Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ UPCommons. Portal de...arrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
UPCommons. Portal del coneixement obert de la UPC
Other literature type . Conference object . 2023 . Peer-reviewed
License: STM Policy #29
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Conference object . 2023
Data sources: ZENODO
versions View all 6 versions
addClaim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

An NIDS for Known and Zero-Day Anomalies

Authors: Hussain, Ayaz; Aguiló Gost, Francisco de Asis L.; Simó Mezquita, Ester; Marín Tordera, Eva; Masip Bruin, Xavier;

An NIDS for Known and Zero-Day Anomalies

Abstract

Rapid development in the network infrastructure has resulted in sophisticated attacks which are hard to detect using typical network intrusion detection systems (NIDS). There is a strong need for efficient NIDS to detect these known attacks along with ever-emerging zero-day exploits. Existing NIDS are more focused on detecting known attacks using supervised machine learning approaches, achieving better performance for known attacks but poor detection of unknown attacks. Many NIDS have utilized the unsupervised approach, which results in better detection of unknown anomalies. In this paper, we proposed a Hybrid NIDS based on Semisupervised One-Class Support Vector Machine (OC-SVM) and Supervised Random Forest (RF) algorithms. This detection system has several stages. The First stage is based on OC-SVM, which filters benign and malicious traffic. The next stages use many parallel supervised models and an additional OC-SVM model to separate known and unknown attacks from malicious traffic. The previous process is done so that known attacks are classified by their type, and unknown attacks are detected. The proposed NIDS is tested on the standard public dataset CSE-CIC-IDS-2018. The evaluation results show that the system achieves a high accuracy, 99.45%, for detecting known attacks. Our proposed NIDS achieves an accuracy of 93.99% for unknown or zero-day attacks. The overall accuracy of the proposed NIDS is 95.95%. The system significantly improves the detection of known and unknown anomalies using a hybrid approach.

This project has received funding from the European Union’s H2020 research and innovation programme under the grant agreement No. 952644, from the Spanish Ministry of Science and Innovation under contract PID2021-124463OB- I00, and from the Catalan Government under contract 2021 SGR 00326.

Peer Reviewed

Country
Spain
Related Organizations
Keywords

Intrusion detection systems (Computer security), :Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], One–class SVM, Machine learning, Aprenentatge automàtic, Telecomunicació -- Tràfic, Telecommunication -- Traffic, Network intrusion detection system, Cyber security, Sistemes de detecció d'intrusos (Seguretat informàtica), Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica, Random forest

  • BIP!
    Impact byBIP!
    citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    Average
    OpenAIRE UsageCounts
    Usage byUsageCounts
    visibility views 63
    download downloads 19
  • citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    Average
    Powered byBIP!BIP!
  • 63
    views
    19
    downloads
    Powered byOpenAIRE UsageCounts
Powered by OpenAIRE graph
Found an issue? Give us feedback
visibility
download
citations
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
views
OpenAIRE UsageCountsViews provided by UsageCounts
downloads
OpenAIRE UsageCountsDownloads provided by UsageCounts
0
Average
Average
Average
63
19
Green
Funded by