Improving the Reliability of Network Intrusion Detection Systems through Dataset Integration

This work presents Reliable-NIDS (R-NIDS), a novel methodology for Machine Learning (ML) based Network Intrusion Detection Systems (NIDSs) that allows ML models to work on integrated datasets, empowering the learning process with diverse information from different datasets. Therefore, R-NIDS targets the design of more robust models, that generalize better than traditional approaches. We also propose a new dataset, called UNK21. It is built from three of the most well-known network datasets (UGR'16, USNW-NB15 and NLS-KDD), each one gathered from its own network environment, with different features and classes, by using a data aggregation approach present in R-NIDS. Following R-NIDS, in this work we propose to build two well-known ML models (a linear and a non-linear one) based on the information of three of the most common datasets in the literature for NIDS evaluation, those integrated in UNK21. The results that the proposed methodology offers show how these two ML models trained as a NIDS solution could benefit from this approach, being able to generalize better when training on the newly proposed UNK21 dataset. Furthermore, these results are carefully analyzed with statistical tools that provide high confidence on our conclusions.

MSNM-S: An Applied Network Monitoring Tool for Anomaly Detection in Complex Networks and Systems

Technology evolves quickly. Low cost and ready-to-connect devices are designed to provide new services and applications for a better people's daily life. Smart grids or smart healthcare systems are some examples of such applications all of them in the context of smart cities. In this all-connectivity scenario, some security issues arise since the larger is the number of connected devices the bigger is the surface attack dimension. This way, new solutions to monitor and detect security events are needed addressing new challenges coming from this scenario that are, among others, the number of devices to monitor, the huge amount of data to manage and the real time requirement to provide a quick security event detection and, consequently, quick attack reaction. In this work, the MSNM-Sensor is introduced, a practical and ready-to-use tool to monitor and detect security events able to manage this kind of environments. Although it is in its early development stages, experimental results based on the detection of well known attacks in hierarchical network systems proof its suitability to be applied in more complex scenarios like the ones found in smart cities or IoT ecosystems.