{"title":"Optimizing network security: Weighted average ensemble of BPNN and RELM in EPRN-WPS intrusion detection","authors":"P.S. Pavithra, P. Durgadevi","doi":"10.1016/j.cose.2024.104289","DOIUrl":null,"url":null,"abstract":"<div><div>Intrusion Detection Systems (IDS) are crucial components of network security solutions designed to identify and reduce threats in real-time. The main function of IDS is to determine unauthorized access, anomalies, and misuse. When an anomaly is detected, the IDS alerts the network administrators or takes predefined actions to alleviate the threat. Several deep learning (DL) based techniques have been designed for effective IDS. Despite that, they face several complexities such as encrypted traffic, network complexity, less efficiency, and scalability issues. This research work designs a novel method named Ensemble Probability Regularized Network-based Waterwheel Plant Search (EPRN-WPS) algorithm for improving network security and integrity. The proposed framework integrates six phases namely, data collection, monitoring interval phase, alert preprocessing phase, alert scrubbing phase, alert correlation engine phase, and alert prioritization phase. For evaluation, the proposed framework deploys the input data from the Network Intrusion Detection Dataset (UNR-IDD). During, the monitor interval phase the model continuously monitored the network activities to generate more accurate alerts by deriving a diverse set of data over time. In the alert preprocessing phase, the relevant alerts are prioritized and unnecessary information is eliminated. Furthermore, the alert scrubbing phase is utilized to analyze and filter the alerts to reduce false positives and point out security threats. The potential threats by correlating alerts from various sources are identified in the alert correlation engine phase. For alert prioritization, the proposed technique EPRN-WPS combines a significance of Biased Probability Neural Network (BPNN), Regularized Extreme Learning Machine (RELM), and weighted average ensemble models and classifies the alerts into low, high, and medium. Moreover, the proposed framework implemented a Waterwheel plant optimization with an initial search strategy for optimizating the parameters thereby enhancing the effectiveness of the EPRN-WPS method. The proposed methodology achieves an accuracy of 98.9 %, a sensitivity of 97.2 %, a specificity of 97.7 %, an F1-score of 96.3 %, and a False Alarm Rate (FAR) of 1.4 %. The experimental results show the effectiveness of the proposed EPRN-WPS method in intrusion detection and it ensures the integrity of the network.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104289"},"PeriodicalIF":4.8000,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005959","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Intrusion Detection Systems (IDS) are crucial components of network security solutions designed to identify and reduce threats in real-time. The main function of IDS is to determine unauthorized access, anomalies, and misuse. When an anomaly is detected, the IDS alerts the network administrators or takes predefined actions to alleviate the threat. Several deep learning (DL) based techniques have been designed for effective IDS. Despite that, they face several complexities such as encrypted traffic, network complexity, less efficiency, and scalability issues. This research work designs a novel method named Ensemble Probability Regularized Network-based Waterwheel Plant Search (EPRN-WPS) algorithm for improving network security and integrity. The proposed framework integrates six phases namely, data collection, monitoring interval phase, alert preprocessing phase, alert scrubbing phase, alert correlation engine phase, and alert prioritization phase. For evaluation, the proposed framework deploys the input data from the Network Intrusion Detection Dataset (UNR-IDD). During, the monitor interval phase the model continuously monitored the network activities to generate more accurate alerts by deriving a diverse set of data over time. In the alert preprocessing phase, the relevant alerts are prioritized and unnecessary information is eliminated. Furthermore, the alert scrubbing phase is utilized to analyze and filter the alerts to reduce false positives and point out security threats. The potential threats by correlating alerts from various sources are identified in the alert correlation engine phase. For alert prioritization, the proposed technique EPRN-WPS combines a significance of Biased Probability Neural Network (BPNN), Regularized Extreme Learning Machine (RELM), and weighted average ensemble models and classifies the alerts into low, high, and medium. Moreover, the proposed framework implemented a Waterwheel plant optimization with an initial search strategy for optimizating the parameters thereby enhancing the effectiveness of the EPRN-WPS method. The proposed methodology achieves an accuracy of 98.9 %, a sensitivity of 97.2 %, a specificity of 97.7 %, an F1-score of 96.3 %, and a False Alarm Rate (FAR) of 1.4 %. The experimental results show the effectiveness of the proposed EPRN-WPS method in intrusion detection and it ensures the integrity of the network.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
