Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusio...Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusion of a recursive feature elimination(RFE)algorithm and a bidirectional gated recurrent unit(BGRU).Particularly,the RFE algorithm is employed to select features from high-dimensional data to reduce weak correlations between features and remove redundant features in the numerical feature space.Then,a neural network that combines the BGRU and multilayer perceptron(MLP)is adopted to extract deep intrusion behavior features.Finally,a support vector machine(SVM)classifier is used to classify intrusion behaviors.The proposed model is verified by experiments on the NSL-KDD dataset.The results indicate that the proposed model achieves a 90.25%accuracy and a 97.51%detection rate in binary classification and outperforms other machine learning and deep learning models in intrusion classification.The proposed method can provide new insight into network intrusion detection.展开更多
The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during the...The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.展开更多
To solve the problem of poor detection and limited application range of current intrusion detection methods,this paper attempts to use deep learning neural network technology to study a new type of intrusion detection...To solve the problem of poor detection and limited application range of current intrusion detection methods,this paper attempts to use deep learning neural network technology to study a new type of intrusion detection method.Hence,we proposed an intrusion detection algorithm based on convolutional neural network(CNN)and AdaBoost algorithm.This algorithm uses CNN to extract the characteristics of network traffic data,which is particularly suitable for the analysis of continuous and classified attack data.The AdaBoost algorithm is used to classify network attack data that improved the detection effect of unbalanced data classification.We adopt the UNSW-NB15 dataset to test of this algorithm in the PyCharm environment.The results show that the detection rate of algorithm is99.27%and the false positive rate is lower than 0.98%.Comparative analysis shows that this algorithm has advantages over existing methods in terms of detection rate and false positive rate for small proportion of attack data.展开更多
With the rapid development of the Internet,network security and data privacy are increasingly valued.Although classical Network Intrusion Detection System(NIDS)based on Deep Learning(DL)models can provide good detecti...With the rapid development of the Internet,network security and data privacy are increasingly valued.Although classical Network Intrusion Detection System(NIDS)based on Deep Learning(DL)models can provide good detection accuracy,but collecting samples for centralized training brings the huge risk of data privacy leakage.Furthermore,the training of supervised deep learning models requires a large number of labeled samples,which is usually cumbersome.The“black-box”problem also makes the DL models of NIDS untrustworthy.In this paper,we propose a trusted Federated Learning(FL)Traffic IDS method called FL-TIDS to address the above-mentioned problems.In FL-TIDS,we design an unsupervised intrusion detection model based on autoencoders that alleviates the reliance on marked samples.At the same time,we use FL for model training to protect data privacy.In addition,we design an improved SHAP interpretable method based on chi-square test to perform interpretable analysis of the trained model.We conducted several experiments to evaluate the proposed FL-TIDS.We first determine experimentally the structure and the number of neurons of the unsupervised AE model.Secondly,we evaluated the proposed method using the UNSW-NB15 and CICIDS2017 datasets.The exper-imental results show that the unsupervised AE model has better performance than the other 7 intrusion detection models in terms of precision,recall and f1-score.Then,federated learning is used to train the intrusion detection model.The experimental results indicate that the model is more accurate than the local learning model.Finally,we use an improved SHAP explainability method based on Chi-square test to analyze the explainability.The analysis results show that the identification characteristics of the model are consistent with the attack characteristics,and the model is reliable.展开更多
Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research si...Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research significance for network security.Due to the strong generalization of invalid features during training process,it is more difficult for single autoencoder intrusion detection model to obtain effective results.A network intrusion detection model based on the Ensemble of Denoising Adversarial Autoencoder(EDAAE)was proposed,which had higher accuracy and reliability compared to the traditional anomaly detection model.Using the adversarial learning idea of Adversarial Autoencoder(AAE),the discriminator module was added to the original model,and the encoder part was used as the generator.The distribution of the hidden space of the data generated by the encoder matched with the distribution of the original data.The generalization of the model to the invalid features was also reduced to improve the detection accuracy.At the same time,the denoising autoencoder and integrated operation was introduced to prevent overfitting in the adversarial learning process.Experiments on the CICIDS2018 traffic dataset showed that the proposed intrusion detection model achieves an Accuracy of 95.23%,which out performs traditional self-encoders and other existing intrusion detection models methods in terms of overall performance.展开更多
Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weight...Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.展开更多
An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a...An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of “normal behaviors”. To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from “normal” data is computed. If the similarity values are lower than a threshold value,an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.展开更多
Infrared target intrusion detection has significant applications in the fields of military defence and intelligent warning.In view of the characteristics of intrusion targets as well as inspection difficulties,an infr...Infrared target intrusion detection has significant applications in the fields of military defence and intelligent warning.In view of the characteristics of intrusion targets as well as inspection difficulties,an infrared target intrusion detection algorithm based on feature fusion and enhancement was proposed.This algorithm combines static target mode analysis and dynamic multi-frame correlation detection to extract infrared target features at different levels.Among them,LBP texture analysis can be used to effectively identify the posterior feature patterns which have been contained in the target library,while motion frame difference method can detect the moving regions of the image,improve the integrity of target regions such as camouflage,sheltering and deformation.In order to integrate the advantages of the two methods,the enhanced convolutional neural network was designed and the feature images obtained by the two methods were fused and enhanced.The enhancement module of the network strengthened and screened the targets,and realized the background suppression of infrared images.Based on the experiments,the effect of the proposed method and the comparison method on the background suppression and detection performance was evaluated,and the results showed that the SCRG and BSF values of the method in this paper had a better performance in multiple data sets,and it’s detection performance was far better than the comparison algorithm.The experiment results indicated that,compared with traditional infrared target detection methods,the proposed method could detect the infrared invasion target more accurately,and suppress the background noise more effectively.展开更多
Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is ...Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is still a high rate of false negatives in detecting these complex attack patterns.To solve this problem,we use interval temporal logic formulae to describe concurrent attacks and piecewise attacks.On this basis,we formalize a novel algorithm for intrusion detection based on model checking interval temporal logic.Compared with the method based on model checking linear temporal logic,the new algorithm can find unknown succinct attacks.The simulation results show that the new method can effectively reduce the false negative rate of concurrent attacks and piecewise attacks.展开更多
Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protec...Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.展开更多
Network intrusion poses a severe threat to the Internet.However,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap.In addition,efficient real-time ...Network intrusion poses a severe threat to the Internet.However,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap.In addition,efficient real-time detection is an urgent problem.To address the two above problems,we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection(LDA-ID),consisting of static and online LDA-ID.The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection.Thus,the detection is based on the latent topic features.To achieve efficient real-time detection,we design an online computing mode for static LDA-ID,in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information.Furthermore,we design two matching mechanisms to accommodate the static and online LDA-ID,respectively.Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.展开更多
With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power ...With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power stations.The intrusion detection model trained on the old data is hard to effectively identify new attacks,and it is difficult to update the intrusion detection model in time when lacking data.To solve this issue,by using model-based transfer learning methods,in this paper we propose a convolutional neural network(CNN)based transfer online sequential extreme learning machine(TOS-ELM)scheme to enable the online intrusion detection,which is called CNN-TOSELM in this paper.In our proposed scheme,we use pre-trained CNN to extract the characteristics of the target domain data as input,and then build online learning classifier TOS-ELM to transfer the parameter of the ELM classifier of the source domain.Experimental results show the proposed CNNTOSELM scheme can achieve better detection performance and extremely short model update time for intelligent pumped storage power stations.展开更多
Intrusion detection aims to detect intrusion behavior and serves as a complement to firewalls.It can detect attack types of malicious network communications and computer usage that cannot be detected by idiomatic fire...Intrusion detection aims to detect intrusion behavior and serves as a complement to firewalls.It can detect attack types of malicious network communications and computer usage that cannot be detected by idiomatic firewalls.Many intrusion detection methods are processed through machine learning.Previous literature has shown that the performance of an intrusion detection method based on hybrid learning or integration approach is superior to that of single learning technology.However,almost no studies focus on how additional representative and concise features can be extracted to process effective intrusion detection among massive and complicated data.In this paper,a new hybrid learning method is proposed on the basis of features such as density,cluster centers,and nearest neighbors(DCNN).In this algorithm,data is represented by the local density of each sample point and the sum of distances from each sample point to cluster centers and to its nearest neighbor.k-NN classifier is adopted to classify the new feature vectors.Our experiment shows that DCNN,which combines K-means,clustering-based density,and k-NN classifier,is effective in intrusion detection.展开更多
Internet of Vehicles(henceforth called IoV) is a public network system and high-value target for intrusions that may cause efficiency issues, privacy leakages or even physical damage. Conventional intrusion detection ...Internet of Vehicles(henceforth called IoV) is a public network system and high-value target for intrusions that may cause efficiency issues, privacy leakages or even physical damage. Conventional intrusion detection methods are normally designed for the Internet infrastructures which cannot directly apply in the context of IoV. This work proposes an FPGA based intrusion detection method that can not only achieve real-time scanning performance but also be applied in vehicular environment. We evaluate our scheme on a Xilinx FPGA based platform. Experiments show that the proposed system can achieve a throughput of more than 39 Gbps on existing FPGA platform which is about 15% higher than state-of-the-art techniques,and the total power consumption for the prototype is about 7.5 w. Moreover, the processing latency of the prototype is about 4 us and is about one sixtieth part of the popular software IDS systems.展开更多
Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the sec...Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.展开更多
An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to d...An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.展开更多
A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defi...A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.展开更多
In order to improve the detection efficiency of rule-based expert systems, an intrusion detection approach using connectionist expert system is proposed. The approach converts the AND/OR nodes into the corresponding n...In order to improve the detection efficiency of rule-based expert systems, an intrusion detection approach using connectionist expert system is proposed. The approach converts the AND/OR nodes into the corresponding neurons, adopts the three layered feed forward network with full interconnection between layers, translates the feature values into the continuous values belong to the interval [0, 1], shows the confidence degree about intrusion detection rules using the weight values of the neural networks and makes uncertain inference with sigmoid function. Compared with the rule based expert system, the neural network expert system improves the inference efficiency.展开更多
In this paper,we introduce an adaptive clustering algorithm for intrusion detection based on wavecluster which was introduced by Gholamhosein in 1999 and used with success in image processing.Because of the non-statio...In this paper,we introduce an adaptive clustering algorithm for intrusion detection based on wavecluster which was introduced by Gholamhosein in 1999 and used with success in image processing.Because of the non-stationary characteristic of network traffic,we extend and develop an adaptive wavecluster algorithm for intrusion detection.Using the multiresolution property of wavelet transforms,we can effectively identify arbitrarily shaped clusters at different scales and degrees of detail,moreover,applying wavelet transform removes the noise from the original feature space and make more accurate cluster found.Experimental results on KDD-99 intrusion detection dataset show the efficiency and accuracy of this algorithm.A detection rate above 96% and a false alarm rate below 3% are achieved.展开更多
A new real-time model based on parallel time-series mining is proposed to improve the accuracy and efficiency of the network intrusion detection systems. In this model, multidimensional dataset is constructed to descr...A new real-time model based on parallel time-series mining is proposed to improve the accuracy and efficiency of the network intrusion detection systems. In this model, multidimensional dataset is constructed to describe network events, and sliding window updating algorithm is used to maintain network stream. Moreover, parallel frequent patterns and frequent episodes mining algorithms are applied to implement parallel time-series mining engineer which can intelligently generate rules to distinguish intrusions from normal activities. Analysis and study on the basis of DAWNING 3000 indicate that this parallel time-series mining-based model provides a more accurate and efficient way to building real-time NIDS.展开更多
基金supported in part by the National Natural Science Foundation of China(No.62001333)the Scientific Research Project of Education Department of Hubei Province(No.D20221702).
文摘Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusion of a recursive feature elimination(RFE)algorithm and a bidirectional gated recurrent unit(BGRU).Particularly,the RFE algorithm is employed to select features from high-dimensional data to reduce weak correlations between features and remove redundant features in the numerical feature space.Then,a neural network that combines the BGRU and multilayer perceptron(MLP)is adopted to extract deep intrusion behavior features.Finally,a support vector machine(SVM)classifier is used to classify intrusion behaviors.The proposed model is verified by experiments on the NSL-KDD dataset.The results indicate that the proposed model achieves a 90.25%accuracy and a 97.51%detection rate in binary classification and outperforms other machine learning and deep learning models in intrusion classification.The proposed method can provide new insight into network intrusion detection.
文摘The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)。
文摘To solve the problem of poor detection and limited application range of current intrusion detection methods,this paper attempts to use deep learning neural network technology to study a new type of intrusion detection method.Hence,we proposed an intrusion detection algorithm based on convolutional neural network(CNN)and AdaBoost algorithm.This algorithm uses CNN to extract the characteristics of network traffic data,which is particularly suitable for the analysis of continuous and classified attack data.The AdaBoost algorithm is used to classify network attack data that improved the detection effect of unbalanced data classification.We adopt the UNSW-NB15 dataset to test of this algorithm in the PyCharm environment.The results show that the detection rate of algorithm is99.27%and the false positive rate is lower than 0.98%.Comparative analysis shows that this algorithm has advantages over existing methods in terms of detection rate and false positive rate for small proportion of attack data.
基金supported by National Natural Science Fundation of China under Grant 61972208National Natural Science Fundation(General Program)of China under Grant 61972211+2 种基金National Key Research and Development Project of China under Grant 2020YFB1804700Future Network Innovation Research and Application Projects under Grant No.2021FNA020062021 Jiangsu Postgraduate Research Innovation Plan under Grant No.KYCX210794.
文摘With the rapid development of the Internet,network security and data privacy are increasingly valued.Although classical Network Intrusion Detection System(NIDS)based on Deep Learning(DL)models can provide good detection accuracy,but collecting samples for centralized training brings the huge risk of data privacy leakage.Furthermore,the training of supervised deep learning models requires a large number of labeled samples,which is usually cumbersome.The“black-box”problem also makes the DL models of NIDS untrustworthy.In this paper,we propose a trusted Federated Learning(FL)Traffic IDS method called FL-TIDS to address the above-mentioned problems.In FL-TIDS,we design an unsupervised intrusion detection model based on autoencoders that alleviates the reliance on marked samples.At the same time,we use FL for model training to protect data privacy.In addition,we design an improved SHAP interpretable method based on chi-square test to perform interpretable analysis of the trained model.We conducted several experiments to evaluate the proposed FL-TIDS.We first determine experimentally the structure and the number of neurons of the unsupervised AE model.Secondly,we evaluated the proposed method using the UNSW-NB15 and CICIDS2017 datasets.The exper-imental results show that the unsupervised AE model has better performance than the other 7 intrusion detection models in terms of precision,recall and f1-score.Then,federated learning is used to train the intrusion detection model.The experimental results indicate that the model is more accurate than the local learning model.Finally,we use an improved SHAP explainability method based on Chi-square test to analyze the explainability.The analysis results show that the identification characteristics of the model are consistent with the attack characteristics,and the model is reliable.
文摘Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research significance for network security.Due to the strong generalization of invalid features during training process,it is more difficult for single autoencoder intrusion detection model to obtain effective results.A network intrusion detection model based on the Ensemble of Denoising Adversarial Autoencoder(EDAAE)was proposed,which had higher accuracy and reliability compared to the traditional anomaly detection model.Using the adversarial learning idea of Adversarial Autoencoder(AAE),the discriminator module was added to the original model,and the encoder part was used as the generator.The distribution of the hidden space of the data generated by the encoder matched with the distribution of the original data.The generalization of the model to the invalid features was also reduced to improve the detection accuracy.At the same time,the denoising autoencoder and integrated operation was introduced to prevent overfitting in the adversarial learning process.Experiments on the CICIDS2018 traffic dataset showed that the proposed intrusion detection model achieves an Accuracy of 95.23%,which out performs traditional self-encoders and other existing intrusion detection models methods in terms of overall performance.
文摘Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.
文摘An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of “normal behaviors”. To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from “normal” data is computed. If the similarity values are lower than a threshold value,an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.
基金This work was supported by the National Natural Science Foundation of China(grant number:61671470)the National Key Research and Development Program of China(grant number:2016YFC0802904)the Postdoctoral Science Foundation Funded Project of China(grant number:2017M623423).
文摘Infrared target intrusion detection has significant applications in the fields of military defence and intelligent warning.In view of the characteristics of intrusion targets as well as inspection difficulties,an infrared target intrusion detection algorithm based on feature fusion and enhancement was proposed.This algorithm combines static target mode analysis and dynamic multi-frame correlation detection to extract infrared target features at different levels.Among them,LBP texture analysis can be used to effectively identify the posterior feature patterns which have been contained in the target library,while motion frame difference method can detect the moving regions of the image,improve the integrity of target regions such as camouflage,sheltering and deformation.In order to integrate the advantages of the two methods,the enhanced convolutional neural network was designed and the feature images obtained by the two methods were fused and enhanced.The enhancement module of the network strengthened and screened the targets,and realized the background suppression of infrared images.Based on the experiments,the effect of the proposed method and the comparison method on the background suppression and detection performance was evaluated,and the results showed that the SCRG and BSF values of the method in this paper had a better performance in multiple data sets,and it’s detection performance was far better than the comparison algorithm.The experiment results indicated that,compared with traditional infrared target detection methods,the proposed method could detect the infrared invasion target more accurately,and suppress the background noise more effectively.
基金supported by National Natural Science Foundation of China under Grant No. 61003079
文摘Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is still a high rate of false negatives in detecting these complex attack patterns.To solve this problem,we use interval temporal logic formulae to describe concurrent attacks and piecewise attacks.On this basis,we formalize a novel algorithm for intrusion detection based on model checking interval temporal logic.Compared with the method based on model checking linear temporal logic,the new algorithm can find unknown succinct attacks.The simulation results show that the new method can effectively reduce the false negative rate of concurrent attacks and piecewise attacks.
基金Acknowledgements Project supported by the National Natural Science Foundation of China (Grant No.60932003), the National High Technology Development 863 Program of China (Grant No.2007AA01Z452, No. 2009AA01 Z118 ), Project supported by Shanghai Municipal Natural Science Foundation (Grant No.09ZRI414900), National Undergraduate Innovative Test Program (091024812).
文摘Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.
基金supported by the National Natural Science Foundation of China(Grant No.U1636208,No.61862008,No.61902013)the Beihang Youth Top Talent Support Program(Grant No.YWF-21-BJJ-1039)。
文摘Network intrusion poses a severe threat to the Internet.However,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap.In addition,efficient real-time detection is an urgent problem.To address the two above problems,we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection(LDA-ID),consisting of static and online LDA-ID.The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection.Thus,the detection is based on the latent topic features.To achieve efficient real-time detection,we design an online computing mode for static LDA-ID,in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information.Furthermore,we design two matching mechanisms to accommodate the static and online LDA-ID,respectively.Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.
文摘With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power stations.The intrusion detection model trained on the old data is hard to effectively identify new attacks,and it is difficult to update the intrusion detection model in time when lacking data.To solve this issue,by using model-based transfer learning methods,in this paper we propose a convolutional neural network(CNN)based transfer online sequential extreme learning machine(TOS-ELM)scheme to enable the online intrusion detection,which is called CNN-TOSELM in this paper.In our proposed scheme,we use pre-trained CNN to extract the characteristics of the target domain data as input,and then build online learning classifier TOS-ELM to transfer the parameter of the ELM classifier of the source domain.Experimental results show the proposed CNNTOSELM scheme can achieve better detection performance and extremely short model update time for intelligent pumped storage power stations.
文摘Intrusion detection aims to detect intrusion behavior and serves as a complement to firewalls.It can detect attack types of malicious network communications and computer usage that cannot be detected by idiomatic firewalls.Many intrusion detection methods are processed through machine learning.Previous literature has shown that the performance of an intrusion detection method based on hybrid learning or integration approach is superior to that of single learning technology.However,almost no studies focus on how additional representative and concise features can be extracted to process effective intrusion detection among massive and complicated data.In this paper,a new hybrid learning method is proposed on the basis of features such as density,cluster centers,and nearest neighbors(DCNN).In this algorithm,data is represented by the local density of each sample point and the sum of distances from each sample point to cluster centers and to its nearest neighbor.k-NN classifier is adopted to classify the new feature vectors.Our experiment shows that DCNN,which combines K-means,clustering-based density,and k-NN classifier,is effective in intrusion detection.
基金supported by the National Science Foundation of China under Grant No. 61402474by the Excellent Young Scholar Research Fund of Beijing Institute of Technology
文摘Internet of Vehicles(henceforth called IoV) is a public network system and high-value target for intrusions that may cause efficiency issues, privacy leakages or even physical damage. Conventional intrusion detection methods are normally designed for the Internet infrastructures which cannot directly apply in the context of IoV. This work proposes an FPGA based intrusion detection method that can not only achieve real-time scanning performance but also be applied in vehicular environment. We evaluate our scheme on a Xilinx FPGA based platform. Experiments show that the proposed system can achieve a throughput of more than 39 Gbps on existing FPGA platform which is about 15% higher than state-of-the-art techniques,and the total power consumption for the prototype is about 7.5 w. Moreover, the processing latency of the prototype is about 4 us and is about one sixtieth part of the popular software IDS systems.
基金This work was partially supported by the National Natural Science Foundation of China under Cxants No. 61272451, No. 61103220, No. 61173154, No. 61173175 the National Critical Patented Projects in the next generation broadband wireless mobile communication network under Grant No. 2010ZX03006-001-01.
文摘Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.
文摘An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stabih'ty, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.
文摘A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.
文摘In order to improve the detection efficiency of rule-based expert systems, an intrusion detection approach using connectionist expert system is proposed. The approach converts the AND/OR nodes into the corresponding neurons, adopts the three layered feed forward network with full interconnection between layers, translates the feature values into the continuous values belong to the interval [0, 1], shows the confidence degree about intrusion detection rules using the weight values of the neural networks and makes uncertain inference with sigmoid function. Compared with the rule based expert system, the neural network expert system improves the inference efficiency.
文摘In this paper,we introduce an adaptive clustering algorithm for intrusion detection based on wavecluster which was introduced by Gholamhosein in 1999 and used with success in image processing.Because of the non-stationary characteristic of network traffic,we extend and develop an adaptive wavecluster algorithm for intrusion detection.Using the multiresolution property of wavelet transforms,we can effectively identify arbitrarily shaped clusters at different scales and degrees of detail,moreover,applying wavelet transform removes the noise from the original feature space and make more accurate cluster found.Experimental results on KDD-99 intrusion detection dataset show the efficiency and accuracy of this algorithm.A detection rate above 96% and a false alarm rate below 3% are achieved.
文摘A new real-time model based on parallel time-series mining is proposed to improve the accuracy and efficiency of the network intrusion detection systems. In this model, multidimensional dataset is constructed to describe network events, and sliding window updating algorithm is used to maintain network stream. Moreover, parallel frequent patterns and frequent episodes mining algorithms are applied to implement parallel time-series mining engineer which can intelligently generate rules to distinguish intrusions from normal activities. Analysis and study on the basis of DAWNING 3000 indicate that this parallel time-series mining-based model provides a more accurate and efficient way to building real-time NIDS.
