Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection

Development of a deep learning radiomics model combining lumbar CT, multi-sequence MRI, and clinical data to predict high-risk cage subsidence after lumbar fusion: a retrospective multicenter study

BACKGROUND

To develop and validate a model that integrates clinical data, deep learning radiomics, and radiomic features to predict high-risk patients for cage subsidence (CS) after lumbar fusion.

METHODS

This study analyzed preoperative CT and MRI data from 305 patients undergoing lumbar fusion surgery from three centers. Using a deep learning model based on 3D vision transformations, the data were divided the dataset into training (n = 214), validation (n = 61), and test (n = 30) groups. Feature selection was performed using LASSO regression, followed by the development of a logistic regression model. The predictive ability of the model was assessed using various machine learning algorithms, and a combined clinical model was also established.

RESULTS

Ultimately, 11 traditional radiomic features, 5 deep learning radiomic features, and 1 clinical feature were selected. The combined model demonstrated strong predictive performance, with area under the curve (AUC) values of 0.941, 0.832, and 0.935 for the training, validation, and test groups, respectively. Notably, our model outperformed predictions made by two experienced surgeons.

CONCLUSIONS

This study developed a robust predictive model that integrates clinical features and imaging data to identify high-risk patients for CS following lumbar fusion. This model has the potential to improve clinical decision-making and reduce the need for revision surgeries, easing the burden on healthcare systems.

A hybrid feature weighted attention based deep learning approach for an intrusion detection system using the random forest algorithm

Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

A balanced communication-avoiding support vector machine decision tree method for smart intrusion detection systems

The Internet of Things field has created many challenges for network architectures. Ensuring cyberspace security is the primary goal of intrusion detection systems (IDSs). Due to the increases in the number and types of attacks, researchers have sought to improve intrusion detection systems by efficiently protecting the data and devices connected in cyberspace. IDS performance is essentially tied to the amount of data, data dimensionality, and security features. This paper proposes a novel IDS model to improve computational complexity by providing accurate detection in less processing time than other related works. The Gini index method is used to compute the impurity of the security features and refine the selection process. A balanced communication-avoiding support vector machine decision tree method is performed to enhance intrusion detection accuracy. The evaluation is conducted using the UNSW-NB 15 dataset, which is a real dataset and is available publicly. The proposed model achieves high attack detection performance, with an accuracy of approximately 98.5%.

A Novel Protocol-Free Bandage-Cover Cryptographer

Cyber security has become an important problem nowadays as almost everyone is often linked to the Internet for business and entertainment. Conventional cryptographers fail to address timely issues regarding cyber-attacks, such as cyber identity theft. In this work, we propose a novel idea, namely, a bandage-cover cryptographer (BCC), which is completely software-defined and protocol-free. Besides, this new cryptographic approach can enable camouflages to confuse data-mining robots, which are often encountered in the cyber world nowadays. Because all of the existing cryptographers aim to protect the entire data (document and file) altogether, they cannot have camouflagibility to mislead data-mining robots. Conversely, by our proposed novel BCC, one can select arbitrary contexts or parts of the data (related to individual identify and/or private confidential information) under protection. To evaluate such a first-ever cryptographer capable of misleading data-mining robots, we define two new metrics, namely: 1) vulnerability and 2) camouflage rates. The theoretical analyses of vulnerability rate and camouflage rate for our proposed new BCC are also presented in this article to demonstrate the corresponding effectiveness.

Evaluation Platform for DDM Algorithms With the Usage of Non-Uniform Data Distribution Strategies

Huge amounts of data are collected in numerous independent data storage facilities around the world. However, how the data is distributed between physical locations remains unspecified. Downloading all of the data for the purpose of processing it is undesirable and sometimes even impossible. Various methods have been proposed for performing data mining tasks, but the main problem is the lack of an objective strategy for comparing them. The authors present current research on a novel evaluation platform for distributed data mining (DDM) algorithms. The proposed platform opens up a new field to evaluate algorithms in terms of the quality of the results, transfer used, and speed, but also for the use of a non-uniform data distribution among independent nodes during algorithm evaluation. This work introduces a ‘data partitioning strategy’ term referring to a specific, not necessarily uniform data distribution. A brief evaluation for three clustering algorithms is also reported, showing the usability and simplicity of identifying differences in processing with the use of the platform.

A novel density estimation based intrusion detection technique with Pearson's divergence for Wireless Sensor Networks

We present a novel technique to detect an intrusive attack that occurs in the network due to the presence of a compromised node. These intrusive attacks last for a long time in the network due to the existence of compromised nodes this also affects the sensor reading. As the time span of the attack in longer in the network, it affects the system and can cause a system failure. Hence, we propose a technique that uses the combination of multi-varying kernel density estimation with distributed computing. This combination analyzes the individual probability of the existence of data and calculates the global value of the Probability Density Function (PDFs). Pearson's divergence (PE) is applied for efficient in-network detection and estimation of intrusion at low False Positive Rate (FPRs). The approximation of PE divergence is carried out using different techniques of distributed computing. The value of PDFs is calculated for a successive period of time in order to provide efficient performance. We also propose an entropy-based method that uses a centralized computing approach. Results obtained using PE divergence and entropy-based method are compared in order to judge the robustness. Finally, the proposed algorithms are evaluated using real-world based datasets, and the results are compared using Accuracy and FPRs.

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Network anomaly detection systems (NADSs) play a significant role in every network defense system as they detect and prevent malicious activities. Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs). Additionally, contemporary malicious activities in network systems and the important properties of intrusion detection systems are discussed as well. The present survey explains important phases of NADSs, such as pre-processing, feature extraction and malicious behavior detection and recognition. In addition, with regard to the detection and recognition phase, recent machine learning approaches including supervised, unsupervised, new deep and ensemble learning techniques have been comprehensively discussed; moreover, some details about currently available benchmark datasets for training and evaluating machine learning techniques are provided by the researchers. In the end, potential challenges together with some future directions for machine learning-based NADSs are specified.

Robust Online Multilabel Learning Under Dynamic Changes in Data Distribution With Labels

In this paper, a robust online multilabel learning method dealing with dynamically changing multilabel data streams is proposed. The proposed method has three advantages: 1) higher accuracy due to a newly defined objective function based on labels ranking; 2) fast training and update based on a newly derived closed-form (rather than gradient descent based) solution for the new objective function; and 3) high robustness to a newly identified concept drift in multilabel data streams, namely, changes in data distribution with labels (CDDL). The high robustness benefits from two novel works: 1) a new sequential update rule that preserves the labels ranking information learned from all old (but discarded) samples while updating the model only based on new incoming samples and 2) a fixed threshold for label bipartition that is insensitive to any kind of changes in data distribution including CDDL. The proposed method has been evaluated over 13 benchmark datasets from various domains. As shown in the experimental results, the proposed work is highly robust to CDDL in both the sequential model update and multilabel thresholding. Furthermore, the proposed method improves the performance in different evaluation measures, including Hamming loss, F1-measure, Precision, and Recall while taking short training time on most evaluated datasets.

Intrusion Detection of UAVs Based on the Deep Belief Network Optimized by PSO

With the rapid development of information technology, the problem of the network security of unmanned aerial vehicles (UAVs) has become increasingly prominent. In order to solve the intrusion detection problem of massive, high-dimensional, and nonlinear data, this paper proposes an intrusion detection method based on the deep belief network (DBN) optimized by particle swarm optimization (PSO). First, a classification model based on the DBN is constructed, and the PSO algorithm is then used to optimize the number of hidden layer nodes of the DBN, to obtain the optimal DBN structure. The simulations are conducted on a benchmark intrusion dataset, and the results show that the accuracy of the DBN-PSO algorithm reaches 92.44%, which is higher than those of the support vector machine (SVM), artificial neural network (ANN), deep neural network (DNN), and Adaboost. It can be seen from comparative experiments that the optimization effect of PSO is better than those of the genetic algorithm, simulated annealing algorithm, and Bayesian optimization algorithm. The method of PSO-DBN provides an effective solution to the problem of intrusion detection of UAV networks.

Instance-Based Cost-Sensitive Boosting

Many classification algorithms aim to minimize just their training error count; however, it is often desirable to minimize a more general cost metric, where distinct instances have different costs. In this paper, an instance-based cost-sensitive Bayesian consistent version of exponential loss function is proposed. Using the modified loss function, the derivation of instance-based cost-sensitive extensions of AdaBoost, RealBoost and GentleBoost are developed which are termed as ICSAdaBoost, ICSRealBoost and ICSGentleBoost, respectively. In this research, a new instance-based cost generation method is proposed instead of doing this expensive process by experts. Thus, each sample takes two cost values; a class cost and a sample cost. The first cost is equally assigned to all samples of each class while the second cost is generated according to the probability of each sample within its class probability density function. Experimental results of the proposed schemes imply 12% enhancement in terms of [Formula: see text]-measure and 13% on cost-per-sample over a variety of UCI datasets, compared to the state-of-the-art methods. The significant priority of the proposed method is supported by applying the pair of [Formula: see text]-tests to the results.

A Semi-Boosted Nested Model With Sensitivity-Based Weighted Binarization for Multi-Domain Network Intrusion Detection

Effective network intrusion detection techniques are required to thwart evolving cybersecurity threats. Historically, traditional enterprise networks have been researched extensively in this regard. However, the cyber threat landscape has grown to include wireless networks. In this article, the authors present a novel model that can be trained on completely different feature sets and applied to two distinct intrusion detection applications: traditional enterprise networks and 802.11 wireless networks. This is the first method that demonstrates superior performance in both aforementioned applications. The model is based on a one-versus-all binary framework comprising multiple nested sub-ensembles. To provide good generalization ability, each sub-ensemble contains a collection of sub-learners, and only a portion of the sub-learners implement boosting. A class weight based on the sensitivity metric (true-positive rate), learned from the training data only, is assigned to the sub-ensembles of each class. The use of pruning to remove sub-learners that do not contribute to or have an adverse effect on overall system performance is investigated as well. The results demonstrate that the proposed system can achieve exceptional performance in applications to both traditional enterprise intrusion detection and 802.11 wireless intrusion detection.

An Efficient Hybrid Self-Learning Intrusion Detection System Based on Neural Networks

An intrusion detection system (IDS) is an immunizing system that identifies the hostile activities in a network, and alerts the network administrator in case of detecting suspicious behaviors. Signature-based systems are the most common methods for intrusion detection, but however, they are not able to detect new attacks on the network. The main problem of these systems is to keep up to date the database of already containing known attack signatures. Neural networks have a high ability to learn and are generalizable. This study present as follow: A new intrusion detection system that is a hybrid of self-organizing map algorithm (SOM), radial basis function (RBF) and perceptron networks is proposed to solve this problem. For the first time, The Imperialist Competitive Algorithm is used to calculate the parameters of the Perceptron neural network. The proposed approach uses a hybrid architecture that tries to increase the quality of warnings. Signature-based systems using this method can detect new attacks as a self-learner. The results indicated better performance of the proposed hybrid algorithm compared to earlier methods.

A Novel Cyber Attack Detection Method in Networked Control Systems

This paper is concerned with cyber attack detection in a networked control system. A novel cyber attack detection method, which consists of two steps: 1) a prediction step and 2) a measurement update step, is developed. An estimation ellipsoid set is calculated through updating the prediction ellipsoid set with the current sensor measurement data. Based on the intersection between these two ellipsoid sets, two criteria are provided to detect cyber attacks injecting malicious signals into physical components (i.e., sensors and actuators) or into a communication network through which information among physical components is transmitted. There exists a cyber attack on sensors or a network exchanging data between sensors and controllers if there is no intersection between the prediction set and the estimation set updated at the current time instant. Actuators or network transmitting data between controllers and actuators are under a cyber attack if the prediction set has no intersection with the estimation set updated at the previous time instant. Recursive algorithms for the calculation of the two ellipsoid sets and for the attack detection on physical components and the communication network are proposed. Simulation results for two types of cyber attacks, namely a replay attack and a bias injection attack, are provided to demonstrate the effectiveness of the proposed method.

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection

Botnets, which consist of remotely controlled compromised machines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient countermeasure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) identifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet's payload and comparing it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the shortcomings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network's traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state-of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network feature set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The proposed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outperforms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.

Semi-Supervised Text Classification With Universum Learning

Universum, a collection of nonexamples that do not belong to any class of interest, has become a new research topic in machine learning. This paper devises a semi-supervised learning with Universum algorithm based on boosting technique, and focuses on situations where only a few labeled examples are available. We also show that the training error of AdaBoost with Universum is bounded by the product of normalization factor, and the training error drops exponentially fast when each weak classifier is slightly better than random guessing. Finally, the experiments use four data sets with several combinations. Experimental results indicate that the proposed algorithm can benefit from Universum examples and outperform several alternative methods, particularly when insufficient labeled examples are available. When the number of labeled examples is insufficient to estimate the parameters of classification functions, the Universum can be used to approximate the prior distribution of the classification functions. The experimental results can be explained using the concept of Universum introduced by Vapnik, that is, Universum examples implicitly specify a prior distribution on the set of classification functions.

Survey of Uses of Evolutionary Computation Algorithms and Swarm Intelligence for Network Intrusion Detection

Many infrastructures, such as those of finance and banking, transportation, military and telecommunications, are highly dependent on the Internet. However, as the Internet’s underlying structural protocols and governance can be disturbed by intruders, for its smooth operation, it is important to minimize such disturbances. Of the available techniques for achieving this, computational intelligence methodologies, such as evolutionary algorithms and swarm intelligence approaches, are popular and have been successfully applied to detect intrusions. In this paper, we present an overview of these techniques and related literature on intrusion detection, analyze their research contributions, compare their approaches and discuss new research directions which will provide useful insights for intrusion detection researchers and practitioners.