A robust intrusion detection system utilizing uncertain reasoning techniques in artificial intelligence

Abstract

Network Intrusion Detection Systems (NIDS) are essential components in cybersecurity, but they face several challenges, including uncertainty and a significant computational overhead. Network attacks and unauthorized access to remote computers can be detected by NIDS. Artificial Intelligence (AI) techniques have been used to automate the intrusion detection process and reduce human intervention, thereby enhancing intrusion detection systems (IDS) performance. AI techniques, such as fuzzy logic, neural networks, and evolutionary computing can also be used in IDS. One proposed application of AI is to utilize evidential reasoning to handle uncertainty in NIDS. This approach leads to more efficient abnormality detection in user behaviour, making it a powerful tool for NIDS. This research primarily focuses on NIDS based on uncertain reasoning AI. The latter is more explainable than machine learning and deep learning approaches because it relies on well-understood principles, such as probabilities. In contrast, machine learning approaches are often considered black boxes, which makes them challenging to explain. We primarily work on real-time network traffic or packet-captured files, with the main objective of looking for attack signs of various types, using Bayesian belief networks (probabilistic graphical models). Throughout this thesis, we describe the IDS and the analysis of network traffic using a BN and Markov network (MN). BN is used to formulate the problem domain, whereas the MN is used for the inference and calculation of marginal distribution. To do so, different propagation algorithms are explored, such as Variable Elimination (VE), Lauritzen-Spiegelhalter Propagation (LS), Shafer-Shenoy Propagation (SS), and Lazy Propagation(LP). The data used in the experiments originated from the CAIDA Lab. CAIDA dataset contains network traffic packets from Distributed Denial-of-Service (DDoS) attacks. Therefore, the main objective of this thesis is to develop an uncertain reasoning-based NIDS system capable of predicting DoS/DDoS attacks with higher accuracy while reducing the computation overhead. Extensive experiments are conducted using the above-listed inference algorithms, and thus three models are trained for each protocol on the CAIDA dataset. The experiments show appealing results, measured using well-known metrics, such as Precision, Recall, and F1-Score. Overall, the SS and LP are efficient, but with minor differences.