Intrusion Detection System Techniques : A Review Sulaiman, Noor Suhana; Nasir, Akhyari; Othman, Wan Roslina Wan ...
Journal of physics. Conference series,
05/2021, Volume:
1874, Issue:
1
Journal Article
Peer reviewed
Open access
Abstract
Nowadays, Internet attacks are increasing rapidly. As a result, information security is a serious global concern among Information Technology users. Intrusion Detection System (IDS) is ...capable to detect unauthorized intrusions into computer systems and networks by looking for signatures of known attacks or deviations of normal activity. IDS is such as a detective control, the main function is to warn the user of any suspicious activity taking place. Active IDS research are still ongoing with remarkable techniques to detect attacks with significance accurate result. This paper deliver a brief overview on types of IDS and a types of techniques employed to detect intrusion.
Although the Internet of Things (IoT) can increase efficiency and productivity through intelligent and remote management, it also increases the risk of cyber-attacks. The potential threats to IoT ...applications and the need to reduce risk have recently become an interesting research topic. It is crucial that effective Intrusion Detection Systems (IDSs) tailored to IoT applications be developed. Such IDSs require an updated and representative IoT dataset for training and evaluation. However, there is a lack of benchmark IoT and IIoT datasets for assessing IDSs-enabled IoT systems. This paper addresses this issue and proposes a new data-driven IoT/IIoT dataset with the ground truth that incorporates a label feature indicating normal and attack classes, as well as a type feature indicating the sub-classes of attacks targeting IoT/IIoT applications for multi-classification problems. The proposed dataset, which is named TON_IoT, includes Telemetry data of IoT/IIoT services, as well as Operating Systems logs and Network traffic of IoT network, collected from a realistic representation of a medium-scale network at the Cyber Range and IoT Labs at the UNSW Canberra (Australia). This paper also describes the proposed dataset of the Telemetry data of IoT/IIoT services and their characteristics. TON_IoT has various advantages that are currently lacking in the state-of-the-art datasets: i) it has various normal and attack events for different IoT/IIoT services, and ii) it includes heterogeneous data sources. We evaluated the performance of several popular Machine Learning (ML) methods and a Deep Learning model in both binary and multi-class classification problems for intrusion detection purposes using the proposed Telemetry dataset.
The Internet-of-Things (IoT) is rapidly becoming ubiquitous. However the heterogeneous nature of devices and protocols in use, the sensitivity of the data contained within, as well as the legal and ...privacy issues, make security for the IoT a growing research priority and industry concern. With many security practices being unsuitable due to their resource intensive nature, it is deemed important to include second line defences into IoT networks. These systems will also need to be assessed for their efficacy in a variety of different network types and protocols. To shed light on these issues, this paper is concerned with advancements in intrusion detection practices in IoT. It provides a comprehensive review of current intrusion detection systems (IDSs) for IoT technologies, focusing on architecture types. A proposal for future directions in IoT based IDS are then presented and evaluated. We show how traditional practices are unsuitable due to their inherent features providing poor coverage of the IoT domain. In order to develop a secure, robust and optimized solution for these networks, the current research for intrusion detection in IoT will need to move in a different direction. An example of which is proposed in order to illustrate how malicious nodes might be passively detected.
Adversarial examples are inputs to a machine learning system intentionally crafted by an attacker to fool the model into producing an incorrect output. These examples have achieved a great deal of ...success in several domains such as image recognition, speech recognition and spam detection. In this paper, we study the nature of the adversarial problem in Network Intrusion Detection Systems (NIDS). We focus on the attack perspective, which includes techniques to generate adversarial examples capable of evading a variety of machine learning models. More specifically, we explore the use of evolutionary computation (particle swarm optimization and genetic algorithm) and deep learning (generative adversarial networks) as tools for adversarial example generation. To assess the performance of these algorithms in evading a NIDS, we apply them to two publicly available data sets, namely the NSL-KDD and UNSW-NB15, and we contrast them to a baseline perturbation method: Monte Carlo simulation. The results show that our adversarial example generation techniques cause high misclassification rates in eleven different machine learning models, along with a voting classifier. Our work highlights the vulnerability of machine learning based NIDS in the face of adversarial perturbation.
•Machine learning algorithms are not robust in unconstrained domains.•Evolutionary algorithms are able to generate successful adversarial examples.•Generative Adversarial Networks provide a rich source of fooling examples.•Network intrusion detection systems are vulnerable to maliciously crafted packets.
The Internet of Things (IoT) envisions a smart environment powered by connectivity and heterogeneity where ensuring reliable services and communications across multiple industries, from financial ...fields to healthcare and fault detection systems, is a top priority. In such fields, data is being collected and broadcast at high speed on a continuous and real-time scale, including IoT in the streaming processing paradigm. Intrusion Detection Systems (IDS) rely on manually defined security policies and signatures that fail to design a real-time solution or prevent zero-day attacks. Therefore, anomaly detection appears as a prominent solution capable of recognizing patterns, learning from experience, and detecting abnormal behavior. However, most approaches do not fit the urged requirements, often evaluated on deprecated datasets not representative of the working environment. As a result, our contributions address an overview of cybersecurity threats in IoT, important recommendations for a real-time IDS, and a real-time dataset setting to evaluate a security system covering multiple cyber threats. The dataset used to evaluate current host-based IDS approaches is publicly available and can be used as a benchmark by the community.
•An overview of the most important concepts that define the environment, from its challenges, the main requirements and data processing paradigm to the IDS taxonomy and a categorization of the prominent cyber threats according to the IoT layer, class vector, or compromised security principle to help identify points of failure and facilitate a risk assessment for a particular infrastructure.•A set of guidelines and considerations honoring fundamental directives for a real-time IDS in IoT that, according to the review of current proposals, efficient solutions do not meet.•An evaluation setup configuration designed to test real-time and streaming systems using reported vulnerabilities as anomalous traffic and a publicly available dataset containing cyber IoT attacks ready to be exploited on multiple platforms.•Additionally, an open-source HIDS evaluation, using our proposed setting and attesting performance and detection methodology as a flexible and robust approach to different threat vectors and zero-day.
Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion ...detection and describes the underlying packet- and flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.
The massive growth of data that are transmitted through a variety of devices and communication protocols have raised serious security concerns, which have increased the importance of developing ...advanced intrusion detection systems (IDSs). Deep learning is an advanced branch of machine learning, composed of multiple layers of neurons that represent the learning process. Deep learning can cope with large-scale data and has shown success in different fields. Therefore, researchers have paid more attention to investigating deep learning for intrusion detection. This survey comprehensively reviews and compares the key previous deep learning-focused cybersecurity surveys. Through an extensive review, this survey provides a novel fine-grained taxonomy that categorizes the current state-of-the-art deep learning-based IDSs with respect to different facets, including input data, detection, deployment, and evaluation strategies. Each facet is further classified according to different criteria. This survey also compares and discusses the related experimental solutions proposed as deep learning-based IDSs.
By analysing the experimental studies, this survey discusses the role of deep learning in intrusion detection, the impact of intrusion detection datasets, and the efficiency and effectiveness of the proposed approaches. The findings demonstrate that further effort is required to improve the current state-of-the art. Finally, open research challenges are identified, and future research directions for deep learning-based IDSs are recommended.
Abstract Recently, intrusion detection system (IDS) has become an essential remedy to protect networks from malicious activities and attacks. The attacks force the network activities under risk and ...cause network data as an unrecoverable one. The attacks have different features in nature and their detection rate is low. An efficient attack detection system requires a huge volume of network transactions and relevant features for training. But the existing datasets have significant and nonsignificant features together. Hence, the significant feature selection plays a major role to detect the attacks. For this reason, this paper adopts the XGBoost approach to identify the relevant (significant) features of the attacks in the dataset. After this XGBoost, this article applies the bidirectional long short term model (Bi‐LSTM) for the detection and classification of the attacks. This Bi‐LSTM model is a novel approach to the IDS and very effective to increase the detection rate. Thus, this article focuses on feature reduction and classification of the attacks. The experimental results show that the proposed XGBoost and Bi‐LSTM combination outperforms in detecting attacks.
Security of information passing through the Internet is threatened by today’s most advanced malware ranging from orchestrated botnets to simpler polymorphic worms. These threats, as examples of ...zero-day attacks, are able to change their behavior several times in the early phases of their existence to bypass the network intrusion detection systems (NIDS). In fact, even well-designed, and frequently-updated signature-based NIDS cannot detect the zero-day treats due to the lack of an adequate signature database, adaptive to intelligent attacks on the Internet. More importantly, having an NIDS, it should be tested on malicious traffic dataset that not only represents known attacks, but also can to some extent reflect the characteristics of unknown, zero-day attacks. Generating such traffic is identified in the literature as one of the main obstacles for evaluating the effectiveness of NIDS. To address these issues, we introduce RNNIDS that applies Recurrent Neural Networks (RNNs) to find complex patterns in attacks and generate similar ones. In this regard, for the first time, we demonstrate that RNNs are helpful to generate new, unseen mutants of attacks as well as synthetic signatures from the most advanced malware to improve the intrusion detection rate. Besides, to further enhance the design of an NIDS, RNNs can be employed to generate malicious datasets containing, e.g., unseen mutants of a malware. To evaluate the feasibility of our approaches, we conduct extensive experiments by incorporating publicly available datasets, where we show a considerable improvement in the detection rate of an off-the-shelf NIDS (up to 16.67%).