scholarly journals K-Modes Clustering Algorithm Based on Weighted Overlap Distance and Its Application in Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Yawen Dai ◽  
Guanghui Yuan ◽  
Zhaoyuan Yang ◽  
Bin Wang
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Clustering Algorithm ◽  
Rough Set Theory ◽  
Detection System ◽  
Weighted Average ◽  
Average Density ◽  
Selection Algorithm ◽  
Detection Model ◽  
Kdd Cup 99

In order to better apply the K-modes algorithm to intrusion detection, this paper overcomes the problems of the existing K-modes algorithm based on rough set theory. Firstly, for the problem of K-modes clustering in the initial class center selection, an initial class center selection algorithm Ini_Weight based on weighted density and weighted overlap distance is proposed. Secondly, based on the Ini_Weight algorithm, a new K-modes clustering algorithm WODKM based on weighted overlap distance is proposed. Thirdly, the WODKM clustering algorithm is applied to intrusion detection to obtain a new unsupervised intrusion detection model. The model detects the intrusion by dividing the clusters in the clustering result into normal clusters and abnormal clusters and analyzing the weighted average density of the object x to be detected in each cluster and the weighted overlapping distance of x and each center point. We verified the intrusion detection performance of the model on the KDD Cup 99 dataset. The experimental results of the current study show that the proposed intrusion detection model achieves efficient results and solves the problems existing in the present-day intrusion detection system to some extent.

scholarly journals A feature selection algorithm combining information gain and multi-objective genetic search for intrusion detection system

2021 ◽  
Vol 336 ◽  
pp. 08008
Author(s):  
Tao Xie
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
Information Gain ◽  
Detection System ◽  
Selection Algorithm ◽  
Feature Selection Algorithm ◽  
Genetic Search ◽  
Multi Objective

In order to improve the detection rate and speed of intrusion detection system, this paper proposes a feature selection algorithm. The algorithm uses information gain to rank the features in descending order, and then uses a multi-objective genetic algorithm to gradually search the ranking features to find the optimal feature combination. We classified the Kddcup98 dataset into five classes, DOS, PROBE, R2L, and U2R, and conducted numerous experiments on each class. Experimental results show that for each class of attack, the proposed algorithm can not only speed up the feature selection, but also significantly improve the detection rate of the algorithm.

scholarly journals IntruDTree: A Machine Learning-Based Cyber Security Intrusion Detection Model

2020 ◽  
Author(s):  
Iqbal H. Sarker ◽  
Yoosef B. Abushark ◽  
Fawaz Alsolami ◽  
Asif Irshad Khan
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Cyber Security ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
Security Model ◽  
K Nearest Neighbor ◽  
Detection Model

Cyber security has recently received enormous attention in today’s security concerns, due to the popularity of the Internet-of-Things (IoT), the tremendous growth of computer networks, and the huge number of relevant applications. Thus, detecting various cyber-attacks or anomalies in a network and building an effective intrusion detection system that performs an essential role in today’s security is becoming more important. Artificial intelligence, particularly machine learning techniques, can be used for building such a data-driven intelligent intrusion detection system. In order to achieve this goal, in this paper, we present an Intrusion Detection Tree (“IntruDTree”) machine-learning-based security model that first takes into account the ranking of security features according to their importance and then build a tree-based generalized intrusion detection model based on the selected important features. This model is not only effective in terms of prediction accuracy for unseen test cases but also minimizes the computational complexity of the model by reducing the feature dimensions. Finally, the effectiveness of our IntruDTree model was examined by conducting experiments on cybersecurity datasets and computing the precision, recall, fscore, accuracy, and ROC values to evaluate. We also compare the outcome results of IntruDTree model with several traditional popular machine learning methods such as the naive Bayes classifier, logistic regression, support vector machines, and k-nearest neighbor, to analyze the effectiveness of the resulting security model.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Adaptive Ensemble Multi-Agent Based Intrusion Detection Model

2010 ◽  
pp. 36-48 ◽  
Author(s):  
Tarek Helmy
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Agent Based ◽  
Detection Model ◽  
Detection Analysis ◽  
Proposed Model ◽  
Multi Agent

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as intrusion detection system. The performance of the intrusion detection system can be improved by combing anomaly and misuse analysis. This chapter proposes an ensemble multi-agent-based intrusion detection model. The proposed model combines anomaly, misuse, and host-based detection analysis. The agents in the proposed model use rules to check for intrusions, and adopt machine learning algorithms to recognize unknown actions, to update or create new rules automatically. Each agent in the proposed model encapsulates a specific classification technique, and gives its belief about any packet event in the network. These agents collaborate to determine the decision about any event, have the ability to generalize, and to detect novel attacks. Empirical results indicate that the proposed model is efficient, and outperforms other intrusion detection models.

Intrusion Detection Using Modern Techniques

2011 ◽  
pp. 259-273
Author(s):  
Tarum Bhaskar ◽  
Narasimha Kamath B.
Keyword(s):  
Neural Network ◽  
Data Mining ◽  
Artificial Neural Network ◽  
Intrusion Detection ◽  
Set Theory ◽  
Rough Set ◽  
Intrusion Detection System ◽  
Rough Set Theory ◽  
Detection System ◽  
Mining Tools

Intrusion detection system (IDS) is now becoming an integral part of the network security infrastructure. Data mining tools are widely used for developing an IDS. However, this requires an ability to find the mapping from the input space to the output space with the help of available data. Rough sets and neural networks are the best known data mining tools to analyze data and help solve this problem. This chapter proposes a novel hybrid method to integrate rough set theory, genetic algorithm (GA), and artificial neural network. Our method consists of two stages: First, rough set theory is applied to find the reduced dataset. Second, the results are used as inputs for the neural network, where a GA-based learning approach is used to train the intrusion detection system. The method is characterized not only by using attribute reduction as a pre-processing technique of an artificial neural network but also by an improved learning algorithm. The effectiveness of the proposed method is demonstrated on the KDD cup data.

Study on Intrusion Detection System Based on Data Mining

2015 ◽  
Vol 713-715 ◽  
pp. 2499-2502
Author(s):  
Jiang Kun Mao ◽  
Fan Zhan
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Clustering Algorithm ◽  
Detection Efficiency ◽  
Detection System ◽  
Machine Learning Techniques ◽  
Cluster Center ◽  
Security Technology ◽  
Learning Techniques

Intrusion detection system as a proactive network security technology, is necessary and reasonable to add a static defense. However, the traditional exceptions and errors detecting exist issues of leakage police, the false alarm rate or maintenance difficult. In this paper, The intrusion detection system based on data mining with statistics, machine learning techniques in the detection performance, robustness, self-adaptability has a great advantage. The system improves the K-means clustering algorithm, focus on solving two questions of the cluster center node selection and discriminating of clustering properties, the test shows that the system further enhance the detection efficiency of the system.

scholarly journals An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

Symmetry ◽  
2020 ◽  
Vol 12 (10) ◽  
pp. 1666
Author(s):  
Muataz Salam Al-Daweri ◽  
Khairul Akram Zainol Ariffin ◽  
Salwani Abdullah ◽  
Mohamad Firham Efendy Md. Senan
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Rough Set Theory ◽  
Technology Development ◽  
Detection System ◽  
Selection Process ◽  
Back Propagation ◽  
Back Propagation Neural Network ◽  
Selection Of

The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies.

Sign in / Sign up

Export Citation Format

Share Document