IPS are placed in-line and are able to proactively prevent intrusions that are detected. More precisely, IPS can take actions such as dropping malicious packets, sending alarms, resetting the connection, correcting transmission errors, cleaning unwanted network and transport layer options.
This IPS comprises of two classifiers. Level 1 classifier is time constrained i.e. main concern is over classification of attacks within set amount of time & Level 2 classifier is free to run in its normal time of execution.
- Level 1 classifier used here is Decision Tree.
- Level 2 classifier used here is Random Forest.
This dataset has nine types of attacks, namely, Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. The Argus, Bro-IDS tools are used and twelve algorithms are developed to generate totally 49 features with the class label. download
- For Binary Classification
- For Multiclass Classification
- Binary Classification
| Selection of Model | ML Model | Accuracy | Precision | Recall | F1-Measure | Execution time(s) |
|---|---|---|---|---|---|---|
| Logistic Regression | 0.97 | 0.98 | 0.98 | 0.98 | 0.00267 | |
| Naïve Bayes | 0.74 | 0.87 | 0.75 | 0.76 | 0.01101 | |
| KNN | 0.98 | 0.98 | 0.98 | 0.98 | 4.270561 | |
| Quick to execute | Decision Tree | 0.98 | 0.98 | 0.98 | 0.98 | 0.00444 |
| Accuracy is high | Random Forest | 0.98 | 0.98 | 0.98 | 0.98 | 0.04627 |
| AdaBoost | 0.98 | 0.98 | 0.98 | 0.98 | 0.07368 | |
| SVM | 0.97 | 0.98 | 0.98 | 0.98 | 0.75300 |
- Multiclass Classification
| Selection of Model | ML Model | Accuracy | Precision | Recall | F1-Measure | Execution time(s) |
|---|---|---|---|---|---|---|
| Logistic Regression | 0.97 | 0.97 | 0.97 | 0.97 | 0.00763 | |
| Naïve Bayes | 0.95 | 0.95 | 0.95 | 0.95 | 0.04636 | |
| KNN | 0.97 | 0.97 | 0.97 | 0.97 | 17.2074 | |
| Quick to execute | Decision Tree | 0.97 | 0.97 | 0.97 | 0.97 | 0.00661 |
| Accuracy is high | Random Forest | 0.97 | 0.97 | 0.97 | 0.97 | 0.07719 |
| AdaBoost | 0.75 | 0.63 | 0.75 | 0.67 | 0.22904 | |
| SVM | 0.97 | 0.97 | 0.98 | 0.97 | 1.26248 |
Decision Tree is choosen for L1 Classifier because its quick execution whereas Random Forest is used for L2 Classifier because of high accuracy.
- Working of Phase 1 of IPS
- Working of Phase 2 of IPS
- Binary Classification
| ML Model | Accuracy | Precision | Recall | F1-Measure |
|---|---|---|---|---|
| DT(L1) | 0.981 | 0.98 | 0.98 | 0.98 |
| RF(L2) | 0.982 | 0.98 | 0.98 | 0.98 |
- Multiclass Classification
| ML Model | Accuracy | Precision | Recall | F1-Measure |
|---|---|---|---|---|
| DT(L1) | 0.970 | 0.97 | 0.97 | 0.97 |
| RF(L2) | 0.972 | 0.97 | 0.97 | 0.97 |
K. Saurabh, S. Singh, R. Vyas, O. P. Vyas and R. Khondoker, "MLAPS: A Machine Learning based Second Line of Defense for Attack Prevention in IoT Network," 2022 IEEE 19th India Council International Conference (INDICON), Kochi, India, 2022, pp. 1-6, doi: 10.1109/INDICON56171.2022.10039777.
-
W. Seo and W. Pak, ”Real-Time Network Intrusion Prevention System Based on Hybrid Machine Learning,” in IEEE Access, vol. 9, pp. 46386-46397, 2021, doi: 10.1109/ACCESS.2021.3066620.
-
Kamaldeep, M. Dutta and J. Granjal, ”Towards a Secure Internet of Things: A Comprehensive Study of Second Line Defense Mechanisms,” in IEEE Access, vol. 8, pp. 127272-127312, 2020
-
For diagrams of phases created with BioRender.com
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent