General study of intrusion detection system and survey of agent based intrusion detection system

Saxena, Aumreesh Kumar; Sinha, Sitesh Kumar; Shukla, Piyush Kumar

doi:10.1109/ccaa.2017.8229866

Cited by 29 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, some of its disadvantages are; firstly, they are expensive as it requires lots of management efforts to mount, configure and manage. It is also vulnerable to specific DoS attacks and uses many storage resources to retain audit records to function correctly ( Liu et al., 2019 ; Saxena, Sinha & Shukla, 2017 ). The authors of Arrington et al (2016) use the innovative strength of machine learning such as artificial immune systems to present an interesting host-based IDS.…”

Section: Essential Conceptsmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

Section: Essential Conceptsmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Some researchers focus on HIDS and some on NIDS. According to [11], HIDS is much related to antivirus program. currently researchers and scientist are focusing on NIDS, because it is more proactive than HIDS.. By having Intrusion Detection, it does not allow the system to compromise with the anomalies and attacks on a network.…”

Section: Types Of Idsmentioning

confidence: 99%

Machine Learning Empowered Efficient Intrusion Detection Framework

Shafique,

Shah,

Qureshi

et al. 2022

VFAST trans. softw. eng.

View full text Add to dashboard Cite

In modern era security is becoming major and basic need of any system. Protecting of a system from unauthorized access is very important for a network system. Network security is turning out to be an influential subject in information technology territory. Hackers and squatters commit uncountable successful attempts to intrude into networks. Intrusion Detection System plays a vital role in a network security to identify and detect the anomalies in a security system of network. The performance of IDS can be measured through its intelligence, efficiency and accurate detection of unknown and known attacks. The greater the gain concept give the best possible detection rate of anomalies. This study proposed a machine learning framework based on MLP classifier with accuracy 99.98%. This work is further validated through 10-fold and JackKnife cross validation. Key metrics to see the impact on accuracy and other performance measured metrics such as Sensitivity, Specificity and Matthew’s Correlation Coefficient. All the metrics gained their highest ratio, which means MLP is the best classification technique. The accuracy, sensitivity, specificity and MCC rate of the suggested model computed 99.99% from whole dataset of UNSW-NB15. These results show the improvement in accuracy while applying different perceptron topologies. K-fold and JackKnife topologies are capable to earn the 99.99% accuracy

show abstract

“…The authors experimented with various deep learning frameworks (fast.ai, 3 Keras, 4 PyTorch, 5 TensorFlow, 6 Theano 7 ) to detect network intrusion traffic and classify attack types. For preprocessing, samples with "Infinity", "NaN", or missing values were dropped and timestamps converted to Unix epoch numeric values (number of seconds since January 1, 1970).…”

Section: Basnet Et Al [15] (Towards Detecting and Classifying Networmentioning

confidence: 99%

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

2020

View full text Add to dashboard Cite

The exponential growth in computer networks and network applications worldwide has been matched by a surge in cyberattacks. For this reason, datasets such as CSE-CIC-IDS2018 were created to train predictive models on network-based intrusion detection. These datasets are not meant to serve as repositories for signature-based detection systems, but rather to promote research on anomaly-based detection through various machine learning approaches. CSE-CIC-IDS2018 contains about 16,000,000 instances collected over the course of ten days. It is the most recent intrusion detection dataset that is big data, publicly available, and covers a wide range of attack types. This multi-class dataset has a class imbalance, with roughly 17% of the instances comprising attack (anomalous) traffic. Our survey work contributes several key findings. We determined that the best performance scores for each study, where available, were unexpectedly high overall, which may be due to overfitting. We also found that most of the works did not address class imbalance, the effects of which can bias results in a big data study. Lastly, we discovered that information on the data cleaning of CSE-CIC-IDS2018 was inadequate across the board, a finding that may indicate problems with reproducibility of experiments. In our survey, major research gaps have also been identified.

show abstract

General study of intrusion detection system and survey of agent based intrusion detection system

Cited by 29 publications

References 8 publications

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Machine Learning Empowered Efficient Intrusion Detection Framework

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

Contact Info

Product

Resources

About