Hybrid Data Mining to Reduce False Positive and False Negative Prediction in Intrusion Detection System

2018 ◽  
pp. 1-12
Author(s):  
Bala Palanisamy ◽  
Biswajit Panja ◽  
Priyanka Meharia
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
Negative Prediction ◽  
Hybrid Data

A Prototype for Network Intrusion Detection System using Danger Theory

2015 ◽  
Vol 73 (2) ◽  
Author(s):  
Raed Al-Dhubhani ◽  
Norbik Bashah Idris ◽  
Faisal Saeed
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
Network Intrusion Detection ◽  
Danger Theory ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset.  

The Designation of Intrusion Detection System Model Based on Data Mining

2014 ◽  
Vol 543-547 ◽  
pp. 3532-3536
Author(s):  
Yan Jun Zhao ◽  
Ming Jun Wei
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
System Model ◽  
Rule Base ◽  
Model Based ◽  
Network Intrusion

On the basis of further analyzing the operational mechanism of the existing intrusion detection system model, in allusion to the existing problem the powerless ,high false negative rate, low detection efficiency and the lack of the rule base automatic extension mechanism to unknown aggressive behavior for existing detection mechanisms, Combining the relevant knowledge of data mining technology, then to design one improved network intrusion detection system model based on data mining, combined misuse detection and anomaly detection. Finally, we carry out a detailed introduction to the associated modules of work processes and work steps.

scholarly journals Miner Alerts Module To Generate Itemsets Based On FP-Growth Algorithm Improvement

2018 ◽  
Vol 29 (1) ◽  
pp. 114
Author(s):  
Karim Hashim Al-Saedi ◽  
Raghda Abd Alrab Abd Alhassn
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
Apriori Algorithm ◽  
Data Mining Techniques ◽  
Huge Data ◽  
Three Phases

Data mining techniques becomes very useful for all areas, Which gives impressive results and accurate. It is can be works with huge data and variance types data. The intrusion detection system (IDS) has huge numbers of alerts without classify and almost alerts be false positive. In this paper, we proposed a new miner module to generating Itemsets of IDS alerts by using FP-Growth Algorithm Improvement, which it is produce from compact Fp growth algorithm with Apriori algorithm. This a new module contains three phases; Compute support, Resort, and Generating K-Itemsets. Its applies on Darpa 1999 datasets to generating Alerts sets based on IDS Snort. The obtain result was very useful because it is make the alerts ready to classify.

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Sign in / Sign up

Export Citation Format

Share Document