The Internet has become an important part of many people’, s daily activities. Therefore, numerous attacks threaten Internet users. IDS is a network intrusion detection tool used to quickly identify and categorize intrusions, attacks, or security issues in network-level and host-level infrastructure. Although much research has been done to improve IDS performance, many key issues remain. IDSs need to be able to more accurately detect different types of intrusions with fewer false alarms and other challenges. In this paper, we attempt to improve the performance of IDS using Whale Optimization Algorithm (WOA). The results are compared with other algorithms. NSL-KDD dataset is used to evaluate and compare the results. K-means clustering was chosen for pre-processing after a comparison between some of the existing classifier algorithms. The proposed method has proven to be a competitive method in terms of detection rate and false alarm rate base on a comparison with some of the other existing methods.

Nowadays, information plays an important role in organizations. Sensitive information is often stored in Databases. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of intrusion detection systems in Databases are necessary. In this paper, we propose an intrusion detection system for detecting attacks in both Database transaction level and inter-transaction level (user task level). For this purpose, we propose a detection method at transaction level, which is based on describing the expected transactions within the Database applications. Then at inter-transaction level, we propose a detection method that is based on anomaly detection and uses data mining to find dependency and sequence rules. The main advantage of this system, in comparison with the previous Database intrusion detection systems, is that it can detect malicious behaviors in both transaction and inter-transaction levels.Also, it gains advantages of a hybrid method, including specification-based detection and anomaly detection, to minimize both false positive and false negative alarms. In order to evaluate the accuracy of the proposed system, some experiments have been done. The experiment results demonstrate that the true positive rate (recall metric) is higher than 80%, and the false positive rate is lower than 10% per different data sets and choosing appropriate ranges for support and confidence thresholds. The experimental evaluation results show high accuracy and effectiveness of the proposed system.

Wireless Body Area Network (WBAN) is a pioneer trend in healthcare technology. Since any cyber-attack on a WBAN could jeopardize the patient's health, securing the WBAN plays a crucial role in healthcare applications. An intrusion detection system (IDS), as a second-line defense, is one of the security methods in computer networks. In this paper, a new IDS has been presented which is able to detect denial of service (DoS) attacks in a WBAN. In the proposed IDS, a genetic algorithm is used to select features of collected data, in a way that increases the performance of the IDS and as a result the WBAN. Then, using support vector machine and k nearest neighbor techniques, the data classification is performed to detect DoS traffic from regular data traffic. Simulation results indicate that the proposed IDS has effective performance with a 90% detection rate.

intrusion detection is an important subject of research in the cyberspace field. In an intrusion detectionsystem (IDS), redundant and irrelevant features have a negative impact on the IDS performance. Therefore, an appropriate feature selection method is an important part of IDSs for eliminating unrelated and redundant features. In this paper, a new feature selection method is proposed that joins features level to level and step by step to select a subset of proper features in order to finally detect intrusion more accurately and speedily. The purpose of the proposed method is applying it in intrusion detection systems to distinguish a normal the connection from an intruding connection to the network. The experiments on the NSL-KDD dataset show that the proposed method in comparison with other methods selects only six important features among the 41 features in the baseline, and can detect an intrusion with precision above 99. 58% by relying only on these six features. In other words, the proposed method's failure has been 42 in 10, 000 connections of the network and has correctly identified other 9958 regular connections and labeled them as normal. Finally, improvement in the algorithm runtime and the percentage accuracy of the proposed method in comparison with other methods has been verified and reported.

Today, the number of cyberattacks on computer networks, especially local area networks and the Internet, has increased dramatically, and these attacks have become much more complex. Many intrusion detection systems (IDS) and signatures are being designed and developed to detect these types of attacks. In recent years, with the introduction of blockchain, which is a secure distributed Database in decentralized networks, a dramatic change has occurred in computer networks. This technology can create consensus and trust between intrusion detection systems to increase the stability of the cooperating networks among IDS systems. Therefore, the combination of these two systems can have better performance than previous generations of IDS. Blockchain technology has many applications in the world of cryptography and network security due to features such as data integrity, availability, and decentralized management. Information security in this network is essential for the proper functioning of intrusion detection systems and firewalls. These features can be found in the Hyperledger Fabric network. Due to the use of asymmetric encryption and blockchain, this network transmits and records information securely and quickly in the network. In this project, using blockchain technology, we are trying to create a network of IDS nodes where each node can add its own rules to the blockchain Database. In this way, the other nodes of the chain use the rules of other nodes to improve their intrusion detection system efficiency after consensus and synchronization. Also, due to the decentralized nature of the blockchain, a central identity control is not required to approve/disapprove the nodes and rules added to the Database, and consensus mechanisms do this.