Experimental Review of Neural-Based Approaches for Network Intrusion Management

Mauro, Mario Di; Galatro, Giovanni; Liotta, Antonio

doi:10.1109/tnsm.2020.3024225

Cited by 67 publications

(32 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They chose a byte-based malware dataset to investigate the performance of the proposed local neighbourhood binary pattern-based detection method. With a different focus, Mauro et al (2020) gave an experimental overview of neural-based techniques relevant to intrusion detection. They assessed the value of neural networks using the Bot-IoT and UNSW-DB15 datasets.…”

Section: Literature Reviewsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

145

View full text Add to dashboard Cite

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

show abstract

Section: Literature Reviewsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

145

View full text Add to dashboard Cite

show abstract

“…Ref. [17], authors evaluated the KDD 99 dataset with a significant supervised feature selection approach in the network IDS, various experimental analysis approaches were used to measure complexity, correlation and performance. Ref.…”

Section: Related Workmentioning

confidence: 99%

Optimization of Intrusion Detection Systems Determined by Ameliorated HNADAM-SGD Algorithm

et al. 2022

View full text Add to dashboard Cite

Information security is of pivotal concern for consistently streaming information over the widespread internetwork. The bottleneck flow of incoming and outgoing data traffic introduces the issues of malicious activities taken place by intruders, hackers and attackers in the form of authenticity obstruction, gridlocking data traffic, vandalizing data and crashing the established network. The issue of emerging suspicious activities is managed by the domain of Intrusion Detection Systems (IDS). The IDS consistently monitors the network for the identification of suspicious activities, and generates alarm and indication in the presence of malicious threats and worms. The performance of IDS is improved by using different machine learning algorithms. In this paper, the Nesterov-Accelerated Adaptive Moment Estimation–Stochastic Gradient Descent (HNADAM-SDG) algorithm is proposed to determine the performance of Intrusion Detection Systems IDS. The algorithm is used to optimize IDS systems by hybridization and tuning of hyperparameters. The performance of algorithm is compared with other classification algorithms such as logistic regression, ridge classifier and ensemble algorithms where the experimental analysis and computations show the improved accuracy with 99.8%, sensitivity with 99.7%, and specificity with 99.5%.

show abstract

“…Most IDSs classify attacks by analyzing network traffic generated from specialized environments [ 50 , 51 , 52 , 53 , 54 , 55 ]. Nevertheless, in reality, network traffic may originate from a broad range of traffic and include excessive data.…”

Section: Related Workmentioning

confidence: 99%

Using Embedded Feature Selection and CNN for Classification on CCD-INID-V1—A New IoT Dataset

Liu

Thapa

Shaver

et al. 2021

Sensors

View full text Add to dashboard Cite

As Internet of Things (IoT) networks expand globally with an annual increase of active devices, providing better safeguards to threats is becoming more prominent. An intrusion detection system (IDS) is the most viable solution that mitigates the threats of cyberattacks. Given the many constraints of the ever-changing network environment of IoT devices, an effective yet lightweight IDS is required to detect cyber anomalies and categorize various cyberattacks. Additionally, most publicly available datasets used for research do not reflect the recent network behaviors, nor are they made from IoT networks. To address these issues, in this paper, we have the following contributions: (1) we create a dataset from IoT networks, namely, the Center for Cyber Defense (CCD) IoT Network Intrusion Dataset V1 (CCD-INID-V1); (2) we propose a hybrid lightweight form of IDS—an embedded model (EM) for feature selection and a convolutional neural network (CNN) for attack detection and classification. The proposed method has two models: (a) RCNN: Random Forest (RF) is combined with CNN and (b) XCNN: eXtreme Gradient Boosting (XGBoost) is combined with CNN. RF and XGBoost are the embedded models to reduce less impactful features. (3) We attempt anomaly (binary) classifications and attack-based (multiclass) classifications on CCD-INID-V1 and two other IoT datasets, the detection_of_IoT_botnet_attacks_N_BaIoT dataset (Balot) and the CIRA-CIC-DoHBrw-2020 dataset (DoH20), to explore the effectiveness of these learning-based security models. Using RCNN, we achieved an Area under the Receiver Characteristic Operator (ROC) Curve (AUC) score of 0.956 with a runtime of 32.28 s on CCD-INID-V1, 0.999 with a runtime of 71.46 s on Balot, and 0.986 with a runtime of 35.45 s on DoH20. Using XCNN, we achieved an AUC score of 0.998 with a runtime of 51.38 s for CCD-INID-V1, 0.999 with a runtime of 72.12 s for Balot, and 0.999 with a runtime of 72.91 s for DoH20. Compared to KNN, XCNN required 86.98% less computational time, and RCNN required 91.74% less computational time to achieve equal or better accurate anomaly detections. We find XCNN and RCNN are consistently efficient and handle scalability well; in particular, 1000 times faster than KNN when dealing with a relatively larger dataset-Balot. Finally, we highlight RCNN and XCNN’s ability to accurately detect anomalies with a significant reduction in computational time. This advantage grants flexibility for the IDS placement strategy. Our IDS can be placed at a central server as well as resource-constrained edge devices. Our lightweight IDS requires low train time and hence decreases reaction time to zero-day attacks.

show abstract

Experimental Review of Neural-Based Approaches for Network Intrusion Management

Cited by 67 publications

References 75 publications

Cyber risk and cybersecurity: a systematic review of data availability

Cyber risk and cybersecurity: a systematic review of data availability

Optimization of Intrusion Detection Systems Determined by Ameliorated HNADAM-SGD Algorithm

Using Embedded Feature Selection and CNN for Classification on CCD-INID-V1—A New IoT Dataset

Contact Info

Product

Resources

About