An Approach of Applying, Adapting Machine Learning into the IDS and IPS Component to Improve Its Effectiveness and Its Efficiency

Lucky Singh, Hamid Jahankhani*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

1 Citation (Scopus)

Abstract

The traditional intrusion detection and Intrusion prevention systems are known as “signature based”, which means that they function in a similar method to a virus scanner by identifying the similar signatures for each intrusion event it detects. This specific method is very effective if the attacks are known, but for zero day attack it will not be able to identify the incoming threat. cited from (Meryem and Ouahidi in Netw Secur 8–19, 2020 [9]) IDS signature library requires constant update as the current IDS and IPS are only as good as their signatures and if there is a zero-day attack then the IDS will not be able to detect it. In cited from (Porter An attack with a previously unseen volume of 2.3). Different ML algorithms such as “Naïve Bayes, decision tree, K-Nearest Neighbors and logistic regression” are discussed and compared throughout the project. An implementation and development detection module a new method of detection module has been created. The research also consists of critical feature selection. The algorithm detection module was trained and tested with test data obtained from the clients’ network. The algorithm was then implemented within the client live network and the results were retrieved again. The detection modules were trained on different ML algorithms and accuracy was then compared from all of them. From which “decision tree” is able to provide the highest accuracy result with a very misclassification rate. Till now 99% accuracy has been reached. On the other hand, if the large corpus of training data is used then the detection accuracy can increase. The primary objective was to deliver an upgraded version of IPS/IDS to clients which would be “Anomaly based” that would employ Machine learning approach to protect the client devices and network from different cyber-attacks such as zero-day attacks.

Original languageEnglish
Title of host publicationAdvanced Sciences and Technologies for Security Applications
EditorsReza Montasari, Hamid Jahankhani
Place of PublicationCham
PublisherSpringer
Pages43-71
Number of pages29
ISBN (Electronic)9783030880408
ISBN (Print)9783030880392
DOIs
Publication statusPublished - 2021

Publication series

NameAdvanced Sciences and Technologies for Security Applications
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

Fingerprint

Dive into the research topics of 'An Approach of Applying, Adapting Machine Learning into the IDS and IPS Component to Improve Its Effectiveness and Its Efficiency'. Together they form a unique fingerprint.

Cite this