{"title":"Cascaded intrusion detection system using machine learning","authors":"Md. Khabir Uddin Ahamed , Abdul Karim","doi":"10.1016/j.sasc.2024.200182","DOIUrl":null,"url":null,"abstract":"<div><div>Cybercrime is becoming an increasing concern these days. In response to the growing cyberthreat, various intrusion detection systems have been developed and proposed to detect anomalies. However, most detection systems suffer from some common issues, such as a high number of false positives that cause regular behaviors to be detected as intrusions, as well as the system’s excessive complexity. Many single classifier models have accuracy issues since they are unable to detect certain anomalies caused by the attack’s polymorphic and zero-day behavior. The signature-based intrusion detection system (SIDS) is unable to identify zero-day intrusions. On the other side, the anomaly-based intrusion detection system (AIDS) generates a significant number of false-positive alarms. In this research, a cascaded intrusion detection system (CIDS) is proposed by combining the one-class support vector machine (OC-SVM)-based AIDS and the decision tree-based SIDS. OC-SVM is used in conjunction with the newly built Distance-Based Intrusion Classification System (DICS). SIDS that use decision trees can discover and classify anomalies. Because OC-SVM is a binary classifier, the intrusion type is determined by DICS. The suggested method aims to detect both popular and well-known zero-day attacks, as well as their type. The CIDS is evaluated using publicly available benchmark datasets, such as the Knowledge Discovery in Databases (KDD) Cup 1999 and the NSL-KDD dataset. The results of the proposed study show that CIDS outperformed both traditional SIDS and AIDS in terms of performance. Both anomalies and their types are detected with high accuracy.</div></div>","PeriodicalId":101205,"journal":{"name":"Systems and Soft Computing","volume":"7 ","pages":"Article 200182"},"PeriodicalIF":0.0000,"publicationDate":"2025-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Systems and Soft Computing","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S277294192400111X","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cybercrime is becoming an increasing concern these days. In response to the growing cyberthreat, various intrusion detection systems have been developed and proposed to detect anomalies. However, most detection systems suffer from some common issues, such as a high number of false positives that cause regular behaviors to be detected as intrusions, as well as the system’s excessive complexity. Many single classifier models have accuracy issues since they are unable to detect certain anomalies caused by the attack’s polymorphic and zero-day behavior. The signature-based intrusion detection system (SIDS) is unable to identify zero-day intrusions. On the other side, the anomaly-based intrusion detection system (AIDS) generates a significant number of false-positive alarms. In this research, a cascaded intrusion detection system (CIDS) is proposed by combining the one-class support vector machine (OC-SVM)-based AIDS and the decision tree-based SIDS. OC-SVM is used in conjunction with the newly built Distance-Based Intrusion Classification System (DICS). SIDS that use decision trees can discover and classify anomalies. Because OC-SVM is a binary classifier, the intrusion type is determined by DICS. The suggested method aims to detect both popular and well-known zero-day attacks, as well as their type. The CIDS is evaluated using publicly available benchmark datasets, such as the Knowledge Discovery in Databases (KDD) Cup 1999 and the NSL-KDD dataset. The results of the proposed study show that CIDS outperformed both traditional SIDS and AIDS in terms of performance. Both anomalies and their types are detected with high accuracy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
