Probabilistic Analysis of Random Check Intrusion Detection System

Firuz Kamalov (1), Sherif Moussa (2), Gandeva Bayu Satrya (3)
(1) Faculty of Engineering, Canadian University Dubai, Dubai, UAE
(2) Faculty of Engineering, Canadian University Dubai, Dubai, UAE
(3) Faculty of Engineering, Canadian University Dubai, Dubai, UAE
Fulltext View | Download
How to cite (IJASEIT) :
Kamalov, Firuz, et al. “Probabilistic Analysis of Random Check Intrusion Detection System”. International Journal on Advanced Science, Engineering and Information Technology, vol. 14, no. 2, Apr. 2024, pp. 393-9, doi:10.18517/ijaseit.14.2.18749.
The ubiquitous adoption of network-based technologies has left organizations vulnerable to malicious attacks. It has become vital to have effective intrusion detection systems (IDS) that protect the network from attacks. In this paper, we study the intrusion detection problem through the lens of probability theory. We consider a situation where a network receives random malicious signals at discrete time instances, and an IDS attempts to capture these signals via a random check process. We aim to develop a probabilistic framework for intrusion detection under the given scenario. Concretely, we calculate the detection rate of a network attack by an IDS and determine the expected number of detections. We perform extensive theoretical and experimental analyses of the problem. The results presented in this paper would be helpful tools for designing and analyzing intrusion detection systems. We propose a probabilistic framework that could be useful for IDS experts; for a network-based IDS that monitors in real-time, analyzing the entire traffic flow can be computationally expensive. By probabilistically sampling only a fraction of the network traffic, the IDS can still perform its task effectively while reducing the computational cost. However, checking only a fraction of the traffic increases the possibility of missing an attack. This research can help IDS designers achieve appropriate detection rates while maintaining a low false alarm rate. The groundwork laid out in this paper could be used for future research on understanding the probabilities related to intrusion detection.

K. N. Sevis and E. Seker, “Cyber warfare: terms, issues, laws and controversies,” 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), Jun. 2016, doi:10.1109/cybersecpods.2016.7502348.

G. De Masi, “The impact of topology on Internet of Things: A multidisciplinary review,” 2018 Advances in Science and Engineering Technology International Conferences (ASET), Feb. 2018, doi:10.1109/icaset.2018.8376837.

N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, and N. Ghani, “Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations,” IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2702–2733, 2019, doi: 10.1109/comst.2019.2910750.

Ventures C. Cybersecurity jobs report. Herjavec Group. 2017 May;1.

A. Borkar, A. Donode, and A. Kumari, “A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS),” 2017 International Conference on Inventive Computing and Informatics (ICICI), Nov. 2017, doi:10.1109/icici.2017.8365277.

P. I. Radoglou-Grammatikis and P. G. Sarigiannidis, “Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems,” IEEE Access, vol. 7, pp. 46595–46620, 2019, doi: 10.1109/access.2019.2909807.

H.-J. Liao, C.-H. Richard Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16–24, Jan. 2013, doi:10.1016/j.jnca.2012.09.004.

Y. Afek, A. Bremler-Barr, and S. L. Feibish, “Zero-Day Signature Extraction for High-Volume Attacks,” IEEE/ACM Transactions on Networking, vol. 27, no. 2, pp. 691–706, Apr. 2019, doi:10.1109/tnet.2019.2899124.

R. Samrin and D. Vasumathi, “Review on anomaly based network intrusion detection system,” 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), Dec. 2017, doi:10.1109/iceeccot.2017.8284655.

S. Oshima, T. Nakashima, and Y. Nishikido, “Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis,” Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007), Nov. 2007, doi: 10.1109/iihmsp.2007.4457652.

N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A Deep Learning Approach to Network Intrusion Detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, Feb. 2018, doi: 10.1109/tetci.2017.2772792.

M. H. Ahmadzadegan, A. A. Khorshidvand, and M. G. Valian, “Low-rate false alarm intrustion detection system with genetic algorithm approach,” 2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI), Nov. 2015, doi:10.1109/kbei.2015.7436188.

S. Naseer et al., “Enhanced Network Anomaly Detection Based on Deep Neural Networks,” IEEE Access, vol. 6, pp. 48231–48246, 2018, doi: 10.1109/access.2018.2863036.

F. Kamalov and F. Thabtah, “A Feature Selection Method Based on Ranked Vector Scores of Features for Classification,” Annals of Data Science, vol. 4, no. 4, pp. 483–502, Jul. 2017, doi: 10.1007/s40745-017-0116-1.. 6, pp. 48231–48246, 2018, doi:10.1109/access.2018.2863036.

F. Kamalov, “Generalized feature similarity measure,” Annals of Mathematics and Artificial Intelligence, vol. 88, no. 9, pp. 987–1002, May 2020, doi: 10.1007/s10472-020-09700-8.

F. Thabtah and F. Kamalov, “Phishing Detection: A Case Analysis on Classifiers with Rules Using Machine Learning,” Journal of Information & Knowledge Management, vol. 16, no. 04, p. 1750034, Nov. 2017, doi: 10.1142/s0219649217500344.

F. Kamalov and H. H. Leung, “Outlier Detection in High Dimensional Data,” Journal of Information & Knowledge Management, vol. 19, no. 01, p. 2040013, Mar. 2020, doi: 10.1142/s0219649220400134.

A. Garg and P. Maheshwari, “A hybrid intrusion detection system: A review,” 2016 10th International Conference on Intelligent Systems and Control (ISCO), Jan. 2016, doi: 10.1109/isco.2016.7726909.

C.-M. Ou, “Host-based Intrusion Detection Systems Inspired by Machine Learning of Agent-Based Artificial Immune Systems,” 2019 IEEE International Symposium on INnovations in Intelligent SysTems and Applications (INISTA), Jul. 2019, doi:10.1109/inista.2019.8778269.

M. Ahmed, R. Pal, Md. M. Hossain, Md. A. N. Bikas, and Md. K. Hasan, “NIDS: A Network Based Approach to Intrusion Detection and Prevention,” 2009 International Association of Computer Science and Information Technology - Spring Conference, 2009, doi:10.1109/iacsit-sc.2009.96.

Jianning Mai, A. Sridharan, Chen-Nee Chuah, Hui Zang, and Tao Ye, “Impact of Packet Sampling on Portscan Detection,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 12, pp. 2285–2298, Dec. 2006, doi: 10.1109/jsac.2006.884027.

Rong Cong, Jie Yang, and Gang Cheng, “Research of sampling method applied to traffic classification,” 2010 IEEE 12th International Conference on Communication Technology, Nov. 2010, doi:10.1109/icct.2010.5689208.

J. M. C. Silva, P. Carvalho, and S. R. Lima, “Analysing traffic flows through sampling: A comparative study,” 2015 IEEE Symposium on Computers and Communication (ISCC), Jul. 2015, doi:10.1109/iscc.2015.7405538.

I. Paredes-Oliva, P. Barlet-Ros, and J. Sole-Pareta, “Scan detection under sampling: a new perspective,” Computer, vol. 46, no. 4, pp. 38–44, Apr. 2013, doi: 10.1109/mc.2013.70.

K. Bartos, M. Rehak, and V. Krmicek, “Optimizing flow sampling for network anomaly detection,” 2011 7th International Wireless Communications and Mobile Computing Conference, Jul. 2011, doi:10.1109/iwcmc.2011.5982728.

G. Androulidakis, V. Chatzigiannakis, and S. Papavassiliou, “Network anomaly detection and classification via opportunistic sampling,” IEEE Network, vol. 23, no. 1, pp. 6–12, Jan. 2009, doi:10.1109/mnet.2009.4804318.

D. Brauckhoff, B. Tellenbach, A. Wagner, M. May, and A. Lakhina, “Impact of packet sampling on anomaly detection metrics,” Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, Oct. 2006, doi: 10.1145/1177080.1177101.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).