Visible to the public Biblio

Filters: Keyword is Intrusion Detection Systems  [Clear All Filters]
2021-04-09
Yamato, K., Kourai, K., Saadawi, T..  2020.  Transparent IDS Offloading for Split-Memory Virtual Machines. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :833—838.
To enable virtual machines (VMs) with a large amount of memory to be flexibly migrated, split migration has been proposed. It divides a large-memory VM into small pieces and transfers them to multiple hosts. After the migration, the VM runs across those hosts and exchanges memory data between hosts using remote paging. For such a split-memory VM, however, it becomes difficult to securely run intrusion detection systems (IDS) outside the VM using a technique called IDS offloading. This paper proposes VMemTrans to support transparent IDS offloading for split-memory VMs. In VMemTrans, offloaded IDS can monitor a split-memory VM as if that memory were not distributed. To achieve this, VMemTrans enables IDS running in one host to transparently access VM's remote memory. To consider a trade-off, it provides two methods for obtaining memory data from remote hosts: self paging and proxy paging. We have implemented VMemTrans in KVM and compared the execution performance between the two methods.
Chytas, S. P., Maglaras, L., Derhab, A., Stamoulis, G..  2020.  Assessment of Machine Learning Techniques for Building an Efficient IDS. 2020 First International Conference of Smart Systems and Emerging Technologies (SMARTTECH). :165—170.
Intrusion Detection Systems (IDS) are the systems that detect and block any potential threats (e.g. DDoS attacks) in the network. In this project, we explore the performance of several machine learning techniques when used as parts of an IDS. We experiment with the CICIDS2017 dataset, one of the biggest and most complete IDS datasets in terms of having a realistic background traffic and incorporating a variety of cyber attacks. The techniques we present are applicable to any IDS dataset and can be used as a basis for deploying a real time IDS in complex environments.
2021-03-30
Gillen, R. E., Carter, J. M., Craig, C., Johnson, J. A., Scott, S. L..  2020.  Assessing Anomaly-Based Intrusion Detection Configurations for Industrial Control Systems. 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). :360—366.

To reduce cost and ease maintenance, industrial control systems (ICS) have adopted Ethernetbased interconnections that integrate operational technology (OT) systems with information technology (IT) networks. This integration has made these critical systems vulnerable to attack. Security solutions tailored to ICS environments are an active area of research. Anomalybased network intrusion detection systems are well-suited for these environments. Often these systems must be optimized for their specific environment. In prior work, we introduced a method for assessing the impact of various anomaly-based network IDS settings on security. This paper reviews the experimental outcomes when we applied our method to a full-scale ICS test bed using actual attacks. Our method provides new and valuable data to operators enabling more informed decisions about IDS configurations.

2021-03-29
Chauhan, R., Heydari, S. Shah.  2020.  Polymorphic Adversarial DDoS attack on IDS using GAN. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1–6.
Intrusion Detection systems are important tools in preventing malicious traffic from penetrating into networks and systems. Recently, Intrusion Detection Systems are rapidly enhancing their detection capabilities using machine learning algorithms. However, these algorithms are vulnerable to new unknown types of attacks that can evade machine learning IDS. In particular, they may be vulnerable to attacks based on Generative Adversarial Networks (GAN). GANs have been widely used in domains such as image processing, natural language processing to generate adversarial data of different types such as graphics, videos, texts, etc. We propose a model using GAN to generate adversarial DDoS attacks that can change the attack profile and can be undetected. Our simulation results indicate that by continuous changing of attack profile, defensive systems that use incremental learning will still be vulnerable to new attacks.
2021-03-04
Hashemi, M. J., Keller, E..  2020.  Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems. 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). :37—43.

The increase of cyber attacks in both the numbers and varieties in recent years demands to build a more sophisticated network intrusion detection system (NIDS). These NIDS perform better when they can monitor all the traffic traversing through the network like when being deployed on a Software-Defined Network (SDN). Because of the inability to detect zero-day attacks, signature-based NIDS which were traditionally used for detecting malicious traffic are beginning to get replaced by anomaly-based NIDS built on neural networks. However, recently it has been shown that such NIDS have their own drawback namely being vulnerable to the adversarial example attack. Moreover, they were mostly evaluated on the old datasets which don't represent the variety of attacks network systems might face these days. In this paper, we present Reconstruction from Partial Observation (RePO) as a new mechanism to build an NIDS with the help of denoising autoencoders capable of detecting different types of network attacks in a low false alert setting with an enhanced robustness against adversarial example attack. Our evaluation conducted on a dataset with a variety of network attacks shows denoising autoencoders can improve detection of malicious traffic by up to 29% in a normal setting and by up to 45% in an adversarial setting compared to other recently proposed anomaly detectors.

Gorbenko, A., Popov, V..  2020.  Abnormal Behavioral Pattern Detection in Closed-Loop Robotic Systems for Zero-Day Deceptive Threats. 2020 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1—6.

In recent years, attacks against cyber-physical systems have become increasingly frequent and widespread. The inventiveness of such attacks increases significantly. In particular, zero-day attacks are widely used. The rapid development of the industrial Internet of things, the expansion of the application areas of service robots, the advent of the Internet of vehicles and the Internet of military things have led to a significant increase of attention to deceptive attacks. Especially great threat is posed by deceptive attacks that do not use hiding malicious components. Such attacks can naturally be used against robotic systems. In this paper, we consider an approach to the development of an intrusion detection system for closed-loop robotic systems. The system is based on an abnormal behavioral pattern detection technique. The system can be used for detection of zero-day deceptive attacks. We provide an experimental comparison of our approach and other behavior-based intrusion detection systems.

2021-02-03
Devi, B. T., Shitharth, S., Jabbar, M. A..  2020.  An Appraisal over Intrusion Detection Systems in Cloud Computing Security Attacks. 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA). :722—727.

Cloud computing provides so many groundbreaking advantages over native computing servers like to improve capacity and decrease costs, but meanwhile, it carries many security issues also. In this paper, we find the feasible security attacks made about cloud computing, including Wrapping, Browser Malware-Injection and Flooding attacks, and also problems caused by accountability checking. We have also analyzed the honey pot attack and its procedural intrusion way into the system. This paper on overall deals with the most common security breaches in cloud computing and finally honey pot, in particular, to analyze its intrusion way. Our major scope is to do overall security, analyze in the cloud and then to take up with a particular attack to deal with granular level. Honey pot is the one such attack that is taken into account and its intrusion policies are analyzed. The specific honey pot algorithm is in the queue as the extension of this project in the future.

2021-01-22
Burr, B., Wang, S., Salmon, G., Soliman, H..  2020.  On the Detection of Persistent Attacks using Alert Graphs and Event Feature Embeddings. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—4.
Intrusion Detection Systems (IDS) generate a high volume of alerts that security analysts do not have the resources to explore fully. Modelling attacks, especially the coordinated campaigns of Advanced Persistent Threats (APTs), in a visually-interpretable way is a useful approach for network security. Graph models combine multiple alerts and are well suited for visualization and interpretation, increasing security effectiveness. In this paper, we use feature embeddings, learned from network event logs, and community detection to construct and segment alert graphs of related alerts and networks hosts. We posit that such graphs can aid security analysts in investigating alerts and may capture multiple aspects of an APT attack. The eventual goal of this approach is to construct interpretable attack graphs and extract causality information to identify coordinated attacks.
2020-11-09
Bouzar-Benlabiod, L., Méziani, L., Rubin, S. H., Belaidi, K., Haddar, N. E..  2019.  Variational Encoder-Decoder Recurrent Neural Network (VED-RNN) for Anomaly Prediction in a Host Environment. 2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI). :75–82.
Intrusion detection systems (IDS) are important security tools. NIDS monitors network's traffic and HIDS filters local one. HIDS are often based on anomaly detection. Several studies deal with anomaly detection using system-call traces. In this paper, we propose an anomaly detection and prediction approach. System-call traces, invoked by the running programs, are analyzed in real time. For prediction, we use a Sequence to sequence model based on variational encoder-decoder (VED) and variants of Recurrent Neural Networks (RNN), these architectures showed their performance on natural language processing. To make the analogy, we exploit the semantics behind the invoking order of system-calls that are then seen as sentences. A preprocessing phase is added to optimize the prediction model input data representation. A one-class classification is done to categorize the sequences into normal or abnormal. Tests are achieved on the ADFA-LD dataset and showed the advantage of the prediction for the intrusion detection/prediction task.
2020-08-03
Chowdhary, Ankur, Sengupta, Sailik, Alshamrani, Adel, Huang, Dijiang, Sabur, Abdulhakim.  2019.  Adaptive MTD Security using Markov Game Modeling. 2019 International Conference on Computing, Networking and Communications (ICNC). :577–581.
Large scale cloud networks consist of distributed networking and computing elements that process critical information and thus security is a key requirement for any environment. Unfortunately, assessing the security state of such networks is a challenging task and the tools used in the past by security experts such as packet filtering, firewall, Intrusion Detection Systems (IDS) etc., provide a reactive security mechanism. In this paper, we introduce a Moving Target Defense (MTD) based proactive security framework for monitoring attacks which lets us identify and reason about multi-stage attacks that target software vulnerabilities present in a cloud network. We formulate the multi-stage attack scenario as a two-player zero-sum Markov Game (between the attacker and the network administrator) on attack graphs. The rewards and transition probabilities are obtained by leveraging the expert knowledge present in the Common Vulnerability Scoring System (CVSS). Our framework identifies an attacker's optimal policy and places countermeasures to ensure that this attack policy is always detected, thus forcing the attacker to use a sub-optimal policy with higher cost.
2020-07-20
Rumez, Marcel, Dürrwang, Jürgen, Brecht, Tim, Steinshorn, Timo, Neugebauer, Peter, Kriesten, Reiner, Sax, Eric.  2019.  CAN Radar: Sensing Physical Devices in CAN Networks based on Time Domain Reflectometry. 2019 IEEE Vehicular Networking Conference (VNC). :1–8.
The presence of security vulnerabilities in automotive networks has already been shown by various publications in recent years. Due to the specification of the Controller Area Network (CAN) as a broadcast medium without security mechanisms, attackers are able to read transmitted messages without being noticed and to inject malicious messages. In order to detect potential attackers within a network or software system as early as possible, Intrusion Detection Systems (IDSs) are prevalent. Many approaches for vehicles are based on techniques which are able to detect deviations from specified CAN network behaviour regarding protocol or payload properties. However, it is challenging to detect attackers who secretly connect to CAN networks and do not actively participate in bus traffic. In this paper, we present an approach that is capable of successfully detecting unknown CAN devices and determining the distance (cable length) between the attacker device and our sensing unit based on Time Domain Reflectometry (TDR) technique. We evaluated our approach on a real vehicle network.
2020-03-30
Heigl, Michael, Schramm, Martin, Fiala, Dalibor.  2019.  A Lightweight Quantum-Safe Security Concept for Wireless Sensor Network Communication. 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :906–911.

The ubiquitous internetworking of devices in all areas of life is boosted by various trends for instance the Internet of Things. Promising technologies that can be used for such future environments come from Wireless Sensor Networks. It ensures connectivity between distributed, tiny and simple sensor nodes as well as sensor nodes and base stations in order to monitor physical or environmental conditions such as vibrations, temperature or motion. Security plays an increasingly important role in the coming decades in which attacking strategies are becoming more and more sophisticated. Contemporary cryptographic mechanisms face a great threat from quantum computers in the near future and together with Intrusion Detection Systems are hardly applicable on sensors due to strict resource constraints. Thus, in this work a future-proof lightweight and resource-aware security concept for sensor networks with a processing stage permeated filtering mechanism is proposed. A special focus in the concepts evaluation lies on the novel Magic Number filter to mitigate a special kind of Denial-of-Service attack performed on CC1350 LaunchPad ARM Cortex-M3 microcontroller boards.

2020-03-16
Ren, Wenyu, Yu, Tuo, Yardley, Timothy, Nahrstedt, Klara.  2019.  CAPTAR: Causal-Polytree-based Anomaly Reasoning for SCADA Networks. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1–7.
The Supervisory Control and Data Acquisition (SCADA) system is the most commonly used industrial control system but is subject to a wide range of serious threats. Intrusion detection systems are deployed to promote the security of SCADA systems, but they continuously generate tremendous number of alerts without further comprehending them. There is a need for an efficient system to correlate alerts and discover attack strategies to provide explainable situational awareness to SCADA operators. In this paper, we present a causal-polytree-based anomaly reasoning framework for SCADA networks, named CAPTAR. CAPTAR takes the meta-alerts from our previous anomaly detection framework EDMAND, correlates the them using a naive Bayes classifier, and matches them to predefined causal polytrees. Utilizing Bayesian inference on the causal polytrees, CAPTAR can produces a high-level view of the security state of the protected SCADA network. Experiments on a prototype of CAPTAR proves its anomaly reasoning ability and its capabilities of satisfying the real-time reasoning requirement.
2020-03-12
Vieira, Leandro, Santos, Leonel, Gon\c calves, Ramiro, Rabadão, Carlos.  2019.  Identifying Attack Signatures for the Internet of Things: An IP Flow Based Approach. 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). :1–7.

At the time of more and more devices being connected to the internet, personal and sensitive information is going around the network more than ever. Thus, security and privacy regarding IoT communications, devices, and data are a concern due to the diversity of the devices and protocols used. Since traditional security mechanisms cannot always be adequate due to the heterogeneity and resource limitations of IoT devices, we conclude that there are still several improvements to be made to the 2nd line of defense mechanisms like Intrusion Detection Systems. Using a collection of IP flows, we can monitor the network and identify properties of the data that goes in and out. Since network flows collection have a smaller footprint than packet capturing, it makes it a better choice towards the Internet of Things networks. This paper aims to study IP flow properties of certain network attacks, with the goal of identifying an attack signature only by observing those properties.

2020-01-21
Fujdiak, Radek, Blazek, Petr, Mlynek, Petr, Misurec, Jiri.  2019.  Developing Battery of Vulnerability Tests for Industrial Control Systems. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–5.

Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.

Kolokotronis, Nicholas, Brotsis, Sotirios, Germanos, Georgios, Vassilakis, Costas, Shiaeles, Stavros.  2019.  On Blockchain Architectures for Trust-Based Collaborative Intrusion Detection. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:21–28.
This paper considers the use of novel technologies for mitigating attacks that aim at compromising intrusion detection systems (IDSs). Solutions based on collaborative intrusion detection networks (CIDNs) could increase the resilience against such attacks as they allow IDS nodes to gain knowledge from each other by sharing information. However, despite the vast research in this area, trust management issues still pose significant challenges and recent works investigate whether these could be addressed by relying on blockchain and related distributed ledger technologies. Towards that direction, the paper proposes the use of a trust-based blockchain in CIDNs, referred to as trust-chain, to protect the integrity of the information shared among the CIDN peers, enhance their accountability, and secure their collaboration by thwarting insider attacks. A consensus protocol is proposed for CIDNs, which is a combination of a proof-of-stake and proof-of-work protocols, to enable collaborative IDS nodes to maintain a reliable and tampered-resistant trust-chain.
Zhan, Xin, Yuan, Huabing, Wang, Xiaodong.  2019.  Research on Block Chain Network Intrusion Detection System. 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA). :191–196.

With the development of computer technology and the popularization of network, network brings great convenience to colleagues and risks to people from all walks of life all over the world. The data in the network world is growing explosively. Various kinds of intrusions are emerging in an endless stream. The means of network intrusion are becoming more and more complex. The intrusions occur at any time and the security threats become more and more serious. Defense alone cannot meet the needs of system security. It is also necessary to monitor the behavior of users in the network at any time and detect new intrusions that may occur at any time. This will not only make people's normal network needs cannot be guaranteed, but also face great network risks. So that people not only rely on defensive means to protect network security, this paper explores block chain network intrusion detection system. Firstly, the characteristics of block chain are briefly introduced, and the challenges of block chain network intrusion security and privacy are proposed. Secondly, the intrusion detection system of WLAN is designed experimentally. Finally, the conclusion analysis of block chain network intrusion detection system is discussed.

Aljamal, Ibraheem, Tekeo\u glu, Ali, Bekiroglu, Korkut, Sengupta, Saumendra.  2019.  Hybrid Intrusion Detection System Using Machine Learning Techniques in Cloud Computing Environments. 2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA). :84–89.

Intrusion detection is one essential tool towards building secure and trustworthy Cloud computing environment, given the ubiquitous presence of cyber attacks that proliferate rapidly and morph dynamically. In our current working paradigm of resource, platform and service consolidations, Cloud Computing provides a significant improvement in the cost metrics via dynamic provisioning of IT services. Since almost all cloud computing networks lean on providing their services through Internet, they are prone to experience variety of security issues. Therefore, in cloud environments, it is necessary to deploy an Intrusion Detection System (IDS) to detect new and unknown attacks in addition to signature based known attacks, with high accuracy. In our deliberation we assume that a system or a network ``anomalous'' event is synonymous to an ``intrusion'' event when there is a significant departure in one or more underlying system or network activities. There are couple of recently proposed ideas that aim to develop a hybrid detection mechanism, combining advantages of signature-based detection schemes with the ability to detect unknown attacks based on anomalies. In this work, we propose a network based anomaly detection system at the Cloud Hypervisor level that utilizes a hybrid algorithm: a combination of K-means clustering algorithm and SVM classification algorithm, to improve the accuracy of the anomaly detection system. Dataset from UNSW-NB15 study is used to evaluate the proposed approach and results are compared with previous studies. The accuracy for our proposed K-means clustering model is slightly higher than others. However, the accuracy we obtained from the SVM model is still low for supervised techniques.

2020-01-20
Yihunie, Fekadu, Abdelfattah, Eman, Regmi, Amish.  2019.  Applying Machine Learning to Anomaly-Based Intrusion Detection Systems. 2019 IEEE Long Island Systems, Applications and Technology Conference (LISAT). :1–5.

The enormous growth of Internet-based traffic exposes corporate networks with a wide variety of vulnerabilities. Intrusive traffics are affecting the normal functionality of network's operation by consuming corporate resources and time. Efficient ways of identifying, protecting, and mitigating from intrusive incidents enhance productivity. As Intrusion Detection System (IDS) is hosted in the network and at the user machine level to oversee the malicious traffic in the network and at the individual computer, it is one of the critical components of a network and host security. Unsupervised anomaly traffic detection techniques are improving over time. This research aims to find an efficient classifier that detects anomaly traffic from NSL-KDD dataset with high accuracy level and minimal error rate by experimenting with five machine learning techniques. Five binary classifiers: Stochastic Gradient Decent, Random Forests, Logistic Regression, Support Vector Machine, and Sequential Model are tested and validated to produce the result. The outcome demonstrates that Random Forest Classifier outperforms the other four classifiers with and without applying the normalization process to the dataset.

Osken, Sinem, Yildirim, Ecem Nur, Karatas, Gozde, Cuhaci, Levent.  2019.  Intrusion Detection Systems with Deep Learning: A Systematic Mapping Study. 2019 Scientific Meeting on Electrical-Electronics Biomedical Engineering and Computer Science (EBBT). :1–4.

In this study, a systematic mapping study was conducted to systematically evaluate publications on Intrusion Detection Systems with Deep Learning. 6088 papers have been examined by using systematic mapping method to evaluate the publications related to this paper, which have been used increasingly in the Intrusion Detection Systems. The goal of our study is to determine which deep learning algorithms were used mostly in the algortihms, which criteria were taken into account for selecting the preferred deep learning algorithm, and the most searched topics of intrusion detection with deep learning algorithm model. Scientific studies published in the last 10 years have been studied in the IEEE Explorer, ACM Digital Library, Science Direct, Scopus and Wiley databases.

Li, Peisong, Zhang, Ying.  2019.  A Novel Intrusion Detection Method for Internet of Things. 2019 Chinese Control And Decision Conference (CCDC). :4761–4765.

Internet of Things (IoT) era has gradually entered our life, with the rapid development of communication and embedded system, IoT technology has been widely used in many fields. Therefore, to maintain the security of the IoT system is becoming a priority of the successful deployment of IoT networks. This paper presents an intrusion detection model based on improved Deep Belief Network (DBN). Through multiple iterations of the genetic algorithm (GA), the optimal network structure is generated adaptively, so that the intrusion detection model based on DBN achieves a high detection rate. Finally, the KDDCUP data set was used to simulate and evaluate the model. Experimental results show that the improved intrusion detection model can effectively improve the detection rate of intrusion attacks.

Laaboudi, Younes, Olivereau, Alexis, Oualha, Nouha.  2019.  An Intrusion Detection and Response Scheme for CP-ABE-Encrypted IoT Networks. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–5.

This paper introduces a new method of applying both an Intrusion Detection System (IDS) and an Intrusion Response System (IRS) to communications protected using Ciphertext-Policy Attribute-based Encryption (CP-ABE) in the context of the Internet of Things. This method leverages features specific to CP-ABE in order to improve the detection capabilities of the IDS and the response ability of the network. It also enables improved privacy towards the users through group encryption rather than one-to-one shared key encryption as the policies used in the CP-ABE can easily include the IDS as an authorized reader. More importantly, it enables different levels of detection and response to intrusions, which can be crucial when using anomaly-based detection engines.

Ishaque, Mohammed, Hudec, Ladislav.  2019.  Feature extraction using Deep Learning for Intrusion Detection System. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–5.

Deep Learning is an area of Machine Learning research, which can be used to manipulate large amount of information in an intelligent way by using the functionality of computational intelligence. A deep learning system is a fully trainable system beginning from raw input to the final output of recognized objects. Feature selection is an important aspect of deep learning which can be applied for dimensionality reduction or attribute reduction and making the information more explicit and usable. Deep learning can build various learning models which can abstract unknown information by selecting a subset of relevant features. This property of deep learning makes it useful in analysis of highly complex information one which is present in intrusive data or information flowing with in a web system or a network which needs to be analyzed to detect anomalies. Our approach combines the intelligent ability of Deep Learning to build a smart Intrusion detection system.

Bharathy, A M Viswa, Umapathi, N, Prabaharan, S.  2019.  An Elaborate Comprehensive Survey on Recent Developments in Behaviour Based Intrusion Detection Systems. 2019 International Conference on Computational Intelligence in Data Science (ICCIDS). :1–5.

Intrusion detection system is described as a data monitoring, network activity study and data on possible vulnerabilities and attacks in advance. One of the main limitations of the present intrusion detection technology is the need to take out fake alarms so that the user can confound with the data. This paper deals with the different types of IDS their behaviour, response time and other important factors. This paper also demonstrates and brings out the advantages and disadvantages of six latest intrusion detection techniques and gives a clear picture of the recent advancements available in the field of IDS based on the factors detection rate, accuracy, average running time and false alarm rate.

Halimaa A., Anish, Sundarakantham, K..  2019.  Machine Learning Based Intrusion Detection System. 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI). :916–920.

In order to examine malicious activity that occurs in a network or a system, intrusion detection system is used. Intrusion Detection is software or a device that scans a system or a network for a distrustful activity. Due to the growing connectivity between computers, intrusion detection becomes vital to perform network security. Various machine learning techniques and statistical methodologies have been used to build different types of Intrusion Detection Systems to protect the networks. Performance of an Intrusion Detection is mainly depends on accuracy. Accuracy for Intrusion detection must be enhanced to reduce false alarms and to increase the detection rate. In order to improve the performance, different techniques have been used in recent works. Analyzing huge network traffic data is the main work of intrusion detection system. A well-organized classification methodology is required to overcome this issue. This issue is taken in proposed approach. Machine learning techniques like Support Vector Machine (SVM) and Naïve Bayes are applied. These techniques are well-known to solve the classification problems. For evaluation of intrusion detection system, NSL- KDD knowledge discovery Dataset is taken. The outcomes show that SVM works better than Naïve Bayes. To perform comparative analysis, effective classification methods like Support Vector Machine and Naive Bayes are taken, their accuracy and misclassification rate get calculated.