جستجوی مقالات مرتبط با کلیدواژه "intrusion detection system" در نشریات گروه "پدافند غیرعامل"

In today's digital era, security issues and cyber attacks have become a serious and attention-needed concern as they hamper secured and vital information relating to organizations or individuals. Accordingly, timely detection of these vulnerabilities made by intruders is essential, wherein the cornerstone of security ensures the user's data privacy as an intrusion detection system (IDS). On the other hand, with the rapid development of machine learning (ML) and deep learning (DL) methods in the data world, one of their significant applications is dedicated to IDS using state-of-the-art classification algorithms, which has been the subject of numerous research to enhance accuracy and reliability in recent years. As a consequence, this paper presents a hybrid model integrating feature selection, classification, and hyper-parameters optimization. First, the initial massive features are subjected separately to the modified mutual information (MMI), genetic algorithm (GA), and Anova F-value approaches, followed by extracting the common outputs as optimal and reduced final features. Subsequently, a compound CNN and LSTM classifier (CNN-LSTM) is employed, where its hyper-parameters will be determined through a random switch grey wolf-whale optimization algorithm (RS-GWO-WOA) instead of a time-consuming trial and error manual process. Ultimately, to analyze the suggested scheme, a comparison with other strategies in terms of accuracy, precision, recall, F1 score, and periods of time on the NSL-KDD dataset has been accomplished, confirming the superiority of the developed approach.

Intrusion detection is a classification problem in which various machine learning (ML) and data mining (DM) techniques are used to classify network data in normal traffic and attack. In addition, the types of network attacks have changed over the years. This paper tries to compare two models of intrusion detection systems, which include adaptive neuro-fuzzy inference systems (ANFIS) and support vector machines (SVM). In addition, it examines and evaluates several instances of data sets related to intrusion detection systems. In the following, a new hybrid method is proposed that uses Particle Swarm Optimization (PSO) to create a classifier combination to provide better accuracy for intrusion detection. Experimental results show that the new method can produce a better performance based on different evaluation criteria. This paper lists the different datasets for evaluating the IDS model and discusses the performance of the proposed hybrid method on the IDS datasets that can be used to efficiently and effectively use the datasets to develop IDS based on ML and DM.

The Intrusion detection system (IDS) manages a massive volume of data that comprises irrelevant and redundant features, leading to more significant resource consumption, long-time training and testing procedures, and lower detection rate. Hence, Feature selection is a crucial phase in intrusion detection. The aim of this paper is to introduce an intersection-based strategy that optimally selects the features for classification. This feature selection involves an intersection of simultaneous mutual information based on the transductive model (MIT-MIT), Anova F-value, and Genetic Algorithm (GA) methods. A benchmark dataset, named NSL-KDD, is applied to evaluate the effectiveness of the proposed approach. This study includes accuracy, precision, recall, and F1 score as evaluation metrics for IDS, which analyzes the proposed method with state-of-the-art classifiers. The evaluation results confirm that our feature selection algorithm provides more essential features for IDS to achieve high accuracy, overwhelming the other comparative algorithms.

Today, the number of cyberattacks on computer networks, especially local area networks and the Internet, has increased dramatically, and these attacks have become much more complex. Many intrusion detection systems (IDS) and signatures are being designed and developed to detect these types of attacks. In recent years, with the introduction of blockchain, which is a secure distributed database in decentralized networks, a dramatic change has occurred in computer networks. This technology can create consensus and trust between intrusion detection systems to increase the stability of the cooperating networks among IDS systems. Therefore, the combination of these two systems can have better performance than previous generations of IDS. Blockchain technology has many applications in the world of cryptography and network security due to features such as data integrity, availability, and decentralized management. Information security in this network is essential for the proper functioning of intrusion detection systems and firewalls. These features can be found in the Hyperledger Fabric network. Due to the use of asymmetric encryption and blockchain, this network transmits and records information securely and quickly in the network. In this project, using blockchain technology, we are trying to create a network of IDS nodes where each node can add its own rules to the blockchain database. In this way, the other nodes of the chain use the rules of other nodes to improve their intrusion detection system efficiency after consensus and synchronization. Also, due to the decentralized nature of the blockchain, a central identity control is not required to approve/disapprove the nodes and rules added to the database, and consensus mechanisms do this.

With the development of web application software, the challenge of conventional intrusion detection systems against web-based attacks is their lack of access to application layer and web platform features. The proliferation of PHP server-side languages has led to the creation of unreliable applications and security issues in the language’s software. Remote code execution attack is one of the most important web application due to allowing remote access to the processor device and executing the operating system shell commands. Modifying the architecture of network layer intrusion detection systems to application layer and applying layered detection approach using signature-based detections methods and behavior in PHP application software provides remote code execution attacks. In this research, using the layered approach of PHP web application intrusion detection system approach, with 90.4% and 95% accuracy in the signature and behavior based approach, remote code execution attacks are detected.

The volume of advanced cyber attacks is increasing today; hence the use of intrusion detection systems in networks is inevitable. One of the major problems by using these systems are considered as the high volume of low-level alarms produced. In the present paper, one of the data mining techniques called Attribute-Oriented Induction is utilized. The basis of this approach is to generalize low-level data to high-level concepts. By the development of this strategy in the field of cyber attacks, the volume of intrusion detection alarms has been decreased. This reduction not only disrupts the detection of attacks but by more focusing on the common features of the attacks, it will increase the accuracy of detection. Moreover, one of the basic foundations of this method is a generalized hierarchy designed for effective attack features. Another highlight of this investigation is to provide an intuitive approach to selecting features for generalization. The new CICIDS2017 data set was employed to evaluate the proposed method, which overcame the shortcomings of its previous data set. In conclusion, the results show a 99% decrease in alarms at the lowest generalization level and an average of 25% at the other generalization levels. In addition to the normal traffic, 14 different attack types were identified, with the Dos Hulk attack being the most frequent with 8.16% and the Heartbleed attack having the lowest frequency 0.0004%. Other capabilities were offered in the proposed method include the possibility of online analytical processing and multidimensional data mining in cyber attack space by moving at different levels of generalization..

With the growth of information technology, network security is one of the major issues and a great challenge. Intrusion detection systems, are the main component of a secure network that detect the attacks which are not detected by firewalls. These systems have a huge load of data to analyze. Investigations show that many features are unhelpful or ineffective, so removing some of these redundant features from the feature set is a solution to reduce the amount of data and thus increase the speed of the detection system.  To improve the performance of the intrusion detection system it is essential to understand the optimal property set for all kinds of attacks. This research, in addition to presenting a method for intrusion detection based on combining neural networks, also introduces a method for extracting optimal features of the KDD CUP 99 dataset which is a standard dataset for testing computer networks intrusion detection methods.

Feature selection is one of the key challenges in developing intrusion detection systems. Classification algorithms in intrusion detection systems may be inconvenient for problems having so many features, because the size of the search space grows exponentially in terms of the number of features. This is while most of the features may be either irrelevant or redundant. Therefore, considering only relevant features (i.e. feature selection) may have a significant impact on the performance of the classification algorithms. The Imperialist Competitive Algorithm (ICA) can be used as a feature selection method with a high convergence, but it sometimes gets trapped in a local optimum. On the contrary, the Genetic Algorithm (GA) is powerful enough in terms of search for solutions, but it suffers from late convergence. Therefore, using a combination of both algorithms for feature selection may result in a rapid convergence as well as in a high precision. In this paper, by applying the Assimilate operator of the ICA to the GA, we propose a new feature selection algorithm for intrusion detection systems. The proposed algorithm has been tested on the KDD99 dataset using the decision tree classification. The experimental results show that the proposed algorithm has improved the detection rate (95.03%), false alarm rate (1.46) and the speed of convergence (3.82 second).

Web services play an important role in the development of service-oriented architecture and distributed architectures. Web services allow the reuse of software code and thus reduce the cost of programming and communication, they have received much attention in recent years, due to the use of the Internet as a medium of data transmission and autonomy of hardware and software platforms. On the other hand, Web services have specific security challenges. This is especially important when the organizations are dependent on the service in the form of Web services. In this case, with the weakness of the current security systems to protect Web services, these organizations are defenseless against all types of known and unknown threats that threaten Web services.Nowadays, intrusion detection systems, are well-known to complete the levels defense in cyberspace. The main purpose of this article is to conduct research on intrusion detection techniques and architectures of Web services to support passive defense issues in organizations that make use of Web services.The comparison between the architectures of intrusion detection, to achieve a high level of understanding of intrusion detection techniques in the web services, will help to improve current intrusion detection systems in the level of Web service, or to make specific intrusion detection systems for these services along with other security tools.