Statistical machine learning base approaches for developing robust intrusion detection systems

Abstract

Abstract newlineIntrusion is any unauthorized access or malicious activity on a computer newlinesystem or network. This can include hacking attempts, malware infections, newlineunauthorized access to sensitive data, and other cyber attacks. The challenges newlinein intrusion detection and prevention include detecting novel attacks, newlinefalse positives and negatives, scalability and performance, integration with newlineexisting systems, etc. Intrusion Detection System (IDS) is a complex and newlineconstantly evolving field, and it is important to stay up-to-date with the latest newlinedevelopments and best practices to protect against intrusions effectively. newlineIn this thesis, our first contribution is to propose a novel and robust snortbased newlineSecure Edge Router for Smart Homes (SERfSH) IDS to identify the newlinesignature-based attack. SERfSH automatically generates Snort rules by newlinecombining the extracted string, location, and header information. However, newlinesignature-based IDSs are limited in their ability to detect new and newlineunknown attacks and generate a large number of false positives as well as newlinefalse negatives. To overcome these limitations, we proposed anomaly-based newlinedetection with the help of Machine Learning (ML) algorithms and tested it newlineon state-of-the-art IDS datasets. newlineThe intrusion detection datasets consist of normal data and minimal attack newlinedata. This data imbalance causes prediction performance degradation due newlineto factors such as prediction bias of small data presence of outliers. To newlineaddress this issue, we have applied four oversampling methods on stateof- newlinethe-art IDS datasets. To further ensure the real-time applicability of newlinethese oversampling methods with classifiers, we also generate a Real-Time newlineTestbed (RTT) for the resampled dataset. The performance of machine newlinelearning-based IDS largely depends upon the feature set used for modelling. newlineGenerally, using more features increases the accuracy of attack detection newlineand increases detection time. newlineiv newlineAn Artificial Neural Network (ANN) based IDS is proposed, which uses newlinea multi-objective genetic algorithm to satisfy constraints.