Deepak Kshirsagar | College Of Engineering Pune (original) (raw)
Papers by Deepak Kshirsagar
2022 6th International Conference On Computing, Communication, Control And Automation (ICCUBEA
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), 2018
The current digital world is using the internet almost everywhere. The usage of internet has been... more The current digital world is using the internet almost everywhere. The usage of internet has been increasing, however, threats are also increasing in numbers. One such threat is DoS attack which uses reasonable service requests to gain excessive computing and network resources and results in an inability to access them by legitimate users. The DoS attack can happen at different layers of OSI model such as network, transport and application layers. The aim of this paper is to detect DoS attack effectively using Machine learning (ML) and Neural Network (NN) algorithms. The detection is specifically focused on application layer DoS attack detection rather than at transport and network DoS attack detection. The latest DoS attack dataset CIC IDS 2017 dataset is used in the experiment. The experimentation has divided the dataset into different splits and the best split is found for each algorithm i.e. RF and MLP. Results of RF and MLP are compared and it is shown that RF provides better results than MLP.
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA)
As a new generation vehicle are in market now days, new networking architecture is defined for th... more As a new generation vehicle are in market now days, new networking architecture is defined for those vehicles. In-vehicle communication and different interfaces which are used to connect in-vehicle network to outside are vulnerable. Communication like Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I) and Vehicle to Anything (V2X) is not secure as there are so many vulnerabilities present in designed communication protocol. The vehicles which are on road consist of several Electronic controller units (ECU). These ECUs takes input from different sensors or another ECU and take appropriate action. When vehicle is on road, these ECUs are communicating continuously. According to the current figure there are near about 70 to 100 ECUs present and communication of these ECU is taken place via different communication channel called bus. To reduce the complex wiring of buses, researchers developed different protocol for different type of communication bus protocol such as LIN, CAN, FlexRay, and MOST which is widely used by different automotive manufacturers. On the basis of speed used for communication the bus is chosen like, to play video there must be very high speed bus as streaming must be taken place with maximum speed without any delay. There are several safety critical ECUs also such as break system, Engine Control, Speed Control etc. Apart from these, as day by day the luxurious features are introduced by the automotive manufacturer by adding more ECU and security for that gaining more importance. So the risk of cyber-attack is quite high which can be life threat to driver and passenger. In addition to that, interfaces such as wireless communication, remote diagnostics, and firmware update over the air are new platforms where attacker have various option for intrusion. For example attacker can take control on vehicle steering using wireless communication interface and puts lives of passengers in danger. To reduce the complex wiring for communication and increase the efficiency of communication automotive manufacturers developed different protocols but the security for that. In this paper, we will provide an insight into the different protocols for Inter-vehicle and In-vehicle communication network systems, overview and the emerging In-Vehicle networking standards and their security issues.
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), 2018
The field of 3D shape representations and recognition is changing over years with the advancement... more The field of 3D shape representations and recognition is changing over years with the advancement in computer vision and use of machine learning in the same field. The 3D model classification is an important problem, with applications in automotive, robotics, CAD visions, augmented reality and many more. In this research, machine learning is an important field with which we extract useful information from the AutoCAD drawing consisting of 3D Objects. It uses Features based classification techniques to identify different components for an AutoCAD drawing. This research is useful in tackling the problems where in there is a need to comprehend the CAD drawings with 3D objects present in it.
International Journal of System Assurance Engineering and Management, 2021
In the current digital era, the consumer uses web applications for banking, e-commerce, and shari... more In the current digital era, the consumer uses web applications for banking, e-commerce, and sharing information with others. These web applications are suffered from different types of attacks. The hacker intelligently uses multiple attack vectors to generate attacks with the help of tools. Therefore, intelligent intrusion detection plays an essential role in security. This paper presents an ontology-based intrusion detection framework to detect Denial of Service (DoS) attacks at the application level. The system proposes the ontology model and semantic rule for the detection of an HTTP flood attack. The system is implemented and tested on the GoldenEye DoS dataset with the help of semantic rules. The system provides early detection of DoS attacks in two seconds and improved detection rate using a time winodw threshold mechanism in the semantic rule. The system also achieves a higher detection rate of 94.89% without threshold in semantic rule to detect DoS attack. Finally, the system is compared with related traditional DoS detection systems.
Proceedings of the International Conference on Advances in Information Communication Technology & Computing - AICTC '16, 2016
The use of web applications by the users over the Internet is increasing day by day. Analyzing th... more The use of web applications by the users over the Internet is increasing day by day. Analyzing the increasing demand, many organizations are providing their services through web applications. Number of users and web applications are increasing continuously. Moreover, the malicious traffic is also increasing with the same rate. Therefore, there is a need to secure web servers and applications. Web servers and applications are suffering from Flooding attacks from network to the application layer. Many solutions are available for flooding attacks at the network and transport layer. However, very few solutions are available for flooding attacks at application layer due to complexity in detecting the behavior of attack. This paper proposes the HTTP Request ontology for the efficient detection of HTTP Flood attack. The proposed ontology is useful for the development of semantic rules for attack detection, which produces a higher detection rate as compared to the current state of the art systems.
2019 5th International Conference On Computing, Communication, Control And Automation (ICCUBEA), 2019
Denial of Service (DoS) attack is the main focus of many major companies. DoS can be used to occu... more Denial of Service (DoS) attack is the main focus of many major companies. DoS can be used to occupy almost all the resources of the target machine which results in shut down of the machine or unable to process the request from a genuine user. The DoS attack is very easy to engineer. Nowadays, the DoS attacks are involving from simple to very complex and sophisticated once. This paper presents an approach to intrusion detection consists of data preprocessing, feature selection and rule-based classifiers. The feature selection uses information gain with ranker. The approach is implemented and tested with rule base classifiers on dataset of GoldenEye tool in CICIDS 2018. The analysis of rule base classifiers is done and compared with each other in terms of performance.
Cyber-Physical Systems, 2022
Distributed Computing and Internet Technology, 2019
Benchmark datasets are available to test and evaluate intrusion detection systems. The benchmark ... more Benchmark datasets are available to test and evaluate intrusion detection systems. The benchmark datasets are characterized by high volume and dimensionality curse. The feature reduction plays an important role in a machine learning-based intrusion detection system to identify relevant and irrelevant features with respect to the classification. This paper proposes a method for the identification of reduced features for the classification of Denial of Service (DoS) attack. The reduced feature technique is based on Information Gain (IG) and Threshold Limit Value (TLV). The proposed approach detects DoS attack using a reduced feature set from the original feature set with PART classifier. The proposed approach is implemented and tested on CICIDS 2017 dataset. The experimentation shows improved results in terms of performance with a reduced feature set. Finally, the performance of the proposed system is compared with the original feature set.
Advances in Intelligent Systems and Computing, 2021
Denial of Service (DoS) attacks are emerging as a security threat, which, when ignored, may resul... more Denial of Service (DoS) attacks are emerging as a security threat, which, when ignored, may result in enormous losses for the organizations. Such attacks lead to the unavailability of the services provided by the organizations to legitimate users. The detection of such attacks with lower computation and minimization of errors is an ongoing research area. This paper focuses on analyzing different feature selection methods for feature selection in the detection of DoS attacks. The analysis of feature selection methods provides relevant and noisy feature subsets based on the score obtained by each method. The obtained relevant feature subset is tested on the CICIDS-2017 DoS dataset and achieves higher accuracy of 99.9591% with the PART classifier.
Advances in Intelligent Systems and Computing, 2021
In today’s connected world, risk of getting attacked over the internet is increased, which plays ... more In today’s connected world, risk of getting attacked over the internet is increased, which plays a major role in infecting the devices over the internet. The internet is flooded with different malwares, but we have focused on the harmful effects of Botnet. Botnet is a group of devices controlled by a single device to attack and infect other devices over the internet. The devices are called bots and these can be any internet-connected device and the single device controlling these can be called as a botmaster or a bot driver. It is crucial to detect them at a faster rate since they can perform various malicious activities. We performed different experiments to detect Botnet. For experimentation, we used CICIDS2017 dataset and different machine learning algorithms from Weka. With the ML algorithms, we achieved the highest accuracy of 98.9146% for NaiveBayesMultinominalText algorithm.
2018 3rd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), 2018
Currently SCADA system collects all alarms from the devices and show up to the operators. Alarmin... more Currently SCADA system collects all alarms from the devices and show up to the operators. Alarming system in SCADA alerts the operator of any abnormal operating conditions in plant. If the alerts are not taken care at appropriate time then it may lead to device failure which can increase the cost of the inventory. Thus, alarm management system prevents or helps to at least minimize any physical or economic loss. The operator should respond with speed and accuracy to any high priority alarming condition. At times, it becomes very difficult for operators to analyze and take corrective action on very important alarms in shortest possible time i.e. problem of alarm flooding occurs. Hence, to solve the problem of alarm flooding, we proposed an alarm management system which uses machine learning techniques to filter the most important data to operators based on risk parameters. In this paper, we have also shown the implementation results of pre-processing phase of our proposed system. The...
Online Social Networking (OSN) sites such as Facebook, Twitter, Google+ attract hundreds and mill... more Online Social Networking (OSN) sites such as Facebook, Twitter, Google+ attract hundreds and millions of users. Such social networks have a centralized architecture wherein user's private data and user generated content are centrally owned by a single administrative domain that manages communication between its users. As a result, centralized social networks have gathered unprecedented amounts of data about the behaviors and personalities of individuals, raising major privacy and security concerns. This has put in demand for a decentralized social networking site that addresses the privacy and security issues.
Advances in Intelligent Systems and Computing, 2019
Due to the rapid use of the internet, the Distributed Denial of Service (DDoS) attack is affected... more Due to the rapid use of the internet, the Distributed Denial of Service (DDoS) attack is affected by E-Commerce, government, and private IT infrastructure. Intrusion Detection System is the best way to deal with the detection of DDoS attacks. In this paper, we focused on the feature selection process to improve the performance by the selection of important features. Information Gain with Ranker algorithm is used for the feature selection process. After the feature selection process, the proposed system uses Random Forest, J48, LMT (Logistic Model Tree) classifiers for the detection of the DDoS attack. The proposed system is tested with the help of CICIDS2017 dataset. The experimentation result shows that J48 classifier provides improved detection rate as compared to Random Forest and LMT with important features.
Blockchain Technology and the Internet of Things, 2020
Data Science and Security, 2021
The Internet of Things (IoT) networks suffered from different types of cyber attacks due to vulne... more The Internet of Things (IoT) networks suffered from different types of cyber attacks due to vulnerabilities present in IoT devices. The attacker creates Denial of Service (DoS) and Distributed DoS (DDoS) quickly towards IoT networks. Therefore, to secure IoT networks from such types of cyber attacks intelligent intrusion detection system is needed. This paper proposes the IDS with and without feature selection to detect DoS and DDoS attacks in IoT. The proposed system achieves higher accuracy of 99.9992% with a JRip classifier from the suite of rule-based classifiers using 36 features obtained using pre-processing data phase. The proposed approach brings relevant features using the correlation feature selection method with top-ranked 50% features and achieves higher accuracy of 99.9994% on IoT-BoT dataset compared to 36 features obtained after pre-processing data phase. The proposed system is compared with traditional IDSs in terms of the used feature selection method and dataset.
ICT Express, 2021
Abstract Feature selection or reduction is a significant process for intrusion detection system (... more Abstract Feature selection or reduction is a significant process for intrusion detection system (IDS) in finding optimal features. Irrelevant features present in the dataset increase load on computing resources and affect the performance of the system. The present study proposes a feature reduction method based on the combination of filter-based feature reduction algorithms, namely Information Gain Ratio (IGR), Correlation (CR), and ReliefF (ReF). The system initially obtains feature subsets for each classifier based on average weight and further Subset Combination Strategy (SCS) is applied. The proposed feature reduction method results in 24 reduced features for CICIDS 2017 DoS dataset. The proposed method shows an improved performance compared to the current state-of-the-art systems on CICIDS 2017 dataset. The proposed method has also been tested and compared with the current state-of-the-art systems on KDD Cup 99 dataset.
Journal of Ambient Intelligence and Humanized Computing, 2021
The hacker attempts distributed denial of service (DDoS) attacks towards network resources to dis... more The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.
Journal of Discrete Mathematical Sciences and Cryptography, 2020
There are a large number of features present in benchmark datasets that are used to test and eval... more There are a large number of features present in benchmark datasets that are used to test and evaluate intrusion detection systems. However, these high dimensional datasets require more computing resources and computation time. Identification of relevant and irrelevant features in high dimensional datasets plays a vital role in intrusion detection. This study proposes an ensemble feature reduction method to identify a reduced feature subset for the classification of web-attack. The ensemble method is based on information gain, correlation, gain ratio, chi-square, and ReliefF. Further, the system uses J48 classifier with a reduced feature subset for the classification of web-attack. The implemented system is tested on the CICIDS 2017 web-attack dataset which produces prominent results in terms of performance with reduced feature subset. Finally, the proposed method is compared with current state-of-the-art systems using J48 with 10-fold cross-validation.
2022 6th International Conference On Computing, Communication, Control And Automation (ICCUBEA
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), 2018
The current digital world is using the internet almost everywhere. The usage of internet has been... more The current digital world is using the internet almost everywhere. The usage of internet has been increasing, however, threats are also increasing in numbers. One such threat is DoS attack which uses reasonable service requests to gain excessive computing and network resources and results in an inability to access them by legitimate users. The DoS attack can happen at different layers of OSI model such as network, transport and application layers. The aim of this paper is to detect DoS attack effectively using Machine learning (ML) and Neural Network (NN) algorithms. The detection is specifically focused on application layer DoS attack detection rather than at transport and network DoS attack detection. The latest DoS attack dataset CIC IDS 2017 dataset is used in the experiment. The experimentation has divided the dataset into different splits and the best split is found for each algorithm i.e. RF and MLP. Results of RF and MLP are compared and it is shown that RF provides better results than MLP.
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA)
As a new generation vehicle are in market now days, new networking architecture is defined for th... more As a new generation vehicle are in market now days, new networking architecture is defined for those vehicles. In-vehicle communication and different interfaces which are used to connect in-vehicle network to outside are vulnerable. Communication like Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I) and Vehicle to Anything (V2X) is not secure as there are so many vulnerabilities present in designed communication protocol. The vehicles which are on road consist of several Electronic controller units (ECU). These ECUs takes input from different sensors or another ECU and take appropriate action. When vehicle is on road, these ECUs are communicating continuously. According to the current figure there are near about 70 to 100 ECUs present and communication of these ECU is taken place via different communication channel called bus. To reduce the complex wiring of buses, researchers developed different protocol for different type of communication bus protocol such as LIN, CAN, FlexRay, and MOST which is widely used by different automotive manufacturers. On the basis of speed used for communication the bus is chosen like, to play video there must be very high speed bus as streaming must be taken place with maximum speed without any delay. There are several safety critical ECUs also such as break system, Engine Control, Speed Control etc. Apart from these, as day by day the luxurious features are introduced by the automotive manufacturer by adding more ECU and security for that gaining more importance. So the risk of cyber-attack is quite high which can be life threat to driver and passenger. In addition to that, interfaces such as wireless communication, remote diagnostics, and firmware update over the air are new platforms where attacker have various option for intrusion. For example attacker can take control on vehicle steering using wireless communication interface and puts lives of passengers in danger. To reduce the complex wiring for communication and increase the efficiency of communication automotive manufacturers developed different protocols but the security for that. In this paper, we will provide an insight into the different protocols for Inter-vehicle and In-vehicle communication network systems, overview and the emerging In-Vehicle networking standards and their security issues.
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), 2018
The field of 3D shape representations and recognition is changing over years with the advancement... more The field of 3D shape representations and recognition is changing over years with the advancement in computer vision and use of machine learning in the same field. The 3D model classification is an important problem, with applications in automotive, robotics, CAD visions, augmented reality and many more. In this research, machine learning is an important field with which we extract useful information from the AutoCAD drawing consisting of 3D Objects. It uses Features based classification techniques to identify different components for an AutoCAD drawing. This research is useful in tackling the problems where in there is a need to comprehend the CAD drawings with 3D objects present in it.
International Journal of System Assurance Engineering and Management, 2021
In the current digital era, the consumer uses web applications for banking, e-commerce, and shari... more In the current digital era, the consumer uses web applications for banking, e-commerce, and sharing information with others. These web applications are suffered from different types of attacks. The hacker intelligently uses multiple attack vectors to generate attacks with the help of tools. Therefore, intelligent intrusion detection plays an essential role in security. This paper presents an ontology-based intrusion detection framework to detect Denial of Service (DoS) attacks at the application level. The system proposes the ontology model and semantic rule for the detection of an HTTP flood attack. The system is implemented and tested on the GoldenEye DoS dataset with the help of semantic rules. The system provides early detection of DoS attacks in two seconds and improved detection rate using a time winodw threshold mechanism in the semantic rule. The system also achieves a higher detection rate of 94.89% without threshold in semantic rule to detect DoS attack. Finally, the system is compared with related traditional DoS detection systems.
Proceedings of the International Conference on Advances in Information Communication Technology & Computing - AICTC '16, 2016
The use of web applications by the users over the Internet is increasing day by day. Analyzing th... more The use of web applications by the users over the Internet is increasing day by day. Analyzing the increasing demand, many organizations are providing their services through web applications. Number of users and web applications are increasing continuously. Moreover, the malicious traffic is also increasing with the same rate. Therefore, there is a need to secure web servers and applications. Web servers and applications are suffering from Flooding attacks from network to the application layer. Many solutions are available for flooding attacks at the network and transport layer. However, very few solutions are available for flooding attacks at application layer due to complexity in detecting the behavior of attack. This paper proposes the HTTP Request ontology for the efficient detection of HTTP Flood attack. The proposed ontology is useful for the development of semantic rules for attack detection, which produces a higher detection rate as compared to the current state of the art systems.
2019 5th International Conference On Computing, Communication, Control And Automation (ICCUBEA), 2019
Denial of Service (DoS) attack is the main focus of many major companies. DoS can be used to occu... more Denial of Service (DoS) attack is the main focus of many major companies. DoS can be used to occupy almost all the resources of the target machine which results in shut down of the machine or unable to process the request from a genuine user. The DoS attack is very easy to engineer. Nowadays, the DoS attacks are involving from simple to very complex and sophisticated once. This paper presents an approach to intrusion detection consists of data preprocessing, feature selection and rule-based classifiers. The feature selection uses information gain with ranker. The approach is implemented and tested with rule base classifiers on dataset of GoldenEye tool in CICIDS 2018. The analysis of rule base classifiers is done and compared with each other in terms of performance.
Cyber-Physical Systems, 2022
Distributed Computing and Internet Technology, 2019
Benchmark datasets are available to test and evaluate intrusion detection systems. The benchmark ... more Benchmark datasets are available to test and evaluate intrusion detection systems. The benchmark datasets are characterized by high volume and dimensionality curse. The feature reduction plays an important role in a machine learning-based intrusion detection system to identify relevant and irrelevant features with respect to the classification. This paper proposes a method for the identification of reduced features for the classification of Denial of Service (DoS) attack. The reduced feature technique is based on Information Gain (IG) and Threshold Limit Value (TLV). The proposed approach detects DoS attack using a reduced feature set from the original feature set with PART classifier. The proposed approach is implemented and tested on CICIDS 2017 dataset. The experimentation shows improved results in terms of performance with a reduced feature set. Finally, the performance of the proposed system is compared with the original feature set.
Advances in Intelligent Systems and Computing, 2021
Denial of Service (DoS) attacks are emerging as a security threat, which, when ignored, may resul... more Denial of Service (DoS) attacks are emerging as a security threat, which, when ignored, may result in enormous losses for the organizations. Such attacks lead to the unavailability of the services provided by the organizations to legitimate users. The detection of such attacks with lower computation and minimization of errors is an ongoing research area. This paper focuses on analyzing different feature selection methods for feature selection in the detection of DoS attacks. The analysis of feature selection methods provides relevant and noisy feature subsets based on the score obtained by each method. The obtained relevant feature subset is tested on the CICIDS-2017 DoS dataset and achieves higher accuracy of 99.9591% with the PART classifier.
Advances in Intelligent Systems and Computing, 2021
In today’s connected world, risk of getting attacked over the internet is increased, which plays ... more In today’s connected world, risk of getting attacked over the internet is increased, which plays a major role in infecting the devices over the internet. The internet is flooded with different malwares, but we have focused on the harmful effects of Botnet. Botnet is a group of devices controlled by a single device to attack and infect other devices over the internet. The devices are called bots and these can be any internet-connected device and the single device controlling these can be called as a botmaster or a bot driver. It is crucial to detect them at a faster rate since they can perform various malicious activities. We performed different experiments to detect Botnet. For experimentation, we used CICIDS2017 dataset and different machine learning algorithms from Weka. With the ML algorithms, we achieved the highest accuracy of 98.9146% for NaiveBayesMultinominalText algorithm.
2018 3rd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), 2018
Currently SCADA system collects all alarms from the devices and show up to the operators. Alarmin... more Currently SCADA system collects all alarms from the devices and show up to the operators. Alarming system in SCADA alerts the operator of any abnormal operating conditions in plant. If the alerts are not taken care at appropriate time then it may lead to device failure which can increase the cost of the inventory. Thus, alarm management system prevents or helps to at least minimize any physical or economic loss. The operator should respond with speed and accuracy to any high priority alarming condition. At times, it becomes very difficult for operators to analyze and take corrective action on very important alarms in shortest possible time i.e. problem of alarm flooding occurs. Hence, to solve the problem of alarm flooding, we proposed an alarm management system which uses machine learning techniques to filter the most important data to operators based on risk parameters. In this paper, we have also shown the implementation results of pre-processing phase of our proposed system. The...
Online Social Networking (OSN) sites such as Facebook, Twitter, Google+ attract hundreds and mill... more Online Social Networking (OSN) sites such as Facebook, Twitter, Google+ attract hundreds and millions of users. Such social networks have a centralized architecture wherein user's private data and user generated content are centrally owned by a single administrative domain that manages communication between its users. As a result, centralized social networks have gathered unprecedented amounts of data about the behaviors and personalities of individuals, raising major privacy and security concerns. This has put in demand for a decentralized social networking site that addresses the privacy and security issues.
Advances in Intelligent Systems and Computing, 2019
Due to the rapid use of the internet, the Distributed Denial of Service (DDoS) attack is affected... more Due to the rapid use of the internet, the Distributed Denial of Service (DDoS) attack is affected by E-Commerce, government, and private IT infrastructure. Intrusion Detection System is the best way to deal with the detection of DDoS attacks. In this paper, we focused on the feature selection process to improve the performance by the selection of important features. Information Gain with Ranker algorithm is used for the feature selection process. After the feature selection process, the proposed system uses Random Forest, J48, LMT (Logistic Model Tree) classifiers for the detection of the DDoS attack. The proposed system is tested with the help of CICIDS2017 dataset. The experimentation result shows that J48 classifier provides improved detection rate as compared to Random Forest and LMT with important features.
Blockchain Technology and the Internet of Things, 2020
Data Science and Security, 2021
The Internet of Things (IoT) networks suffered from different types of cyber attacks due to vulne... more The Internet of Things (IoT) networks suffered from different types of cyber attacks due to vulnerabilities present in IoT devices. The attacker creates Denial of Service (DoS) and Distributed DoS (DDoS) quickly towards IoT networks. Therefore, to secure IoT networks from such types of cyber attacks intelligent intrusion detection system is needed. This paper proposes the IDS with and without feature selection to detect DoS and DDoS attacks in IoT. The proposed system achieves higher accuracy of 99.9992% with a JRip classifier from the suite of rule-based classifiers using 36 features obtained using pre-processing data phase. The proposed approach brings relevant features using the correlation feature selection method with top-ranked 50% features and achieves higher accuracy of 99.9994% on IoT-BoT dataset compared to 36 features obtained after pre-processing data phase. The proposed system is compared with traditional IDSs in terms of the used feature selection method and dataset.
ICT Express, 2021
Abstract Feature selection or reduction is a significant process for intrusion detection system (... more Abstract Feature selection or reduction is a significant process for intrusion detection system (IDS) in finding optimal features. Irrelevant features present in the dataset increase load on computing resources and affect the performance of the system. The present study proposes a feature reduction method based on the combination of filter-based feature reduction algorithms, namely Information Gain Ratio (IGR), Correlation (CR), and ReliefF (ReF). The system initially obtains feature subsets for each classifier based on average weight and further Subset Combination Strategy (SCS) is applied. The proposed feature reduction method results in 24 reduced features for CICIDS 2017 DoS dataset. The proposed method shows an improved performance compared to the current state-of-the-art systems on CICIDS 2017 dataset. The proposed method has also been tested and compared with the current state-of-the-art systems on KDD Cup 99 dataset.
Journal of Ambient Intelligence and Humanized Computing, 2021
The hacker attempts distributed denial of service (DDoS) attacks towards network resources to dis... more The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.
Journal of Discrete Mathematical Sciences and Cryptography, 2020
There are a large number of features present in benchmark datasets that are used to test and eval... more There are a large number of features present in benchmark datasets that are used to test and evaluate intrusion detection systems. However, these high dimensional datasets require more computing resources and computation time. Identification of relevant and irrelevant features in high dimensional datasets plays a vital role in intrusion detection. This study proposes an ensemble feature reduction method to identify a reduced feature subset for the classification of web-attack. The ensemble method is based on information gain, correlation, gain ratio, chi-square, and ReliefF. Further, the system uses J48 classifier with a reduced feature subset for the classification of web-attack. The implemented system is tested on the CICIDS 2017 web-attack dataset which produces prominent results in terms of performance with reduced feature subset. Finally, the proposed method is compared with current state-of-the-art systems using J48 with 10-fold cross-validation.