Decision Tree with Sensitive Pruning in Network-based Intrusion Detection System

Chew, Yee Jian; Ooi, Shih Yin; Wong, Kok‐Seng; Pang, Ying Han

doi:10.1007/978-981-15-0058-9_1

Cited by 19 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Decision Tree [101], [102], [103], [132], [133] Advantages: Few resources in both training and prediction. Widely used in existing IDS.…”

Section: Discussionmentioning

confidence: 99%

Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing and Machine Learning

Spadaccino¹,

Cuomo²

2020

Preprint

View full text Add to dashboard Cite

Key components of current cybersecurity methods are the Intrusion Detection Systems (IDSs) were different techniques and architectures are applied to detect intrusions. IDSs can be based either on cross-checking monitored events with a database of known intrusion experiences, known as signature-based, or on learning the normal behavior of the system and reporting whether some anomalous events occur, named anomaly-based. This work is dedicated to the application to the Internet of Things (IoT) network where edge computing is used to support the IDS implementation. New challenges that arise when deploying an IDS in an edge scenario are identified and remedies are proposed. We focus on anomaly-based IDSs, showing the main techniques that can be leveraged to detect anomalies and we present machine learning techniques and their application in the context of an IDS, describing the expected advantages and disadvantages that a specific technique could cause.

show abstract

“…Decision Tree [101], [102], [103], [132], [133] Advantages: Few resources in both training and prediction. Widely used in existing IDS.…”

Section: Discussionmentioning

confidence: 99%

Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing and Machine Learning

Spadaccino¹,

Cuomo²

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…The proposed method was able to completely detect four types of attacks and enabled the detection of twenty-two other kinds of attacks. Another study [ 22 ] combined a DT with sensitive pruning to tackle the privacy issue by modifying the C4.8 decision tree on the 6% GureKDDCup NIDS dataset.…”

Section: Related Workmentioning

confidence: 99%

Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method

Kim

Kang

et al. 2022

Sensors

View full text Add to dashboard Cite

In recent years, many methods for intrusion detection systems (IDS) have been designed and developed in the research community, which have achieved a perfect detection rate using IDS datasets. Deep neural networks (DNNs) are representative examples applied widely in IDS. However, DNN models are becoming increasingly complex in model architectures with high resource computing in hardware requirements. In addition, it is difficult for humans to obtain explanations behind the decisions made by these DNN models using large IoT-based IDS datasets. Many proposed IDS methods have not been applied in practical deployments, because of the lack of explanation given to cybersecurity experts, to support them in terms of optimizing their decisions according to the judgments of the IDS models. This paper aims to enhance the attack detection performance of IDS with big IoT-based IDS datasets as well as provide explanations of machine learning (ML) model predictions. The proposed ML-based IDS method is based on the ensemble trees approach, including decision tree (DT) and random forest (RF) classifiers which do not require high computing resources for training models. In addition, two big datasets are used for the experimental evaluation of the proposed method, NF-BoT-IoT-v2, and NF-ToN-IoT-v2 (new versions of the original BoT-IoT and ToN-IoT datasets), through the feature set of the net flow meter. In addition, the IoTDS20 dataset is used for experiments. Furthermore, the SHapley additive exPlanations (SHAP) is applied to the eXplainable AI (XAI) methodology to explain and interpret the classification decisions of DT and RF models; this is not only effective in interpreting the final decision of the ensemble tree approach but also supports cybersecurity experts in quickly optimizing and evaluating the correctness of their judgments based on the explanations of the results.

show abstract

“…A high-level view of the deployment of IDS in SDN architecture. [75]. Researchers have explored a great deal in the possibility of robust NBM-based IDS development using ML, and DL approaches in the last decade [63], [76]- [81].…”

Section: Ids Taxonomymentioning

confidence: 99%

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

Decision Tree with Sensitive Pruning in Network-based Intrusion Detection System

Cited by 19 publications

References 12 publications

Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing and Machine Learning

Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing and Machine Learning

Classification and Explanation for Intrusion Detection System Based on Ensemble Trees and SHAP Method

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Contact Info

Product

Resources

About