Search results

The mischievous nodes that defy the standard corrupt the exhibition of good nodes considerably. Therefore, an intrusion discovery mechanism should be included to the mobile ad-hoc network (MANET). In this paper, worm-hole and other destructive malignant attacks are propelled in MANET.

A wireless ad-hoc network also called as mobile ad-hoc network (MANET) is a gathering of hubs that utilizes a wireless channel to exchange information and coordinate together to establish information exchange among any pair of hubs, without any centralized structure. The security issue is a major difficulty while employing MANETs.

Consequently, the attacks due to the malicious node activity are detected using Hybrid Reactive Search and Bat (HRSB) mechanism to prevent the mischievous nodes from entering the network beneath the untruthful information. Moreover, the attack detection rate and node energy are predicted for determining the lifetime of the node.

The simulation outcomes of the proposed HRSB technique are evaluated with the prevailing methods. The comparison studies have proven the efficacy of the current research model by attaining high attack detection rate and achieving more network lifetime.

This chapter reviews traditional intelligence work, primarily how intelligence was perceived and conducted in the industrial economy. The review includes economic sectors with dedicated intelligence functions such as military, law enforcement, and national security. The review also includes secondary intelligence work in all other economic sectors. Looking across all these examples, the authors present a traditional life cycle model of intelligence work and highlight this traditional view of intelligence’s tactical and reactive approach. The chapter details the historical evolution and common intelligence elements in military, business, law enforcement, judicial forensics, national security, market, financial, medical, digital, and computer forensics.

Wireless multi-hop ad hoc networks are becoming very attractive and widely deployed in many kinds of communication and networking applications. However, distributed and collaborative routing in such networks makes them vulnerable to various security attacks. This paper aims to design and implement a new efficient intrusion detection and prevention framework, called EIDPF, a host-based framework suitable for mobile ad hoc network’s characteristics such as high node’s mobility, resource-constraints and rapid topology change. EIDPF aims to protect an AODV-based network against routing attacks that could target such network.

This detection and prevention framework is composed of three complementary modules: a specification-based intrusion detection system to detect attacks violating the protocol specification, a load balancer to prevent fast-forwarding attacks such as wormhole and rushing and adaptive response mechanism to isolate malicious node from the network.

A key advantage of the proposed framework is its capacity to efficiently avoid fast-forwarding attacks and its real-time detection of both known and unknown attacks violating specification. The simulation results show that EIDPF exhibits a high detection rate, low false positive rate and no extra communication overhead compared to other protection mechanisms.

It is a new intrusion detection and prevention framework to protect ad hoc network against routing attacks. A key strength of the proposed framework is its ability to guarantee a real-time detection of known and unknown attacks that violate the protocol specification, and avoiding wormhole and rushing attacks by providing a load balancing route discovery.

The paper aims to precise and fast categorization on to transaction evolves into indispensible. The effective capacity difficulty of all the IDS simulates today at below discovery amount of fewer regular barrage associations and therefore the next warning rate.

The reticulum perception is that the methods which examine and determine the scheme of contact on unearths toward number of dangerous and perchance fateful interchanges occurring toward the system. Within character of guaran-teeing the slumberous, opening and uprightness count of to socialize for professional. The precise and fast categorization on to transaction evolves into indispensible. The effective capacity difficulty of all the intrusion detection simulation (IDS) simulates today at below discovery amount of fewer regular barrage associations and therefore the next warning rate. The container with systems of connections are reproduction everything beacon subject to the series of actions to achieve results accepts exists a contemporary well-known method. At the indicated motivation a hybrid methodology supported pairing distinct ripple transformation and human intelligence artificial neural network (ANN) for IDS is projected. The lack of balance of the situation traversing the space beyond information range was eliminated through synthetic minority oversampling technique-based oversampling have low regular object and irregular below examine of the dominant object. We are binding with three layer ANN is being used for classification, and thus the experimental results on knowledge discovery databases are being used for the facts in occurrence of accuracy rate and disclosure estimation toward identical period. True and false made up accepted.

At the indicated motivation a hybrid methodology supported pairing distinct ripple transformation and human intelligence ANN for IDS is projected. The lack of balance of the situation traversing the space beyond information range was eliminated through synthetic minority oversampling technique-based oversampling have low regular object and irregular below examine of the dominant object.

Chain interruption discovery is the series of actions for the results knowing the familiarity opening and honor number associate order, the scientific categorization undertaking become necessary. The capacity issues of invasion discovery is the order to determine and examine. The arrangement of simulations at the occasion under discovery estimation for low regular aggression associations and above made up feeling sudden panic amount.

In this research, the authors demonstrate the advantage of reinforcement learning (RL) based intrusion detection systems (IDS) to solve very complex problems (e.g. selecting input features, considering scarce resources and constrains) that cannot be solved by classical machine learning. The authors include a comparative study to build intrusion detection based on statistical machine learning and representational learning, using knowledge discovery in databases (KDD) Cup99 and Installation Support Center of Expertise (ISCX) 2012.

The methodology applies a data analytics approach, consisting of data exploration and machine learning model training and evaluation. To build a network-based intrusion detection system, the authors apply dueling double deep Q-networks architecture enabled with costly features, k-nearest neighbors (K-NN), support-vector machines (SVM) and convolution neural networks (CNN).

Machine learning-based intrusion detection are trained on historical datasets which lead to model drift and lack of generalization whereas RL is trained with data collected through interactions. RL is bound to learn from its interactions with a stochastic environment in the absence of a training dataset whereas supervised learning simply learns from collected data and require less computational resources.

All machine learning models have achieved high accuracy values and performance. One potential reason is that both datasets are simulated, and not realistic. It was not clear whether a validation was ever performed to show that data were collected from real network traffics.

The study provides guidelines to implement IDS with classical supervised learning, deep learning and RL.

The research applied the dueling double deep Q-networks architecture enabled with costly features to build network-based intrusion detection from network traffics. This research presents a comparative study of reinforcement-based instruction detection with counterparts built with statistical and representational machine learning.

A zero-day vulnerability is a complimentary ticket to the attackers for gaining entry into the network. Thus, there is necessity to device appropriate threat detection systems and establish an innovative and safe solution that prevents unauthorised intrusions for defending various components of cybersecurity. We present a survey of recent Intrusion Detection Systems (IDS) in detecting zero-day vulnerabilities based on the following dimensions: types of cyber-attacks, datasets used and kinds of network detection systems.

Purpose: The study focuses on presenting an exhaustive review on the effectiveness of the recent IDS with respect to zero-day vulnerabilities.

Methodology: Systematic exploration was done at the IEEE, Elsevier, Springer, RAID, ESCORICS, Google Scholar, and other relevant platforms of studies published in English between 2015 and 2021 using keywords and combinations of relevant terms.

Findings: It is possible to train IDS for zero-day attacks. The existing IDS have strengths that make them capable of effective detection against zero-day attacks. However, they display certain limitations that reduce their credibility. Novel strategies like deep learning, machine learning, fuzzing technique, runtime verification technique, and Hidden Markov Models can be used to design IDS to detect malicious traffic.

Implication: This paper explored and highlighted the advantages and limitations of existing IDS enabling the selection of best possible IDS to protect the system. Moreover, the comparison between signature-based and anomaly-based IDS exemplifies that one viable approach to accurately detect the zero-day vulnerabilities would be the integration of hybrid mechanism.

Referred data set produces reliable information about the network flows and common attacks meeting with real-world criteria. Accordingly, this study aims to focus on the use of imbalanced intrusion detection benchmark knowledge discovery in database (KDD) data set. KDD data set is most preferably used by many researchers for experimentation and analysis. The proposed algorithm improvised random forest classification with error tuning factors (IRFCETF) deals with experimentation on KDD data set and evaluates the performance of a complete set of network traffic features through IRFCETF.

In the current era of applications, the attention of researchers is immersed by a diverse number of existing time applications that deals with imbalanced data classification (ImDC). Real-time application areas, artificial intelligence (AI), Industrial Internet of Things (IIoT), etc. are dealing ImDC undergo with diverted classification performance due to skewed data distribution (SkDD). There are numerous application areas that deal with SkDD. Many of the data applications in AI and IIoT face the diverted data classification rate in SkDD. In recent advancements, there is an exponential expansion in the volume of computer network data and related application developments. Intrusion detection is one of the demanding applications of ImDC. The proposed study focusses on imbalanced intrusion benchmark data set, KDD data set and other benchmark data set with the proposed IRFCETF approach. IRFCETF justifies the enriched classification performance on imbalanced data set over the existing approach. The purpose of this work is to review imbalanced data applications in numerous application areas including AI and IIoT and tuning the performance with respect to principal component analysis. This study also focusses on the out-of-bag error performance-tuning factor.

Experimental results on KDD data set shows that proposed algorithm gives enriched performance. For referred intrusion detection data set, IRFCETF classification accuracy is 99.57% and error rate is 0.43%.

This research work extended for further improvements in classification techniques with multiple correspondence analysis (MCA); hierarchical MCA can be focussed with the use of classification models for wide range of skewed data sets.

The metrics enhancement is measurable and helpful in dealing with intrusion detection systems–related imbalanced applications in current application domains such as security, AI and IIoT digitization. Analytical results show improvised metrics of the proposed approach than other traditional machine learning algorithms. Thus, error-tuning parameter creates a measurable impact on classification accuracy is justified with the proposed IRFCETF.

Proposed algorithm is useful in numerous IIoT applications such as health care, machinery automation etc.

This research work addressed classification metric enhancement approach IRFCETF. The proposed method yields a test set categorization for each case with error reduction mechanism.

This paper aims to propose a multi-dimensional hierarchical K-means clustering algorithm for the purpose of intrusion detection. Initially, the clustering set of rules is proposed to shape some of clusters in the network and then the most beneficial clusters are decided on by the use of Cuckoo search optimization set of rules. Finally, an Artificial Bee Colony primarily based selection tree (ABC-DT) classifier is rented to classify the regular and unusual instances present in the network with the aid of the extracted features.

Intrusion detection system (IDS) is crucial for the network system; the intruder can take sensitive details about the network. IDS are said to be more effective when it has both high intrusion detection rate and low false alarm rate. Numerous strategies including gadget mastering, records mining and statistical techniques were tested for IDS mission. Recent study reveals that combining multiple classifiers, i.e. classifiers ensemble, can also own better performance than unmarried classifier. In this paper, a comparative study is conducted of the overall performance of four classifiers, i.e. hybrid ABC-DT particle swarm optimization-based K-means clustering (PSO-KM), help vector device (SVM) and K-Nearest neighbour (KNN). All the four classifiers are tested with exceptional packet sizes 1470, 1024, 512 and 256. The experiment is carried out for the speed ranging from turned into done for the velocity ranging from 250Mbps, 500Mbps, 750Mbps, 1.0Gpbs, 1.5Gbps, and 2.0Gbps in terms of accuracy, detection charge, specificity, false alarm charge and computational time. The experimental results reveals that the hybridization of classifiers performs better than the base classifiers in all scenarios.

This study analyses the performance of hybrid ABC-DT classifier and compares the performance against three well-known classifiers such as PSO-KM, SVM and K-NN. The performances of all the four classifiers are tested with Discovery in Data Mining (KDD) CUP 99 dataset with different packet sizes 1470, 1024, 512 and 256. The results show the classifier performance variations with different speed ranges. From the experimental results and analysis, the hybridization of classifiers such as ABC-DT outperforms the base classifiers in all scenarios.

The novel approach in this paper is used to study the hybrid ABC-DT classifier and compare the performance against three well-known classifiers such as PSO-KM, SVM and K-NN. The discussed concept is used within the network to monitor the traffic to and from all the devices connected in that network.

The task of internet intrusion detection is to detect anomalous network connections caused by intrusive activities. There have been many intrusion detection schemes proposed, most of which apply both normal and intrusion data to construct classifiers. However, normal data and intrusion data are often seriously imbalanced because intrusive connection data are usually difficult to collect. Internet intrusion detection can be considered as a novelty detection problem, which is the identification of new or unknown data, to which a learning system has not been exposed during training. This paper aims to address this issue.

In this paper, a novelty detection‐based intrusion detection system is proposed by combining the self‐organizing map (SOM) and the kernel auto‐associator (KAA) model proposed earlier by the first author. The KAA model is a generalization of auto‐associative networks by training to recall the inputs through kernel subspace. For anomaly detection, the SOM organizes the prototypes of samples while the KAA provides data description for the normal connection patterns. The hybrid SOM/KAA model can also be applied to classify different types of attacks.

Using the KDD CUP, 1999 dataset, the performance of the proposed scheme in separating normal connection patterns from intrusive connection patterns was compared with some state‐of‐art novelty detection methods, showing marked improvements in terms of the high intrusion detection accuracy and low false positives. Simulations on the classification of attack categories also demonstrate favorable results of the accuracy, which are comparable to the entries from the KDD CUP, 1999 data mining competition.

The hybrid model of SOM and the KAA model can achieve significant results for intrusion detection.