classes such as network-based as well as host-based. All packets in the network are checked by network-based IDS. This detection system can monitor traffic only on a specific part of the network. Host-based IDS is set up on either a local machine or system to collect information about machine host activities. In misuse detection method, the detection system tries to identify the patterns similar to patterns which are present in the database. It also finds out the known intrusions. In such a scenario, new attacks cannot be detected in the network because of no patterns exist in a database [3]. As a result, this method has high-accuracy rate as well as low false alarm rate. The decisions are made based on network normal behavior or features in case of anomaly detection method. As shown in Fig. 1, this new approach made up of the different main component such as Different attacks selection and definition, Hybrid computer network topology design, Anomaly based IDS technique selection, appropriate algorithm selection and definition to improve anomaly network-based IDS behavior, Appropriate dataset selection.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Anomaly Web-based Intervention Disclosure Structure using a Steady Hybrid Feature Selection and AdaBoost Algorithms

Solanki¹

2018

IJRASET

View full text Add to dashboard Cite

show abstract

“…Sing et al [3] present an intrusion detection technique using network-traffic profiling and an extreme online sequential machine-learning algorithm. The proposed methodology uses one profiling procedure called alpha profiling that creates profiles on the basis of protocol and service features, and a second profiling process, beta profiling, where the alpha profiles are grouped to reduce the number of profiles.…”

Section: Related Workmentioning

confidence: 99%

“…Many authors have proposed using network profiles [3]- [5]. However, these works focus on the traffic at the border to build the profiles, losing visibility of internal attacks.…”

Section: Introductionmentioning

confidence: 99%

Towards a user network profiling for internal security using top-k rankings similarity measures

Parres-Peredo

Piza-Davila

Cervantes

2017

2017 40th International Conference on Telecommunications and Signal Processing (TSP)

View full text Add to dashboard Cite

Parres-Peredo, Álvaro I.; Piza-Dávila, Hugo I.; Cervantes, Francisco A.I. Parres-Peredo; H.I. Piza-Davila and F. Cervantes (2017). Towards a user network profiling for internal security using top-k rankings similarity measures. Abstract-A major goal of current computer network security systems is to protect the network from outside attackers; however, protecting the network from its own users is still an unattended problem. In campus area networks, the risk of having internal attacks is high because of their topologies and the amount of users. This work proposes a new approach to identify whether a network user is having or not a normal behavior, by analyzing host traffic using top-k ranking similarity measures. The result of this analysis could be an input of intrusion detection systems. The document presents an experiment where real-time traffic of different users in a campus area network is compared to a reference traffic that corresponds to one of them.

show abstract

“…In this paper, the performance of intrusion detection models is evaluated by five widely used measures: accuracy, precision, detection rate (DR), F1-score, and false alarm rate (FAR) [14,33,34]. The calculations of these evaluation measures are defined as follows: The accuracy and detection rates evaluate the capability of an intrusion detection model to correctly predict connections and detect abnormal events, respectively.…”

Section: Evaluation Criteriamentioning

confidence: 99%

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

Bai

et al. 2018

Journal of Sensors

View full text Add to dashboard Cite

In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT) algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO) algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods.

show abstract

An intrusion detection system using network traffic profiling and online sequential extreme learning machine

Cited by 232 publications

References 18 publications

Anomaly Web-based Intervention Disclosure Structure using a Steady Hybrid Feature Selection and AdaBoost Algorithms

Anomaly Web-based Intervention Disclosure Structure using a Steady Hybrid Feature Selection and AdaBoost Algorithms

Towards a user network profiling for internal security using top-k rankings similarity measures

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

Contact Info

Product

Resources

About