With the increased amount of network threats and intrusions, finding an efficient and reliable defence measure has a great focus as a research field. Intrusion detection systems (IDSs) have been widely deployed as effective defence measure for existing networks. IDSs detect anomalies based on features extracted from network traffic. Network traffic has many features to measure. The problem is t...

False positives (FPs) and false negatives (FNs) happen in every Intrusion Detection System (IDS). How often they occur is regarded as a measurement of the accuracy of the system. Frequent occurrences of FPs not only reduce the throughput of an IDS as FPs block the normal traffic and also degrade its trustworthiness. It is also difficult to eradicate all FNs from an IDS. One way to overcome the ...

in this paper, we propose an approach for automatic generation of novel intrusion signatures. this approach can be used in the signature-based network intrusion detection systems (nidss) and for the automation of the process of intrusion detection in these systems. in the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...

Due to a growing number of the computer networks in recent years, there has been an increasing interest in the intrusion detection systems (IDSs). In this paper we have proposed a method applied to the instance selection from KDD CUP 99 dataset which is used for evaluating the anomaly detection techniques. In order to determine the performance of proposed method in the dataset reduction, a feed...

In recent years, there have been numerous cyber security issues that caused considerable damage to the society. The development of efficient and reliable Intrusion Detection Systems (IDSs) is an effective countermeasure against growing threats. modern high-bandwidth, large-scale network environments, traditional IDSs suffer from a high rate missed false alarms. Researchers introduced machine le...

Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...

Optimizing the detection of intrusions is becoming more crucial due to continuously rising rates and ferocity cyber threats attacks. One popular methods optimize accuracy intrusion systems (IDSs) by employing machine learning (ML) techniques. However, there are many factors that affect ML-based IDSs. these noise, which can be in form mislabelled instances, outliers, or extreme values. Determini...

CUI, YUN. A Toolkit for Intrusion Alerts Correlation Based on Prerequisites and Consequences of Attacks. (Under the direction of Dr. Peng Ning.) Intrusion Detection has been studied for about twenty years. Intrusion Detection Systems (IDSs) are usually considered the second line of defense to protect against malicious activities along with the prevention-based security mechanisms such as authen...

We propose an anomaly-based network intrusion detection system, which analyzes traffic features to detect anomalies. The proposed system can be used both in online as well as off-line mode for detecting deviations from the expected behavior. Although our approach uses network packet or flow data, it is general enough to be adaptable for use with any other network variable, which may be used as ...

Internet Protocol version 6 (IPv6) and its core protocol, Control Message (ICMPv6), need to be secured from attacks, such as Denial of Service (DoS) Distributed DoS (DDoS), in order reliable for deployment. Several Intrusion Detection Systems (IDSs) have been built proposed detect ICMPv6-based DDoS attacks. However, these IDSs suffer several drawbacks, the inability novel attacks a low detectio...