Fig 2 - uploaded by Md. Alamgir Hossain
Content may be subject to copyright.
Source publication
Intrusion detection is a critical aspect of network security to protect computer systems from unauthorized access and attacks. The capacity of traditional intrusion detection systems (IDS) to identify unknown sophisticated threats is constrained by their reliance on signature-based detection. Approaches based on machine learning have shown promisin...
Context in source publication
Context 1
... heatmap is given in Fig. 2 The values of the confusion matrix for the three classes in the test data are shown in Table 2. For each class, the values for true positive (TP), true negative (TN), false negative (FN), and false positive (FP), is presented. The model achieved a high number of true positives for classes 0 and 1, and a moderate number of true ...
Similar publications
The Underwater Acoustic Sensor Network (UASN) is a large network in which the vicinity of a transmitting node is made up of numerous operational sensor nodes. The communication process may be substantially disrupted due to the underwater acoustic channel's time-varying and space-varying features. As a result, the underwater acoustic communication s...
Heart rate variability (HRV) has received a lot of attention from scientists in recent years, especially as a method of assessing physical and mental health. Due to its potential influence on autonomic nervous system (ANS) health, HRV research has received considerable attention from both conventional medicine and complementary and alternative medi...
Electricity theft is a primary concern for utility providers, as it leads to substantial financial losses. To address the issue, a novel extreme gradient boosting (XGBoost)‐based model utilizing the consumers’ electricity consumption patterns for analysis is proposed for electricity theft detection (ETD). To remove the imbalance in the real‐world e...
Since the inception of the Internet, data flowing over the communication networks has been subject to cyber-attacks. Intruders are increasingly threatening individuals' privacy because of the widespread usage of the Internet of Things, Social networking, and other major data-generating sources. As a result, researchers are working to develop Intrus...
Time series abnormalities might be signs of upcoming problems; thus, new computational anomaly detection techniques are needed for early warning systems and real-time system condition monitoring. Security and intrusion detection systems (IDS) are critical components of Internet of Things (IoT) devices. Current approaches are inadequate for handling...
Citations
... The Random Forest (RF) algorithm is an ensemble learning method used in ML for classification and regression. To generate more precise and reliable predictions, RF constructs several decision trees during training and merges the predictions from these trees [25,42]. RF uses bootstrap sampling on the training set of data before constructing each tree [10]. ...
... It is particularly useful for classification [11]. AdaBoost has the advantage of being able to work well with complex data and handle binary and multi-class classification problems [25]. ...
... XGBoost achieves a 97.47% accuracy rate on multi-class data. The findings of this study are consistent with the research [4,25], which found that the ensemble learning approach effectively identifies IoT network attacks. Comparing its accuracy to research findings [28] using an ML algorithm, it was only 89%. ...
... In [1], Sun and others provide a comprehensive overview of the security and privacy issues in the Internet of Vehicles Diallo and Karahan, Intrusion detection system using Optimized Machine Learning Algorithms for cyberattacks in the Internet of Vehicles (IoV), AICCONF2024, İstanbul, Türkiye (IoV). They discus about the characteristics of IoV systems, types of attacks, existing countermeasures, and future research trends. ...
... The following step is to utilize, supervised learning to identify abnormal traffic. Meanwhile, in [31], a novel ensemble-based machine-learning technique for intrusion detection is introduced, aiming to address these challenges and enhance detection capabilities across diverse attack scenarios. The study in [32] demonstrates a novel system to detect intrusions in an IoT network in the context of smart agriculture with restricted computing resources in the IoT system. ...
... Network intrusion can be defned as any illegal action that compromises the confdentiality, integrity, or availability (CIA) of data inside a network [8][9][10]. Network intrusion may drastically hurt enterprises by causing monetary losses, reputational damage, legal liabilities, and the loss of sensitive information [11]. Intrusion detection involves the task of observing, analyzing, and identifying activities that compromise a network's security policy [12]. ...
The security of communication networks can be compromised through both known and novel attack methods. Protection against such attacks may be achieved through the use of an intrusion detection system (IDS), which can be designed by training machine learning models to detect cyberattacks. In this paper, the KOMIG (knapsack optimization and mutual information gain) IDS was developed to detect network intrusions. The KOMIG IDS combined the strengths of optimization and machine learning together to achieve a high intrusion detection performance. Specifically, KOMIG IDS comprises a 2-stage feature selection procedure; the first was accomplished with a knapsack optimization algorithm and the second with a mutual information gain filter. In particular, we developed an optimization model for the selection of the most important features from a network intrusion dataset. Then, a new set of features was synthesized from the selected features and combined with the selected features to form a candidate features set. Next, we applied an information gain filter to the candidate features set to prune out redundant features, leaving only the features that possess the maximum information gain, which were used to train machine learning models. The proposed KOMIG IDS was applied to the UNSW-NB15 dataset, which is a well-known network intrusion evaluation dataset, and the resulting data, after optimization operation, were used to train four machine learning models, namely, logistic regression (LR), random forest (RF), decision tree (DT), and K-nearest neighbors (KNN). Simulation experiments were conducted, and the results revealed that our proposed KNN-based KOMIG IDS outperformed comparative schemes by achieving an accuracy score of 97.14%, a recall score of 99.46%, a precision score of 95.53%, and an F1 score of 97.46%.
... Traditional security systems, often based on static rules and signatures, struggle to adapt to the fluidity of SDN environments. The sheer volume and diversity of network data further complicate the task [6]. Another drawback is the dynamic and complex nature of DDoS attacks. ...
The burgeoning adoption of Software Defined Networking (SDN) has revolutionized network management, yet it introduces unprecedented challenges, notably the susceptibility to Distributed Denial-of-Service (DDoS) attacks. Recognizing this imperative, our research delves into fortifying SDN security, proposing a novel approach that marries machine learning prowess with the intricacies of SDN architecture. This study endeavors to bolster DDoS detection within SDN environments, strategically leveraging an ensemble-based Random Forest (RF) algorithm and Recursive Feature Elimination. The overarching goal is to enhance the efficacy of SDN security measures, providing a dynamic defense against evolving DDoS threats. An implementation process unfolds through comprehensive data pre-processing, featuring the strategic selection of key features via Recursive Feature Elimination. Central to our approach is the application of an ensemble-based Random Forest algorithm, which has been rigorously trained using a dedicated dataset tailored for Software Defined Networking. A comprehensive assessment follows, where critical performance indicators such as Recall, Accuracy, Precision, F-1 Score, and Area Under the Curve (AUC) substantiate the reliability of our method. The outcome is a paradigm shift in DDoS detection within SDN. Our ensemble-based RF algorithm not only exhibits commendable accuracy but also outperforms traditional methods across key metrics. The strategic feature selection contributes not only to heightened efficiency but also bolsters the overall resilience of SDN networks against DDoS incursions. Beyond the confines of conventional methodologies, this model, attaining almost 100% accuracy, heralds a milestone in SDN security.
... It created datasets tailored for machine learning-driven cyber-attack detection, where Random Forest emerged as the most effective, achieving high accuracy and F1-scores. A robust IDS using the XGB Classifier and the UNSW-NB15 dataset Md et al (2023) incorporated ensemble frameworks and feature selection, surpassing 95% accuracy and outperforming alternatives with a hard voting scheme involving Random Forest. ...
Anomaly detection emerges as a crucial challenge in cybersecurity, particularly within the healthcare sector where the integration of open data is expanding rapidly. The recent surge in Internet of Things (IoT) device usage in healthcare has transformed patient care and monitoring. However, this growth also introduces significant security risks to patient data and the integrity of medical networks. Traditional intrusion detection systems are, in most cases, ineffective in IoT environments, which display dynamism and distribution characteristic. In response, this paper proposes a novel intrusion detection system using an innovative Federated Learning approach with the FedAvg Transformer model, aimed at healthcare IoT devices and networks. This system leverages the collective intelligence of edge devices while ensuring data privacy, thereby bolstering the security of health- care infrastructures. The design, implementation, and efficacy of this system in mitigating a broad spectrum of security threats are also detailed.
... When the IDS discovers this attack or activity, the IDS will send reports and notifications to the network administrator. [1] The increase in online threats and attacks shows that developing an Intrusion Detection System is imperative to protect networks and computer systems [2]. IDS is an effective tool for monitoring networks, especially to detect malicious attacks [3]. ...
An intrusion detection system (IDS) is a security technology designed to identify and monitor suspicious activity in a computer network or system and detect potential attacks or security breaches. The importance of accuracy in IDS must be addressed, given that the response to any alert or activity generated by the system must be precise and measurable. However, achieving high accuracy in IDS requires a process that takes work. The complex network environment and the diversity of attacks led to significant challenges in developing IDS. The application of algorithms and optimization techniques needs to be considered to improve the accuracy of IDS. Support vector machine (SVM) is one data mining method with a high accuracy level in classifying network data packet patterns. A feature selection stage is needed for an optimal classification process, which can also be applied to SVM. Feature selection is an essential step in the data preprocessing phase; optimization of data input can improve the performance of the SVM algorithm, so this study compares the performance between feature selection algorithms, namely Information Gain Ratio and Chi-Square, and then classifies IDS data using the SVM algorithm. This outcome implies the importance of selecting the right features to develop an effective IDS.
... As a result, the confidentiality and integrity of our sensitive data has become vulnerable to series forms of intrusions, leaks and potential threat of unauthorized access by malicious individuals [2]. Moreover, the advancement in today's technologies and the hackers' determination to continuously enhance these penetrations and cyber-attacks have given rise to novel and unexpected intrusions which are increasingly sophisticated [3,4]. Therefore, enhancing network security and defending it from such complex intrusions and hacking attempts has been a growing trend among network researchers in recent years [5][6][7], making intrusion detection an important research field that requires in-depth investigation. ...
Network security has become imperative in the context of our interconnected networks and everyday communications. Recently, many deep learning models have been proposed to tackle the problem of predicting intrusions and malicious activities in interconnected systems. However, they solely focus on binary classification and lack reporting on individual class performance in case of multi-class classification. Therefore, the need for an efficient and accurate network intrusion detection system has reached a pivotal point. In this paper, we propose a novel intelligent detection system based on convolutional neural network, namely DCNN. The proposed model can be utilized to analyze and detect attacks and intrusions in intelligent network systems. The DCNN model is applied against two benchmark datasets and compared with state-of-the-art models. Experimental results show that the proposed model improved resilience to intrusions and malicious activities for binary as well as multi-class classification. Furthermore, our DCNN model outperforms similar intrusion detection systems in terms of positive predicted value, true positive rate, F1 measure, and accuracy. The scores obtained for binary and multi-class classifications on the CICIoT2023 dataset are 99.50% and 99.25%, respectively. Additionally, for the CICIDS-2017 dataset, DCNN attains a score of 99.96% for both binary and multi-class classifications.
... Additionally, accuracy and TPR should be improved in comparison to the current methods, while FPR should be minimized. Therefore, the creation of a DDoS attack detection model that is reliable against each attack is required [36]. ...
Distributed denial-of-service (DDoS) attacks pose a significant threat to computer networks and systems by disrupting services through the saturation of targeted systems with traffic from multiple sources. Real-time detection of these attacks has become a critical cybersecurity task. However, current DDoS attack detection methods suffer from high false positive rates and limited ability to capture the complex patterns of attack traffic. This research proposes an enhanced approach for detecting DDoS attacks using a hybrid feature selection technique in combination with an ensemble-based classifiers. The ensemble-based approach aggregates many decision trees to increase classification accuracy and reduce overfitting and model robustness. The feature selection technique uses correlation analysis, mutual information, and principal component analysis to identify the most useful characteristics for attack detection. The ensemble-based Random Forest classifier from the various ensemble-based approaches with the specified relevant features produces the best detection rates. Many datasets related to identifying DDoS attacks are used to evaluate the proposed model, and experimental findings demonstrate that it surpasses existing techniques in terms of accuracy, recall, precision, f1-score, and false positive rate, with other evaluation metrics. The proposed approach achieves almost 100 % accuracy, 100 % true positive rate, and 0 % error rate making it a promising solution for DDoS attack detection.
... The ADB Ensemble method stands out as a robust approach for enhancing the classification of memory dumps into benign or various malware categories. ADB, short for Adaptive Boosting, excels in refining the classification process by iteratively focusing on difficult-toclassify instances (Hossain and Islam 2023a). It combines multiple weak learners, typically simple decision trees, to form a strong classifier. ...
In the realm of cybersecurity, the detection and analysis of obfuscated malware remain a critical challenge, especially in the context of memory dumps. This research paper presents a novel machine learning-based framework designed to enhance the detection and analytical capabilities against such elusive threats for binary and multi type’s malware. Our approach leverages a comprehensive dataset comprising benign and malicious memory dumps, encompassing a wide array of obfuscated malware types including Spyware, Ransomware, and Trojan Horses with their sub-categories. We begin by employing rigorous data preprocessing methods, including the normalization of memory dumps and encoding of categorical data. To tackle the issue of class imbalance, a Synthetic Minority Over-sampling Technique is utilized, ensuring a balanced representation of various malware types. Feature selection is meticulously conducted through Chi-Square tests, mutual information, and correlation analyses, refining the model’s focus on the most indicative attributes of obfuscated malware. The heart of our framework lies in the deployment of an Ensemble-based Classifier, chosen for its robustness and effectiveness in handling complex data structures. The model’s performance is rigorously evaluated using a suite of metrics, including accuracy, precision, recall, F1-score, and the area under the ROC curve (AUC) with other evaluation metrics to assess the model’s efficiency. The proposed model demonstrates a detection accuracy exceeding 99% across all cases, surpassing the performance of all existing models in the realm of malware detection.
