Machine Learning Techniques for Intelligent Intrusion Detection Systems

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: closed (28 February 2021) | Viewed by 93961

Special Issue Editors

Special Issue Information

Dear Colleagues,

Security and privacy of data is one of the major concerns in today’s world, and intrusion detection systems (IDS) play an important role in cybersecurity. Industry 4.0 ecosystems are able to collect data, interconnect between each other, and process and make decisions without any human interaction. Currently, the amount of data traveling through networks is overwhelming from the perspective of the veracity and variety of the data that are transmitted, the volume of the information, and velocity of the Internet links. This resembles well-known paradigm Big Data in addition to the omnipresent usage of the encryption and creates multiple challenges when it comes to effective detection of distributed denial of service (DDoS) attacks, advanced persistent threats (APT), and distribution of malware infection. Conventional intrusion detection systems utilize the signature-based approach that helps to identify known attacks and protect the network. However, those are less efficient when it comes to tailored attacks, APT, Zero-Day attack, encryption, and distributed reconnaissance, due to the large volume and sophistication. Fortunately, machine learning can aid in solving the most common tasks, including regression, prediction, and classification. Machine learning techniques have been effectively used in multiple applications in intelligent intrusion detection systems, including network traffic analysis, access logs analysis, spam, and malware detection. However, current machine learning methods and their implementations are designed to handle tens of thousands of data yet have complexity issues with bigger datasets. Big Data analytics require new and enhanced models to handle complex problems as network attacks detection. Future intelligent intrusion detection systems require faster and more accurate machine learning models. Therefore, it is important to improve the existing and find proper ways of designing new machine learning methods suitable to detect indicators of compromise and find malicious connections even if the network traffic is encrypted. This Special Issue provides a platform for discussing new developments in the intersection of security and privacy with machine learning and deep learning.

Assoc. Prof. Dr. Mamoun Alazab
Dr. Andrii Shalaginov
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Cybersecurity
  • Cybercrime
  • Security, trust, and privacy
  • Anomaly intrusion detection
  • Distributed intrusion detection
  • Hybrid intrusion detection
  • Adversarial attacks
  • Machine learning
  • Deep learning
  • Big Data analytics
  • IoT
  • CPS
  • Blockchain
  • Cloud computing

Published Papers (16 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

16 pages, 1992 KiB  
Article
SDN-Enabled Hybrid DL-Driven Framework for the Detection of Emerging Cyber Threats in IoT
by Danish Javeed, Tianhan Gao and Muhammad Taimoor Khan
Electronics 2021, 10(8), 918; https://doi.org/10.3390/electronics10080918 - 12 Apr 2021
Cited by 56 | Viewed by 4783
Abstract
The Internet of Things (IoT) has proven to be a billion-dollar industry. Despite offering numerous benefits, the prevalent nature of IoT makes it vulnerable and a possible target for the development of cyber-attacks. The diversity of the IoT, on the one hand, leads [...] Read more.
The Internet of Things (IoT) has proven to be a billion-dollar industry. Despite offering numerous benefits, the prevalent nature of IoT makes it vulnerable and a possible target for the development of cyber-attacks. The diversity of the IoT, on the one hand, leads to the benefits of the integration of devices into a smart ecosystem, but the heterogeneous nature of the IoT makes it difficult to come up with a single security solution. However, the centralized intelligence and programmability of software-defined networks (SDNs) have made it possible to compose a single and effective security solution to cope with cyber threats and attacks. We present an SDN-enabled architecture leveraging hybrid deep learning detection algorithms for the efficient detection of cyber threats and attacks while considering the resource-constrained IoT devices so that no burden is placed on them. We use a state-of-the-art dataset, CICDDoS 2019, to train our algorithm. The results evaluated by this algorithm achieve high accuracy with a minimal false positive rate (FPR) and testing time. We also perform 10-fold cross-validation, proving our results to be unbiased, and compare our results with current benchmark algorithms. Full article
Show Figures

Figure 1

17 pages, 931 KiB  
Article
Toward Developing Efficient Conv-AE-Based Intrusion Detection System Using Heterogeneous Dataset
by Muhammad Ashfaq Khan and Juntae Kim
Electronics 2020, 9(11), 1771; https://doi.org/10.3390/electronics9111771 - 26 Oct 2020
Cited by 68 | Viewed by 4594
Abstract
Recently, due to the rapid development and remarkable result of deep learning (DL) and machine learning (ML) approaches in various domains for several long-standing artificial intelligence (AI) tasks, there has an extreme interest in applying toward network security too. Nowadays, in the information [...] Read more.
Recently, due to the rapid development and remarkable result of deep learning (DL) and machine learning (ML) approaches in various domains for several long-standing artificial intelligence (AI) tasks, there has an extreme interest in applying toward network security too. Nowadays, in the information communication technology (ICT) era, the intrusion detection (ID) system has the great potential to be the frontier of security against cyberattacks and plays a vital role in achieving network infrastructure and resources. Conventional ID systems are not strong enough to detect advanced malicious threats. Heterogeneity is one of the important features of big data. Thus, designing an efficient ID system using a heterogeneous dataset is a massive research problem. There are several ID datasets openly existing for more research by the cybersecurity researcher community. However, no existing research has shown a detailed performance evaluation of several ML methods on various publicly available ID datasets. Due to the dynamic nature of malicious attacks with continuously changing attack detection methods, ID datasets are available publicly and are updated systematically. In this research, spark MLlib (machine learning library)-based robust classical ML classifiers for anomaly detection and state of the art DL, such as the convolutional-auto encoder (Conv-AE) for misuse attack, is used to develop an efficient and intelligent ID system to detect and classify unpredictable malicious attacks. To measure the effectiveness of our proposed ID system, we have used several important performance metrics, such as FAR, DR, and accuracy, while experiments are conducted on the publicly existing dataset, specifically the contemporary heterogeneous CSE-CIC-IDS2018 dataset. Full article
Show Figures

Figure 1

17 pages, 1899 KiB  
Article
Misbehavior-Aware On-Demand Collaborative Intrusion Detection System Using Distributed Ensemble Learning for VANET
by Fuad A. Ghaleb, Faisal Saeed, Mohammad Al-Sarem, Bander Ali Saleh Al-rimy, Wadii Boulila, A. E. M. Eljialy, Khalid Aloufi and Mamoun Alazab
Electronics 2020, 9(9), 1411; https://doi.org/10.3390/electronics9091411 - 01 Sep 2020
Cited by 60 | Viewed by 4345
Abstract
Vehicular ad hoc networks (VANETs) play an important role as enabling technology for future cooperative intelligent transportation systems (CITSs). Vehicles in VANETs share real-time information about their movement state, traffic situation, and road conditions. However, VANETs are susceptible to the cyberattacks that create [...] Read more.
Vehicular ad hoc networks (VANETs) play an important role as enabling technology for future cooperative intelligent transportation systems (CITSs). Vehicles in VANETs share real-time information about their movement state, traffic situation, and road conditions. However, VANETs are susceptible to the cyberattacks that create life threatening situations and/or cause road congestion. Intrusion detection systems (IDSs) that rely on the cooperation between vehicles to detect intruders, were the most suggested security solutions for VANET. Unfortunately, existing cooperative IDSs (CIDSs) are vulnerable to the legitimate yet compromised collaborators that share misleading and manipulated information and disrupt the IDSs’ normal operation. As such, this paper proposes a misbehavior-aware on-demand collaborative intrusion detection system (MA-CIDS) based on the concept of distributed ensemble learning. That is, vehicles individually use the random forest algorithm to train local IDS classifiers and share their locally trained classifiers on-demand with the vehicles in their vicinity, which reduces the communication overhead. Once received, the performance of the classifiers is evaluated using the local testing dataset in the receiving vehicle. The evaluation values are used as a trustworthiness factor and used to rank the received classifiers. The classifiers that deviate much from the box-and-whisker plot lower boundary are excluded from the set of the collaborators. Then, each vehicle constructs an ensemble of weighted random forest-based classifiers that encompasses the locally and remotely trained classifiers. The outputs of the classifiers are aggregated using a robust weighted voting scheme. Extensive simulations were conducted utilizing the network security laboratory-knowledge discovery data mining (NSL-KDD) dataset to evaluate the performance of the proposed MA-CIDS model. The obtained results show that MA-CIDS performs better than the other existing models in terms of effectiveness and efficiency for VANET. Full article
Show Figures

Figure 1

17 pages, 5104 KiB  
Article
Detection of Malicious Primary User Emulation Based on a Support Vector Machine for a Mobile Cognitive Radio Network Using Software-Defined Radio
by Ernesto Cadena Muñoz, Luis Fernando Pedraza Martínez and Jorge Eduardo Ortiz Triviño
Electronics 2020, 9(8), 1282; https://doi.org/10.3390/electronics9081282 - 10 Aug 2020
Cited by 9 | Viewed by 2674
Abstract
Mobile cognitive radio networks provide a new platform to implement and adapt wireless cellular communications, increasing the use of the electromagnetic spectrum by using it when the primary user is not using it and providing cellular service to secondary users. In these networks, [...] Read more.
Mobile cognitive radio networks provide a new platform to implement and adapt wireless cellular communications, increasing the use of the electromagnetic spectrum by using it when the primary user is not using it and providing cellular service to secondary users. In these networks, there exist vulnerabilities that can be exploited, such as the malicious primary user emulation (PUE), which tries to imitate the primary user signal to make the cognitive network release the used channel, causing a denial of service to secondary users. We propose a support vector machine (SVM) technique, which classifies if the received signal is a primary user or a malicious primary user emulation signal by using the signal-to-noise ratio (SNR) and Rényi entropy of the energy signal as an input to the SVM. This model improves the detection of the malicious attacker presence in low SNR without the need for a threshold calculation, which can lead to false detection results, especially in orthogonal frequency division multiplexing (OFDM) where the threshold is more difficult to estimate because the signal limit values are very close in low SNR. It is implemented on a software-defined radio (SDR) testbed to emulate the environment of mobile system modulations, such as Gaussian minimum shift keying (GMSK) and OFDM. The SVM made a previous learning process to allow the SVM system to recognize the signal behavior of a primary user in modulations such as GMSK and OFDM and the SNR value, and then the received test signal is analyzed in real-time to decide if a malicious PUE is present. The results show that our solution increases the detection probability compared to traditional techniques such as energy or cyclostationary detection in low SNR values, and it detects malicious PUE signal in MCRN. Full article
Show Figures

Figure 1

20 pages, 1154 KiB  
Article
FALCON: Framework for Anomaly Detection in Industrial Control Systems
by Subin Sapkota, A K M Nuhil Mehdy, Stephen Reese and Hoda Mehrpouyan
Electronics 2020, 9(8), 1192; https://doi.org/10.3390/electronics9081192 - 24 Jul 2020
Cited by 13 | Viewed by 3770
Abstract
Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of [...] Read more.
Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods. Full article
Show Figures

Figure 1

13 pages, 1829 KiB  
Article
Measuring the Impact of Accurate Feature Selection on the Performance of RBM in Comparison to State of the Art Machine Learning Algorithms
by Tamer Aldwairi, Dilina Perera and Mark A. Novotny
Electronics 2020, 9(7), 1167; https://doi.org/10.3390/electronics9071167 - 18 Jul 2020
Cited by 6 | Viewed by 2361
Abstract
The amassed growth in the size of data, caused by the advancement of technologies and the use of internet of things to collect and transmit data, resulted in the creation of large volumes of data and an increasing variety of data types that [...] Read more.
The amassed growth in the size of data, caused by the advancement of technologies and the use of internet of things to collect and transmit data, resulted in the creation of large volumes of data and an increasing variety of data types that need to be processed at very high speeds so that we can extract meaningful information from these massive volumes of unstructured data. The process of mining this data is very challenging since a lot of the data suffers from the problem of high dimensionality. The quandary of high dimensionality represents a great challenge that can be controlled through the process of feature selection. Feature selection is a complex task with multiple layers of difficulty. To be able to grasp and realize the impediments associated with high dimensional data a more and in-depth understanding of feature selection is required. In this study, we examine the effect of appropriate feature selection during the classification process of anomaly network intrusion detection systems. We test its effect on the performance of Restricted Boltzmann Machines and compare its performance to conventional machine learning algorithms. We establish that when certain features that are representative of the model are to be selected the change in the accuracy was always less than 3% across all algorithms. This verifies that the accurate selection of the important features when building a model can have a significant impact on the accuracy level of the classifiers. We also confirmed in this study that the performance of the Restricted Boltzmann Machines can outperform or at least is comparable to other well-known machine learning algorithms. Extracting those important features can be very useful when trying to build a model with datasets with a lot of features. Full article
Show Figures

Figure 1

23 pages, 5642 KiB  
Article
LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection
by Robertas Damasevicius, Algimantas Venckauskas, Sarunas Grigaliunas, Jevgenijus Toldinas, Nerijus Morkevicius, Tautvydas Aleliunas and Paulius Smuikys
Electronics 2020, 9(5), 800; https://doi.org/10.3390/electronics9050800 - 13 May 2020
Cited by 72 | Viewed by 9900
Abstract
Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent [...] Read more.
Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively used to identify different attack classes in the dataset. The presented network dataset is made freely available for research purposes. Full article
Show Figures

Figure 1

18 pages, 2936 KiB  
Article
A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks
by Imtiaz Ullah and Qusay H. Mahmoud
Electronics 2020, 9(3), 530; https://doi.org/10.3390/electronics9030530 - 23 Mar 2020
Cited by 61 | Viewed by 5117
Abstract
The significant increase of the Internet of Things (IoT) devices in smart homes and other smart infrastructure, and the recent attacks on these IoT devices, are motivating factors to secure and protect IoT networks. The primary security challenge to develop a methodology to [...] Read more.
The significant increase of the Internet of Things (IoT) devices in smart homes and other smart infrastructure, and the recent attacks on these IoT devices, are motivating factors to secure and protect IoT networks. The primary security challenge to develop a methodology to identify a malicious activity correctly and mitigate the impact of such activity promptly. In this paper, we propose a two-level anomalous activity detection model for intrusion detection system in IoT networks. The level-1 model categorizes the network flow as normal flow or abnormal flow, while the level-2 model classifies the category or subcategory of detected malicious activity. When the network flow classified as an anomaly by the level-1 model, then the level-1 model forwards the stream to the level-2 model for further investigation to find the category or subcategory of the detected anomaly. Our proposed model constructed on flow-based features of the IoT network. Flow-based detection methodologies only inspect packet headers to classify the network traffic. Flow-based features extracted from the IoT Botnet dataset and various machine learning algorithms were investigated and tested via different cross-fold validation tests to select the best algorithm. The decision tree classifier yielded the highest predictive results for level-1, and the random forest classifier produced the highest predictive results for level-2. Our proposed model Accuracy, Precision, Recall, and F score for level-1 were measured as 99.99% and 99.90% for level-2. A two-level anomalous activity detection system for IoT networks we proposed will provide a robust framework for the development of malicious activity detection system for IoT networks. It would be of interest to researchers in academia and industry. Full article
Show Figures

Figure 1

20 pages, 1514 KiB  
Article
Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation
by Moutaz Alazab
Electronics 2020, 9(3), 435; https://doi.org/10.3390/electronics9030435 - 05 Mar 2020
Cited by 28 | Viewed by 3961
Abstract
Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by [...] Read more.
Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by low detection accuracy, long discovery time, complex implementation, and high computational costs associated with the processor speed, power, and memory. Therefore, an automated intelligence technique is necessary for detecting apps containing malware and effectively predicting cyberattacks in mobile marketplaces. In this study, a system for classifying mobile marketplaces applications using real-world datasets is proposed, which analyzes the source code to identify malicious apps. A rich feature set of application programming interface (API) calls is proposed to capture the regularities in apps containing malicious content. Two feature-selection methods—Chi-Square and ANOVA—were examined in conjunction with ten supervised machine-learning algorithms. The detection accuracy of each classifier was evaluated to identify the most reliable classifier for malware detection using various feature sets. Chi-Square was found to have a higher detection accuracy as compared to ANOVA. The proposed system achieved a detection accuracy of 98.1% with a classification time of 1.22 s. Furthermore, the proposed system required a reduced number of API calls (500 instead of 9000) to be incorporated as features. Full article
Show Figures

Figure 1

12 pages, 629 KiB  
Article
An Enhanced Design of Sparse Autoencoder for Latent Features Extraction Based on Trigonometric Simplexes for Network Intrusion Detection Systems
by Hassan Musafer, Abdelshakour Abuzneid, Miad Faezipour and Ausif Mahmood
Electronics 2020, 9(2), 259; https://doi.org/10.3390/electronics9020259 - 04 Feb 2020
Cited by 32 | Viewed by 3058
Abstract
Despite the successful contributions in the field of network intrusion detection using machine learning algorithms and deep networks to learn the boundaries between normal traffic and network attacks, it is still challenging to detect various attacks with high performance. In this paper, we [...] Read more.
Despite the successful contributions in the field of network intrusion detection using machine learning algorithms and deep networks to learn the boundaries between normal traffic and network attacks, it is still challenging to detect various attacks with high performance. In this paper, we propose a novel mathematical model for further development of robust, reliable, and efficient software for practical intrusion detection applications. In this present work, we are concerned with optimal hyperparameters tuned for high performance sparse autoencoders for optimizing features and classifying normal and abnormal traffic patterns. The proposed framework allows the parameters of the back-propagation learning algorithm to be tuned with respect to the performance and architecture of the sparse autoencoder through a sequence of trigonometric simplex designs. These hyperparameters include the number of nodes in the hidden layer, learning rate of the hidden layer, and learning rate of the output layer. It is expected to achieve better results in extracting features and adapting to various levels of learning hierarchy as different layers of the autoencoder are characterized by different learning rates in the proposed framework. The idea is viewed such that every learning rate of a hidden layer is a dimension in a multidimensional space. Hence, a vector of the adaptive learning rates is implemented for the multiple layers of the network to accelerate the processing time that is required for the network to learn the mapping towards a combination of enhanced features and the optimal synaptic weights in the multiple layers for a given problem. The suggested framework is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyber-attacks. Experimental results demonstrate that the proposed architecture for intrusion detection yields superior performance compared to recently published algorithms in terms of classification accuracy and F-measure results. Full article
Show Figures

Figure 1

16 pages, 10080 KiB  
Article
A Novel PCA-Firefly Based XGBoost Classification Model for Intrusion Detection in Networks Using GPU
by Sweta Bhattacharya, Siva Rama Krishnan S, Praveen Kumar Reddy Maddikunta, Rajesh Kaluri, Saurabh Singh, Thippa Reddy Gadekallu, Mamoun Alazab and Usman Tariq
Electronics 2020, 9(2), 219; https://doi.org/10.3390/electronics9020219 - 27 Jan 2020
Cited by 230 | Viewed by 11143
Abstract
The enormous popularity of the internet across all spheres of human life has introduced various risks of malicious attacks in the network. The activities performed over the network could be effortlessly proliferated, which has led to the emergence of intrusion detection systems. The [...] Read more.
The enormous popularity of the internet across all spheres of human life has introduced various risks of malicious attacks in the network. The activities performed over the network could be effortlessly proliferated, which has led to the emergence of intrusion detection systems. The patterns of the attacks are also dynamic, which necessitates efficient classification and prediction of cyber attacks. In this paper we propose a hybrid principal component analysis (PCA)-firefly based machine learning model to classify intrusion detection system (IDS) datasets. The dataset used in the study is collected from Kaggle. The model first performs One-Hot encoding for the transformation of the IDS datasets. The hybrid PCA-firefly algorithm is then used for dimensionality reduction. The XGBoost algorithm is implemented on the reduced dataset for classification. A comprehensive evaluation of the model is conducted with the state of the art machine learning approaches to justify the superiority of our proposed approach. The experimental results confirm the fact that the proposed model performs better than the existing machine learning models. Full article
Show Figures

Graphical abstract

18 pages, 1588 KiB  
Article
Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine
by Ansam Khraisat, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman and Ammar Alazab
Electronics 2020, 9(1), 173; https://doi.org/10.3390/electronics9010173 - 17 Jan 2020
Cited by 113 | Viewed by 10943
Abstract
Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high [...] Read more.
Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates. Full article
Show Figures

Figure 1

42 pages, 2190 KiB  
Article
Applications in Security and Evasions in Machine Learning: A Survey
by Ramani Sagar, Rutvij Jhaveri and Carlos Borrego
Electronics 2020, 9(1), 97; https://doi.org/10.3390/electronics9010097 - 03 Jan 2020
Cited by 50 | Viewed by 7392
Abstract
In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding [...] Read more.
In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding requirements of the current scenario of security and privacy across a range of areas such as real-time decision-making, big data processing, reduced cycle time for learning, cost-efficiency and error-free processing. Therefore, in this paper, we review the state of the art approaches where ML is applicable more effectively to fulfill current real-world requirements in security. We examine different security applications’ perspectives where ML models play an essential role and compare, with different possible dimensions, their accuracy results. By analyzing ML algorithms in security application it provides a blueprint for an interdisciplinary research area. Even with the use of current sophisticated technology and tools, attackers can evade the ML models by committing adversarial attacks. Therefore, requirements rise to assess the vulnerability in the ML models to cope up with the adversarial attacks at the time of development. Accordingly, as a supplement to this point, we also analyze the different types of adversarial attacks on the ML models. To give proper visualization of security properties, we have represented the threat model and defense strategies against adversarial attack methods. Moreover, we illustrate the adversarial attacks based on the attackers’ knowledge about the model and addressed the point of the model at which possible attacks may be committed. Finally, we also investigate different types of properties of the adversarial attacks. Full article
Show Figures

Figure 1

23 pages, 315 KiB  
Article
A Review of Automatic Phenotyping Approaches using Electronic Health Records
by Hadeel Alzoubi, Raid Alzubi, Naeem Ramzan, Daune West, Tawfik Al-Hadhrami and Mamoun Alazab
Electronics 2019, 8(11), 1235; https://doi.org/10.3390/electronics8111235 - 29 Oct 2019
Cited by 30 | Viewed by 5637
Abstract
Electronic Health Records (EHR) are a rich repository of valuable clinical information that exist in primary and secondary care databases. In order to utilize EHRs for medical observational research a range of algorithms for automatically identifying individuals with a specific phenotype have been [...] Read more.
Electronic Health Records (EHR) are a rich repository of valuable clinical information that exist in primary and secondary care databases. In order to utilize EHRs for medical observational research a range of algorithms for automatically identifying individuals with a specific phenotype have been developed. This review summarizes and offers a critical evaluation of the literature relating to studies conducted into the development of EHR phenotyping systems. This review describes phenotyping systems and techniques based on structured and unstructured EHR data. Articles published on PubMed and Google scholar between 2013 and 2017 have been reviewed, using search terms derived from Medical Subject Headings (MeSH). The popularity of using Natural Language Processing (NLP) techniques in extracting features from narrative text has increased. This increased attention is due to the availability of open source NLP algorithms, combined with accuracy improvement. In this review, Concept extraction is the most popular NLP technique since it has been used by more than 50% of the reviewed papers to extract features from EHR. High-throughput phenotyping systems using unsupervised machine learning techniques have gained more popularity due to their ability to efficiently and automatically extract a phenotype with minimal human effort. Full article
Show Figures

Figure 1

18 pages, 1792 KiB  
Article
A Novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks
by Ansam Khraisat, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman and Ammar Alazab
Electronics 2019, 8(11), 1210; https://doi.org/10.3390/electronics8111210 - 23 Oct 2019
Cited by 146 | Viewed by 8206
Abstract
The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible [...] Read more.
The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques. Full article
Show Figures

Figure 1

Review

Jump to: Research

24 pages, 480 KiB  
Review
A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT
by Junaid Arshad, Muhammad Ajmal Azad, Roohi Amad, Khaled Salah, Mamoun Alazab and Razi Iqbal
Electronics 2020, 9(4), 629; https://doi.org/10.3390/electronics9040629 - 10 Apr 2020
Cited by 46 | Viewed by 4004
Abstract
Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety [...] Read more.
Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and aid the research community to advance it by identifying significant research directions. Full article
Show Figures

Figure 1

Back to TopTop