Volume 12 , Issue 1 , PP: 129-143, 2024 | Cite this article as | XML | Html | PDF | Full Length Article
Amjad Hijazi 1 * , Nizar Alhafez 2 , Iyad Al-khayat 3
Doi: https://doi.org/10.54216/JISIoT.120110
In the realm of cybersecurity, the incessant evolution of network attacks necessitates advanced and robust intrusion detection systems (IDS). The major issues with these systems are numerous: false positive/negative alarms, delayed response and detection time, size of processed data, adaptability to future threats, scalability of the system, difficulty in detecting distributed attacks, and downtime (fault tolerance). We propose a system that introduces a distributed framework aimed at enhancing network security by effectively identifying subtle deviations from normal network behavior. This is achieved through transfer learning based on artificial neural networks, and support vector machine (SVM), capitalizing on their complementary strengths in recognizing complex patterns and addressing high-dimensional datasets. To validate the efficacy of the proposed approach, the NSL-KDD dataset is utilized within a distributed IDS architecture. It consists of several intrusion detection nodes representing subnetworks. A node consists of two agents that work collaboratively. A way is proposed to avoid interference between analysis agents: the network agents manager monitors the functioning of the nodes and displays the results of each vulnerability-detecting node in each subnet separately. Such communication between agents should reduce FPAS (false positive alarms) significantly. The Detection engine extracts relevant features of network attacks to solve the problem of SVM in processing huge sizes of data and detect adaptive future threats to detect famous distributed denial of services (DDOS) attacks in real-time. The system is highly scalable by increasing the number of intrusion detection system nodes if necessary. Central processing is avoided to circumvent a system failure situation, where processing and decision-making take place at the detection node level within each subnet.
distributed intrusion detection system , network security , agents, denial of service , artificial neural networks , support vector machine.
[1] N. Gulia, K. Solanki, S. Dalal, A. Dhankhar, O. Dahiya and N. Salman, "Intrusion Detection System using G-ABC with deep neural network in cloud environment," in Hindawi scientific programmer, vol. 2023, Apr. 2023, doi: 10.1155/2023/7210034.
[2] P. Vanin, T. Newe, L.L. Dhirani , E. O’Connell, D. O’Shea, B. Lee and M. Rao, "A Study of Network Intrusion Detection Systems Using Artificial Intelligence/Machine Learning," in Applied sciences, vol. 12, Nov. 2022, doi: 10.3390/app122211752
[3] M. Ozlap, C. Karakuzu and A. Zengin, "Distributed intrusion Detection System: A Review," in International Symposium on Innovative Technologies in Engineering and Science, Nov. 2019, doi: 10.33793/acperpro.02.03.18.
[4] S. Othman, N. Alsohaybe, F. Ba-alwi and A. Zahary, "Survey on Intrusion Detection System Types," in International Journal of Cyber-Security and Digital Forensics, vol. 7, Oct. 2018.
[5] U. Akyazi and A. Uyar, "Distributed intrusion detection using mobile agents against DDoS attacks," in IEEE Xplore, International Symposium on Computer and Information Sciences, Oct. 2008, doi: 10.1109/ISCIS.2008.4717920.
[6] G. Vigna and C. Kruegel, "Host-based Intrusion Detection," in UC Santa Barbara Computer science, 2006.
[7] B. S. N. Murthy, K. Srinivas, S. Jena, A. Sandeep, M. Naidu, M. Ravi and K. Sudheer. "Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection," in Mathematical Statistician and Engineering Applications (MSEA), vol. 71, 2022, doi: 10.17762/msea.v71i4.1115.
[8] Y. Yu and N. Bain, "An Intrusion Detection Method Using Few-Shot Learning," in IEEE Access, vol. 8, pp. 49730-49740, Mar. 2020, doi: 0.1109/ACCESS.2020.2980136.
[9] Y. Mehmood, M. Shibli, A. Kanwal and R. Masood, "Distributed Intrusion Detection System using Mobile Agents in Cloud Computing Environment", in IEEE Xplore, Conference on Information Assurance and Cyber Security (CIACS), Feb. 2016, doi: 10.1109/CIACS.2015.7395559.
[10] O. Achbarou, M. El Kiram,O. Bourkoukou and S. Elbouanani, "A New Distributed Intrusion Detection System Based on Multi-Agent System for Cloud Environment," in International Journal of Communication Networks and Information Security (IJCNIS), vol. 10, pp. 526-533, Dec. 2018, doi: 10.17762/ijcnis.v10i3.3546.
[11] S. Khonde and U. Venugopal, "Hybrid Architecture for Distributed Intrusion Detection System, " in international information and engineering technology association, Ingenierie des Systemes d'Information.vol. 24, No. 1, pp. 19-28, Feb. 2019, doi: 10.18280/isi.240102.
[12] M. Idhammad, K, Afdel and M. Belouch, "Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques," in Science Direct, Procedia Computer Science, vol. 127, pp. 35-41, 2018, doi: 10.1016/j.procs.2018.01.095.
[13] R. A.M, I. Ahmad and R. Khan, "An adaptive distributed intrusion detection system architecture using multi agents," in International Journal of Electrical and Computer Engineering (IJECE), vol. 9, No. 6, PP. 4951-4960, Dec. 2019, doi: 10.11591/ijece.v9i6.pp4951-4960.
[14] D. Roy, K.Sri.R. Murty and C.K. Mohan, "Feature Selection using Deep Neural Networks," in IEEE Xplore, International Joint Conference on Neural Networks (IJCNN), Jul. 2015, doi: 10.1109/IJCNN.2015.7280626.
[15] S. Choudhary, N. Kesswani, "Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 Datasets using Deep Learning in IoT," in ScienceDirect, Procedia computer science, International Conference on Computational Intelligence and Data Science, vol. 167,pp. 1561–1573, 2020, doi: 10.1016/j.procs.2020.03.367
[16] JADE Board. (2005). JADE Security Add-On GUIDE. Administrator's guide of the Security add-on, Version 28-February-2005, JADE 3.3
[17] A. Andalib and V. Vakili, "An Autonomous Intrusion Detection System Using Ensemble of Advanced Learners," in IEEE Xplore, Iranian Conference on Electrical Engineering (ICEE), Nov. 2020, doi: 10.1109/ICEE50131.2020.9260808.