skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Intrusion Representation and Classification using Learning Algorithm
At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.  more » « less
Award ID(s):
2101181
PAR ID:
10565316
Author(s) / Creator(s):
;
Publisher / Repository:
International Conference on Advanced Communications Technology(ICACT)
Date Published:
Subject(s) / Keyword(s):
cybersecurity, intrusion, discriminatory, fitness value, decomposition
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, Proceedings of SAI Intelligent Systems Conference)
    Modern vehicle is considered as a system vulnerable to attacks because it is connected to the outside world via a wireless interface. Although, connectivity provides more convenience and features to the passengers, however, it also becomes a pathway for the attackers targeting in-vehicle networks. Research in vehicle security is getting attention as in-vehicle attacks can impact human life safety as modern vehicle is connected to the outside world. Controller area network (CAN) is used as a legacy protocol for in-vehicle communication, However, CAN suffers from vulnerabilities due to lack of authentication, as the information about sender is missing in CAN message. In this paper, a new CAN intrusion detection system (IDS) is proposed, the CAN messages are converted to temporal graphs and CAN intrusion is detected using machine learning algorithms. Seven graph-based properties are extracted and used as features for detecting intrusions utilizing two machine learning algorithms which are support vector machine (SVM) & k-nearest neighbors (KNN). The performance of the IDS was evaluated over three CAN bus attacks are denial of service (DoS), fuzzy & spoofing attacks on real vehicular CAN bus dataset. The experimental results showed that using graph-based features, an accuracy of 97.92% & 97.99% was achieved using SVM & KNN algorithms respectively, which is better than using traditional machine learning CAN bus features. 
    more » « less
  2. ; ; ; (, 2020 IEEE Conference on Communications and Network Security (CNS))
    null (Ed.)
    The science DMZ is a specialized network model developed to guarantee secure and efficient transfer of data for large-scale distributed research. To enable a high level of performance, the Science DMZ includes dedicated data transfer nodes (DTNs). Protecting these DTNs is crucial to maintaining the overall security of the network and the data, and insider attacks are a major threat. Although some limited network intrusion detection systems (NIDS) are deployed to monitor DTNs, this alone is not sufficient to detect insider threats. Monitoring for abnormal system behavior, such as unusual sequences of system calls, is one way to detect insider threats. However, the relatively predictable behavior of the DTN suggests that we can also detect unusual activity through monitoring system performance, such as CPU and disk usage, along with network activity. In this paper, we introduce a potential insider attack scenario, and show how readily available system performance metrics can be employed to detect data tampering within DTNs, using DBSCAN clustering to actively monitor for unexpected behavior. 
    more » « less
  3. ; (, 15th International Conference for Internet Technology and Secured Transactions (ICITST))
    null (Ed.)
    Network intrusion detection systems (NIDSs) play an essential role in the defense of computer networks by identifying a computer networks' unauthorized access and investigating potential security breaches. Traditional NIDSs encounters difficulties to combat newly created sophisticated and unpredictable security attacks. Hence, there is an increasing need for automatic intrusion detection solution that can detect malicious activities more accurately and prevent high false alarm rates (FPR). In this paper, we propose a novel network intrusion detection framework using a deep neural network based on the pretrained VGG-16 architecture. The framework, TL-NID (Transfer Learning for Network Intrusion Detection), is a two-step process where features are extracted in the first step, using VGG-16 pre-trained on ImageNet dataset and in the 2 nd step a deep neural network is applied to the extracted features for classification. We applied TL-NID on NSL-KDD, a benchmark dataset for network intrusion, to evaluate the performance of the proposed framework. The experimental results show that our proposed method can effectively learn from the NSL-KDD dataset with producing a realistic performance in terms of accuracy, precision, recall, and false alarm. This study also aims to motivate security researchers to exploit different state-of-the-art pre-trained models for network intrusion detection problems through valuable knowledge transfer. 
    more » « less
  4. (, International journal of intellligent computing research)
    Ayahiko Niimi, Future University-Hakodate (Ed.)
    Traditional Network Intrusion Detection Systems (NIDS) encounter difficulties due to the exponential growth of network traffic data and modern attacks' requirements. This paper presents a novel network intrusion classification framework using transfer learning from the VGG-16 pre-trained model. The framework extracts feature leveraging pre-trained weights trained on the ImageNet dataset in the initial step, and finally, applies a deep neural network to the extracted features for intrusion classification. We applied the presented framework on NSL-KDD, a benchmark dataset for network intrusion, to evaluate the proposed framework's performance. We also implemented other pre-trained models such as VGG19, MobileNet, ResNet-50, and Inception V3 to evaluate and compare performance. This paper also displays both binary classification (normal vs. attack) and multi-class classification (classifying types of attacks) for network intrusion detection. The experimental results show that feature extraction using VGG-16 outperforms other pre-trained models producing better accuracy, precision, recall, and false alarm rates. 
    more » « less
  5. ; ; ; (, IEEE International Conference on Communications workshops)
    The Open Radio Access Network (O-RAN) architecture is reshaping telecommunications by promoting openness, flexibility, and intelligent closed-loop optimization. By decoupling hardware and software and enabling multi-vendor deployments, O-RAN reduces costs, enhances performance, and allows rapid adaptation to new technologies. A key innovation is intelligent network slicing, which partitions networks into isolated slices tailored for specific use cases or quality of service requirements. The RAN Intelligent Controller further optimizes resource allocation, ensuring efficient utilization and improved service quality for user equipment (UEs). However, the modular and dynamic nature of O-RAN expands the threat surface, necessitating advanced security measures to maintain network integrity, confidentiality, and availability. Intrusion detection systems have become essential for identifying and mitigating attacks. This research explores using large language models (LLMs) to generate security recommendations based on the temporal traffic patterns of connected UEs. The paper introduces an LLM-driven intrusion detection framework and demonstrates its efficacy through experimental deployments, comparing non-fine-tuned and fine-tuned models for task-specific accuracy. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email