Real time multi stage unsupervised intelligent engine for NIDS to enhance detection rate of unknown attacks

Amoli, Payam Vahdani; Hämäläinen, Timo D.

doi:10.1109/icist.2013.6747642

Cited by 4 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In another study, Amoli and Hamalainen [15] proposed a real-time multi-stage intrusion detection system in order to enhance the detection rate of unknown attacks. The first stage detects potential attacks by monitoring a set of traffic features that include the size and number of bytes, packets, and network flows.…”

Section: Related Workmentioning

confidence: 99%

“…In order to increase the detection rate, the system monitors the rate of time difference between each packet (TDP) and network flows (TDF). Sub-space clustering is used to unsupervisedly cluster the previously flagged traffic, which allows the differentiation of normal traffic through the detection of the outliers with lower processing time and complexity in comparison with multidimensional clustering algorithms [15]. After obtaining several two-dimensional clusters, DBSCAN [16] is used for to create the proper clusters and to identify the outliers.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards an efficient anomaly‐based intrusion detection for software‐defined networks

Latah

Toker

2018

IET Networks

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which is responsible for managing the flows of each correspondence forwarding element (switch or router). Flow statistics provided by the controller are considered to be useful information that can be used to develop a network-based intrusion detection system. Therefore, in this paper, we propose a 5-level hybrid classification system based on flow statistics in order to attain an improvement in the overall accuracy of the system. For the first level, we employ the k-Nearest Neighbor approach (kNN); for the second level, we use the Extreme Learning Machine (ELM); and for the remaining levels, we utilize the Hierarchical Extreme Learning Machine (H-ELM) approach. In comparison with conventional supervised machine learning algorithms based on the NSL-KDD benchmark dataset, the experimental study showed that our system achieves the highest level of accuracy (84.29%). Therefore, our approach presents an efficient approach for intrusion detection in SDNs.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Towards an efficient anomaly‐based intrusion detection for software‐defined networks

Latah

Toker

2018

IET Networks

View full text Add to dashboard Cite

show abstract

“…Supervised learning technique needs to be trained firstly by pre-classified traffic sample to build the classification model and map the behavior of the network to find the difference between normal and abnormal state. The shortcomings of this technique is that the system is trained on the existing attacks, which may fail to detect a novel attacks, also in most circumstances, labeled data is not readily available since it is time consuming and expensive to manually classify it [5][6][7]. Many researches try to address these problems by using unsupervised learning techniques such as clustering; by using clustering techniques, they try to measure the deviation of the new instances from the different created clusters.…”

Section: Introductionmentioning

confidence: 99%

Network Intrusion Detection Using Semi-Supervised Learning Based on Normal Behaviour's Standard Deviation

Barhoom¹,

Matar²

2015

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

Misuse detection is the traditional technique used in Network Intrusion Detection Systems (NIDSs) which relies on matching the current behavior of network with pre-defined attacks' signatures. This technique is effective to detect the majority of known attacks, but fails to protect from unknown threats, such as zero-day exploits. In addition the increasing diversity and polymorphism of network attacks further obstruct modeling signatures, such that there is a high demand for alternative detection techniques. Many researchers are still trying to solve the problem by using new machine learning techniques such as supervised or unsupervised learning; however producing labeled dataset for supervised learning is difficult, also it is difficult to label the generated clusters to normal or abnormal in unsupervised learning. To overcome these issues we have proposed a novel technique by using semi-supervised learning technique which based on the standard deviation of the normal behavior by which we attempt to detect attacks by calculating their deviations from the normal cluster in observed data.

show abstract

An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks

Latah

Toker

2020

CCF Trans. Netw.

View full text Add to dashboard Cite

Real time multi stage unsupervised intelligent engine for NIDS to enhance detection rate of unknown attacks

Cited by 4 publications

References 17 publications

Towards an efficient anomaly‐based intrusion detection for software‐defined networks

Towards an efficient anomaly‐based intrusion detection for software‐defined networks

Network Intrusion Detection Using Semi-Supervised Learning Based on Normal Behaviour's Standard Deviation

An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks

Contact Info

Product

Resources

About