Intrusion Detection Systems: A State-of-the-Art Taxonomy and Survey

Alkasassbeh, Mouhammd; Baddar, Sherenaz W. Al-Haj

doi:10.1007/s13369-022-07412-1

Cited by 19 publications

(12 citation statements)

References 166 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IDS are security tools that, like other measures such as firewalls, antivirus software, and access control schemes, are intended to strengthen the security of information and communication systems [32]. An IDS can be classified in two ways: based on data source/location and detection approach [33]. Based on the data source, Network Intrusion Detection Systems (NIDS) and Host Intrusion Detection Systems (HIDS) are the most well-known classifications.…”

Section: Intrusion Detection System (Ids)mentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar,

Chen,

Shuaib

et al. 2024

Preprint

View full text Add to dashboard Cite

The rapid rise of cyberattacks and the gradual failure of traditional defense systems and approaches led to using Machine Learning (ML) techniques to build more efficient and reliable Intrusion Detection Systems (IDSs). However, the advent of larger IDS datasets has negatively impacted the performance and computational complexity of ML-based IDSs. Many researchers used data preprocessing techniques such as feature selection and normalization to overcome such issues. While most of these researchers reported the success of these preprocessing techniques on a shallow level, very few studies have been performed on their effects on a wider scale. Furthermore, the performance of an IDS model is subject to not only the utilized preprocessing techniques but also the dataset and the ML algorithm used, which most of the existing studies give little emphasis on. Thus, this study provides an in-depth analysis of feature selection and normalization effects on various IDS models built using two IDS datasets namely, NSL-KDD and UNSW-NB15, and five different ML algorithms. The algorithms are support vector machine, k-nearest neighbor, random forest, naive bayes, and artificial neural network. For feature selection and normalization, the decision tree wrapper-based approach, which tends to give superior model performance, and min-max normalization methods were respectively used. A total of 30 unique IDS models were implemented using the full and feature-selected copy of the datasets. The models were evaluated using popular evaluation metrics in IDS modeling, intra- and inter-model comparisons were performed between models and with state-of-the-art works. Random forest achieved the best performance on both NSL-KDD and UNSW-NB15 datasets with prediction accuracies of 99.87% and 98.5%, as well as detection rates of 99.79% and 99.17% respectively, it also achieved an excellent performance in comparison with the recent works. The results show that both normalization and feature selection positively affect IDS modeling with normalization shown to be more important than feature selection in improving performance and computational time. The study also found that the UNSW-NB15 dataset is more complex and more suitable for building and evaluating modern-day IDS than NSL-KDD.

show abstract

Section: Intrusion Detection System (Ids)mentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar,

Chen,

Shuaib

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Accuracy is defined by (3), which reflects the percentage of correctly predicted samples among the total number of predicted samples:…”

Section: A Evaluation Indicatorsmentioning

confidence: 99%

“…Traditional cybersecurity methods (e.g., firewalls, user authentication, and data encryption) cannot handle the complex attacks that take place online. Intrusion detection systems (IDSs) are designed to detect a variety of anomalous patterns that serve as the attack signatures of new and known attacks [3], using advanced database systems with machine learning [4]. When an IDS reports potential malicious activities in an information system [5], it kicks off various analytical and alerting processes to confirm the nature of the attack and launch protection measures.…”

Section: Introductionmentioning

confidence: 99%

“…(2) We provide legitimate and reproducible results by applying our combined model to state-of-the-art NSL-KDD [7] and CICIDS2017 [8] benchmark intrusion detection datasets as our research objects. (3) To improve data-level class balancing, we provide an ingenious combination of random undersampling (RUS) and synthetic minority oversampling to adjust the data distribution structure and improve minority class detection. (4) To improve algorithm-level class balancing, we apply a hybrid convolutional neural network (CNN) and a Transformer model to adopt new detection performance efficiencies over contemporary models.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

Chen,

You,

Shiue

2024

IJACSA

View full text Add to dashboard Cite

The growth of the internet has advanced information-sharing capabilities and vastly increased the importance of global network security. However, because new and inconspicuous abnormal behaviors are nearly impossible to detect in massive network access environments, modern intrusion detection systems have identified a high rate of false-positive (FP) and false-negative (FN) attacks. To overcome this, this paper proposes a hybrid deep learning model that significantly mitigates the disadvantages of consistently imbalanced sample attack data. First, it resolves imbalanced data using random undersampling and synthetic minority oversampling techniques. Then, convolutional neural networks (CNNs) extract local and spatial features, and a transformer encoder extracts global and temporal features. The novelty of this combination increases recognition accuracy at the algorithm level, which is crucial to reducing FPs and FNs. The model was subjected to multiclassification testing on the NSL-KDD and CICIDS2017 benchmark datasets, and the results show that our model has higher classification accuracy and lower FP rates than state-ofthe-art intrusion detection models. Moreover, it significantly improves the detection rate of low-frequency attacks.

show abstract

“…An IDS is a security tool made to find and respond to harmful or unauthorized activity on a system or network. Its main goal is to quickly detect potential security breaches or intrusions so that appropriate countermeasures can be taken to preserve the integrity of the system and limit future harm (Alkasassbeh & Al-Haj Baddar, 2023). It is impossible to overestimate the importance of IDS in the context of CAVs.…”

Section: Introductionmentioning

confidence: 99%

A Machine Learning Model to Predict Cyberattacks in Connected and Autonomous Vehicles

Jha,

Jaiswal

2024

JCCE

View full text Add to dashboard Cite

Connected and autonomous vehicles (CAVs) are largely at the experimental stage. Their successful deployment and field implementation require a careful consideration of their vulnerabilities to cyberattacks. The primary security vulnerability is in the controller area network (CAN) protocol, which permits communication among electronic control units in CAVs. To address this vulnerability and mitigate cyberattacks, machine learning (ML) algorithms can be developed for intrusion detection in CAV's CAN protocol. In this research, the data structure of certain experimental datasets on message injection attack from the Hacking and Countermeasure Research Lab is examined. A random forest classifier-based ML model is developed owing to its efficiency in predicting cyberattacks on CAVs consisting of over 3 million datasets. A number of procedures within the Python programming environment are employed to clean the dataset before performing the prediction. The prediction for intrusion detection is performed with a 70:30 split of the training: testing data with a random state of 11 and number of estimators as 200. The accuracy is found to be over 92% for all three scenarios in performing the prediction. The model can be deployed in real-time investigation of cyberattacks in CAVs if real-time data were available. The data cleaning method developed in this study can be applied in other ML applications consisting of large datasets, such as credit card fraud and drug discovery, to name a few.

show abstract

Intrusion Detection Systems: A State-of-the-Art Taxonomy and Survey

Cited by 19 publications

References 166 publications

Effects of Feature Selection and Normalization on Network Intrusion Detection

Effects of Feature Selection and Normalization on Network Intrusion Detection

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

A Machine Learning Model to Predict Cyberattacks in Connected and Autonomous Vehicles

Contact Info

Product

Resources

About