INTRUSION DETECTION SYSTEM

PRESENTED BY
C.JEFFERSON JAMES
M.S.MOOSA MULAFFAR

GUIDED BY
DR.D.KESAVARAJA M.E.,PH.D
 ABSTRACT
 The dynamic challenges in cyber security through the lens of intrusion detection,
utilizing the ADT-SVM (Adaptive Decision Tree-Support Vector Machine) algorithm.

 In the context of a rapidly changing cyber threat landscape facilitated by the Internet,
the study explores the application of Machine Learning (ML) methods, emphasizing
the pivotal role of data.

 The researchers index, read, and summarize papers representing various ML methods,
focusing on temporal or thermal correlations, while discussing commonly used
network datasets and challenges associated with ML in cyber security.

 Using the KDD dataset as a benchmark, the project employs the ADT-SVM algorithm
to categorize data attributes into four classes: Basic, Content, Traffic, and Host.
Evaluation metrics, such as Detection Rate (DR) and False Alarm Rate (FAR), are then
utilized to assess the performance of an Intrusion Detection System (IDS).
OBJECTIVES
 Develop and implement an Intrusion Detection System (IDS) using the ADT-
SVM algorithm for dynamic cybersecurity threat detection.

 Explore temporal and thermal correlations in network data to enhance the

adaptability of the IDS.

 Evaluate IDS performance using key metrics such as Detection Rate (DR) and
False Alarm Rate (FAR) on the KDD dataset.

 Address challenges associated with machine learning in cybersecurity,

emphasizing the role of data in mitigating evolving cyber threats.
 PROBLEM STATEMENT
 The persistence of successful cyber attacks despite existing security solutions underscores a critical need for more
effective detection mechanisms in computer network security.

 Various threats such as Distributed Denial of Service (DDoS), botnets, spam, and phishing continue to pose significant
challenges, with reported incidents increasing in frequency.

 To address these concerns, this paper presents a novel voting-based deep learning framework, termed VNN, which aims to
leverage the strengths of diverse deep learning structures to enhance detection accuracy and robustness.
 EXISTING SYSTEM
 Several security solutions have been proposed to detect network abnormal behavior. However,

successful attacks is still a big concern in computer society. Lots of security breaches, like
Distributed Denial of Service (DDoS), botnets, spam, phishing, and so on, are reported every
day, while the number of attacks are still increasing.

 In this paper, a novel voting-based deep learning framework, called VNN, is proposed to take
the advantage of any kinds of deep learning structures. Considering several models created by
different aspects of data and various deep learning structures, VNN provides the ability to
aggregate the best models in order to create more accurate and robust results.

 Therefore, VNN helps the security specialists to detect more complicated attacks.

Experimental results over KDDCUP’99 and CTU-13, as two well known and more widely
employed datasets in computer network area, revealed the voting procedure was highly
effective to increase the system performance

 Where the false alarms were reduced up to 75% in comparison with the original deep
learning models, including Deep Neural Network (DNN), Convolutional Neural Network
(CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU).
 ADVANTAGES

 ADT-SVM's adaptability enhances real-time response to evolving cyber threats. Integration of

temporal and thermal correlations improves anomaly detection accuracy.

 Machine learning-based IDS increases efficiency by automating intrusion detection processes.

 Utilizing the KDD dataset as a benchmark provides standardized performance evaluation.

 Data-driven approach improves the system's ability to categorize and respond to diverse
intrusion scenarios.
 DISADVANTAGES
 Integrating multiple deep learning models into a single framework
can significantly increase complexity and computational overhead.
This could lead to longer training times, increased resource
requirements, and potentially slower inference speeds, especially in
real-time detection scenarios where efficiency is crucial.

 The effectiveness of VNN heavily relies on the quality and diversity

of the training data used to train the individual deep learning models.
If the training data is biased, incomplete, or not representative of all
potential attack scenarios, the performance of VNN may suffer,
leading to reduced detection accuracy and increased false alarms.

 Combining multiple deep learning models through a voting

mechanism may make it challenging to interpret the decision-making
process of the overall system.
 PROPOSED SYSTEM
 The proposed system integrates advanced techniques for intrusion detection in the dynamic cybersecurity landscape.
Combining a Probability Model for baseline behavior analysis, a Link-Anomaly Score computation for identifying
suspicious network connections.

 Change Point Analysis and Dynamic Time Warping for detecting shifts in statistical properties and temporal patterns,
and the Adaptive Decision Tree-Support Vector Machine (ADT-SVM) algorithm for accurate classification, the system
offers a comprehensive approach to identifying potential security threats.

 By leveraging these modules, the proposed system aims to enhance the adaptability and effectiveness of intrusion
detection, providing a robust defense mechanism against evolving cyber threats.

 The ADT-SVM algorithm, with its ability to learn and categorize diverse data attributes, and the implementation process
also includes the utilization of the KDD dataset as a benchmark to validate the system's performance. plays a central role
in the proposed system, contributing to a more resilient and responsive cybersecurity framework.
 SYSTEM SPECIFICATION
HARDWARE REQUIREMENTS
Processor Type : Intel core i5 processor
Speed : 3.40GHZ
RAM : 4GB DD2 RAM
Hard disk : 500 GB
Keyboard : 101/102 Standard Keys
Mouse : Optical Mouse
SOFTWARE REQUIREMENTS
Operating System : Windows 10
Front end : NetBeans IDE / jdk
Coding Language : Java
Tools : Weka Tools
 SYSTEM FLOW DIAGRAM

Computing
Feature Anomaly Score
Loading Dataset Preprocessing
Selection Based On Selected
Features

Detecting Threats
Result Using ADT-SVM
Method
 MODULES
CHANGE POINT ANALYSIS AND DTO
This module focuses on change point analysis and Dynamic Time Warping (DTO) techniques. Change point
analysis aims to identify shifts or deviations in the statistical properties of the data, signaling potential
security incidents. DTO, on the other hand, involves measuring the similarity between sequences over
time, aiding in the detection of variations in temporal patterns. Integrating these methods enhances the
system's ability to adapt to evolving cyber threats and identify deviations from normal behavior.
ADT-SVM DETECTION METHOD
The ADT-SVM Detection Method module implements the Adaptive Decision Tree-Support Vector Machine
(ADT-SVM) algorithm for intrusion detection. This algorithm combines the adaptability of decision
trees with the classification power of support vector machines. The ADT-SVM model is trained on
labeled data, learning to distinguish between normal and anomalous network behavior. Once trained, it
is employed to categorize incoming data attributes into predefined classes, such as Basic, Content,
Traffic, and Host, facilitating the identification of potential security threats within the network. The
module likely involves fine-tuning and optimizing the ADT-SVM parameters for optimal detection
performance.
 MODULES
PROBABILITY MODEL
This module involves the development and application of a probability model for
analyzing network data. The probability model likely assesses the likelihood of
certain events or patterns within the data, providing a foundational understanding
of the baseline behavior. By establishing a probability distribution, anomalies can
be identified by deviating from expected patterns, enabling the system to flag
potentially malicious activities.
COMPUTING THE LINK-ANOMALY SCORE
In this module, the system calculates link-anomaly scores to quantify the abnormality
of network links or connections. The computation involves analyzing various
attributes associated with network links, such as traffic patterns, communication
frequencies, or data transfer volumes. A higher link-anomaly score may indicate
suspicious or anomalous behavior, directing the attention of the intrusion detection
system to potential security threats within the network.
 LITERATURE REVIEW
THE EVOLUTION OF ETHERNET PASSIVE OPTICAL NETWORK
(EPON) AND FUTURE TRENDS

Felix Obiteet.al. Has proposed in this paper, the tremendous Internet traffic
growth has confirmed that the telecommunications back bone is moving
aggressively from a time division multiplexing (TDM) orientation to a
focus on Ethernet solution. Ethernet PON, which presents the convergence
of low-cost Ethernet and fiber infrastructures, has taken over the market
initially dominated by Digital Subscriber Line (DSL) and cable modems.
It is a new technology that is simple, inexpensive, and scalable, having the
ability to deliver massive data services to end-users over a single network.
This paper reviewed the evolution of Ethernet Passive Optical Network
(EPON), with focus on the current development process ofthe future high-
data-rate access networks such as Next-Generation Passive Optical
Network Stage
 LITERATURE REVIEW
INTRUSION DETECTION SYSTEMS IN THE INTERNET OF THINGS: A
COMPREHENSIVE INVESTIGATION

Somayye Hajiheidariet.al. Has proposed in this system, Recently, a new dimension of intelligent
objects has been provided by reducing the power consumption of electrical appliances. Daily
physical objects have been upgraded by electronic devices over the Internet to create local
intelligence and make communication with cyberspace. Internet of things (IoT) as a new term in
this domain is used for realizing these intelligent objects. Since the objects in the IoT are directly
connected to the unsafe Internet, the resource constraint devices are easily accessible by the
attacker. Such public access to the Internet causes things to become vulnerable to the intrusions.
The purpose is to categorize the attacks that do not explicitly damage the network, but by
infecting the internal nodes, they are ready to carry out the attacks on the network, which are
named as internal attacks. Therefore, the significance of Intrusion Detection Systems (IDSs) in the
IoT is undeniable. However, despite the importance of this topic, there is not any comprehensive
and systematic review about discussing and analyzing its significant mechanisms.
 LITERATURE REVIEW
REVISITING WIRELESS INTERNET CONNECTIVITY: 5G VS WI-FI 6

Edward J. Oughtonet.al. has proposed in this paper In recent years, significant

attention has been directed toward the fifth generation of wireless broadband
connectivity known as ‘5G’, currently being deployed by Mobile Network
Operators. Surprisingly, there has been considerably less attention paid to
‘Wi-Fi 6’, the new IEEE 802.1ax standard in the family of Wireless Local
Area Network technologies with features targeting private, edge-networks.
This paper revisits the suitability of cellular and Wi-Fi in delivering high
speed wireless Internet connectivity. Both technologies aspire to deliver
significantly enhanced performance, enabling each to deliver much faster
wireless broadband connectivity, and provide further support for the Internet
of Things and Machine-to-Machine communications, positioning the two
technologies as technical substitutes in many usage scenarios
 LITERATURE REVIEW
ENSEMBLE LEARNING FOR INTRUSION DETECTION SYSTEMS: A SYSTEMATIC MAPPING STUDY AND
CROSS-BENCHMARK EVALUATION

BayuAdhi Tamaet.al. Has proposed in this system Intrusion detection systems (IDSs) are intrinsically linked to a
comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an
improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often
lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an
overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and
analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several
categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques
 LITERATURE REVIEW
DEEP ABSTRACTION AND WEIGHTED FEATURE SELECTION FOR WI-FI
IMPERSONATION DETECTION

Muhamad Erza Amina toet.al. Has proposed in this system, The recent advances in
mobile technologies have resulted in IoT-enabled devices becoming more pervasive
and integrated into our daily lives. The security challenges that need to be
overcome mainly stem from the open nature of a wireless medium such as a Wi-Fi
network. An impersonation attack is an attack in which an adversary is disguised as
a legitimate party in a system or communications protocol. The connected devices
are pervasive, generating high-dimensional data on a large scale, which complicates
simultaneous detections. Feature learning, however, can circumvent the potential
problems that could be caused by the large-volume nature of network data. This
study thus proposes a novel Deep-Feature Extraction and Selection (D-FES), which
combines stacked feature extraction and weighted feature selection.
 CONCLUSION

 In conclusion, the presented cybersecurity framework, incorporating modules such as the Probability

Model, Link-Anomaly Score computation, Change Point Analysis with Dynamic Time Warping, and the

Adaptive Decision Tree-Support Vector Machine (ADT-SVM) algorithm, constitutes a comprehensive

and adaptive intrusion detection system.

 By addressing the dynamic challenges in the cyber threat landscape, this system leverages probabilistic

analysis, anomaly scoring, and machine learning to effectively identify potential security threats.

 The integration of advanced techniques and the utilization of the ADT-SVM algorithm contribute to the

system's ability to adapt and learn from evolving cyber threats.

 The proposed framework not only offers a multi-faceted approach to intrusion detection but also

emphasizes the importance of continual adaptation in the face of emerging cybersecurity challenges.
 REFERENCES
[1] R. Kumar, A. Malik, and V. Ranga, ‘‘An intellectual intrusion detection system using
hybrid hunger games search and remora optimization algorithm for IoT wireless
networks,’’ Knowl.-Based Syst., vol. 256, Nov. 2022, Art. no. 109762.

[2] W. Wang, S. Jian, Y. Tan, Q. Wu, and C. Huang, ‘‘Representation learningbased network
intrusion detection system by capturing explicit and implicit feature interactions,’’
Comput. Secur., vol. 112, Jan. 2022, Art. no. 102537.

[3] J. Oughton, W. Lehr, K. Katsaros, I. Selinis, D. Bubley, and J. Kusuma, ‘‘Revisiting

wireless internet connectivity: 5G vs Wi-Fi 6,’’ Telecomm. Policy, vol. 45, no. 5, Jun.
2021, Art. no. 102127

[4] B. A. Tama and S. Lim, ‘‘Ensemble learning for intrusion detection systems: A
systematic mapping study and cross-benchmark evaluation,’’ Comput. Sci. Rev., vol.
39, Feb. 2021, Art. no. 100357.

[5] S. Lei, C. Xia, Z. Li, X. Li, and T. Wang, ‘‘HNN: A novel model to study the intrusion
detection based on multi-feature correlation and temporalspatial analysis,’’ IEEE Trans.
Netw. Sci. Eng., vol. 8, no. 4, pp. 3257–3274, Oct. 2021