Symmetry (Mar 2021)

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

  • Ivan Babić,
  • Aleksandar Miljković,
  • Milan Čabarkapa,
  • Vojkan Nikolić,
  • Aleksandar Đorđević,
  • Milan Ranđelović,
  • Dragan Ranđelović

DOI
https://doi.org/10.3390/sym13040557
Journal volume & issue
Vol. 13, no. 4
p. 557

Abstract

Read online

This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on an observed and protected network is determined by using all three values obtained with three known IDS algorithms i.e., on previously recorded data by making a decision by majority. For these algorithms authors used algorithm of k-nearest neighbors, cumulative sum algorithm, and algorithm of exponentially weighted moving average. Using a proposed method we can get a threshold that is more precisely determined than in the case of any method individual. Practically, using TMR we obtain a dynamically threshold adjustment of IDS software, which reduces the existence of false alarms and undetected attacks, so the efficiency of such IDS software is notably higher and can get better results. Today, Denial of Service attacks (DoS) are one of the most present type of attacks and the reason for the special attention paid to them in this paper. In addition, the authors of the proposed method for IDS software used a known CIC-DDoS2019 dataset, which contains various data recordings of such attacks. Obtained results with the proposed solution showed better characteristics than each individual used algorithm in this solution. IDS software with the proposed method worked precisely and timely, which means alarms were triggered properly and efficiently.

Keywords