دانلود مقاله یک سیستم تشخیص نفوذ دو فازی جدید با یادگیری ماشین ساده بیز
خلاصه
1. معرفی
2. کارهای مرتبط
3. کار پیشنهادی
4. راه اندازی آزمایشی و نتایج
5. نتیجه گیری
اعلامیه منافع رقابتی
در دسترس بودن داده ها
منابع
Abstract
1. Introduction
2. Related work
3. Proposed work
4. Experimental setup and results
5. Conclusion
Declaration of Competing Interest
Data availability
References
چکیده
فناوری در رشد سریع خدمات و تشدید کیفیت زندگی نقش اساسی دارد. فناوری اخیر، مانند اینترنت اشیا (IoT)، عملکرد چشمگیری را در توسعه سریع به جلو نشان می دهد. سیستم تشخیص نفوذ (IDS) به عنوان یک راه نجات برای جلوگیری از حملات با طبقه بندی فعالیت ها به عنوان عادی و مشکوک استفاده می شود. در این مقاله، ما یک IDS دو فازی برای IoT پیشنهاد میکنیم. در مرحله اول، داده ها را با توجه به انواع داده ها (یعنی اسمی، عدد صحیح، باینری و شناور) به چهار بخش دسته بندی می کنیم. سپس آنها را با استفاده از نسخه های مختلف طبقه بندی کننده Naive Bayes طبقه بندی می کنیم. پس از آن، از رای اکثریت برای انتخاب نتیجه نهایی طبقه بندی استفاده می کنیم. در مرحله دوم، دادههایی را که در فاز اول رفتار عادی یا خوشخیم دارند، ارسال میکنیم و با استفاده از یک پوشش بیضوی بدون نظارت طبقهبندی میکنیم. ما کار خود را با استفاده از مجموعه دادههای استاندارد NSL-KDD، UNSW_NB15 و CIC-IDS2017 تأیید کردیم. ما روش پیشنهادی را کارآمدتر از تکنیکهای IDS موجود یافتیم و در مرحله اول به دقت معقولی دست یافتیم. علاوه بر این، داده های خوش خیم به مرحله دوم تجزیه و تحلیل ارسال می شود. پس از مرحله دوم، به دقت 97 درصد در مجموعه داده NSL-KDD، 86.9 درصد در مجموعه داده UNSW_NB15 و دقت 98.59 درصد در مجموعه داده CIC-IDS2017 دست یافتیم.
Abstract
Technology is pivotal in the rapid growth of services and intensifying the quality of life. Recent technology, like the Internet of Things (IoT), demonstrates an impressive performance in fast-forward development. Intrusion Detection System (IDS) is used as a lifeline to prevent attacks by classifying the activities as normal and suspicious. In this paper, we propose a two-phase IDS for IoT. In the first phase, we categorize data into four sections according to the data types (i.e., nominal, integer, binary, and float). We then classify them using different versions of the Naive Bayes classifier. After that, we use majority voting to choose the final result of the classification. In the second phase, we pass those data which behave normally or are benign in the first phase and classify them using an unsupervised elliptic envelope. We validated our work using the standard NSL-KDD, UNSW_NB15, and CIC-IDS2017 datasets. We found the proposed method more efficient than existing IDS techniques and achieved reasonable accuracy in the first phase. Furthermore, the benign data is sent to the second phase of the analysis. After the second phase, we achieved a 97% accuracy in the NSL-KDD dataset, 86.9% in the UNSW_NB15 dataset, and 98.59% accuracy in the CIC-IDS2017 dataset.
1. Introduction
In the evolutionary era, the Internet has always been performing a most significant role. Globally, the total estimate of Internet users is projected to increase from 3.9 billion in 2018 to 5.3 billion by 2023, as stated by Cisco Annual Internet Report [1]. Furthermore, the Internet of Things (IoT) is becoming increasingly widespread. IoT integrates many heterogeneous objects (such as in a smart home: intelligent bulbs, refrigerators, fans, air conditioners, automated doors, and TVs.) with various connecting technologies such as Bluetooth Low Energy (BLE), WiFi, and ZigBee. There are also other domains and applications in which the IoT can play an important role and enhance our lives quality. These applications include smart transportation, industrial automation, agriculture, and healthcare [2].
The IoT model [3] has been emerging towards formulating a cyber–physical environment where everything can be found, operated, investigated, and modernized. Because of being connected, the chances of attacks on the network increase. Many attacks and malicious incidents can affect different layers of the IoT architecture, creating security concerns. Makhdoom et al. [4] discussed the commonly known attacks on different layers, depending on the anatomy of the malware, and IoT-enabled cyber-attacks are also illustrated in a survey [5]. Similarly, Zarpel et al. [6] elaborated on intrusion detection systems in IoT. They have classified IDS based on placement strategies, detection methods, security threats, and validation strategies. Zargar et al. [7] explained in detail about Distributed Denial of Service (DDoS) attacks and also classified the countermeasures.
5. Conclusion
This paper presents a machine learning-based two-phase IDS. Firstly, we categorize data into four sections according to the data types (e.g., nominal, integer, binary, and float). Then classify them using different versions of the Naive Bayes classifier. After that, with the help of majority voting, we choose the final result of the classification. In the second phase, we pass those data which behave like normal in the first stage, and these data are classified using an unsupervised elliptic envelope. It draws an imaginary envelope and assigns value 1, which lies inside the Envelope, and −1 outside the Envelope. Our proposed model is also performing very well in the imbalanced distribution of the data by providing the weight initialization to each class. Finally, we got an overall 97% accuracy with a meager false positive rate. The drawback of this model is that it does not work pretty in multiclass classification.
In future work, we will improve the multiclass classification and feature engineering techniques model, expand this procedure in real-time for network traffic analysis, and evaluate performance. We will further attempt to capture network data by deploying IoT devices in the real world. Moreover, the IDS system will detect malicious incidents in real-time and immediately take appropriate action to prevent damage.