PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

scholarly journals Fuzzy Controlled Network Intrusion Detection System (FC-NIDS)

2019 ◽  
Vol 9 (2) ◽  
pp. 228-235
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
Fuzzy Inference System ◽  
Intrusion Detection System ◽  
Fuzzy Inference ◽  
Detection System ◽  
Features Selection ◽  
Inference System ◽  
Testing Procedures ◽  
Network Intrusion

Intrusion Detection System (IDS) is the nearly all imperative constituent of computer network security. IDSs are designed to comprehend intrusion attempts in incoming network traffic shrewdly. It deals with big volume of data containing immaterial and outmoded features, which lead to delay in training as well as testing procedures. Therefore, to minimize the false alarm and computation complexity, the features selection technique for intrusion detection has been implemented. In this paper PCA (Principal Component Analysis) and Fuzzy Inference System (FIS) have been used on kdd99 dataset to develop FC-NIDS model. PCA is used to select the attacked features to minimize the computational work, while FIS is used to develop a fuzzy inference system for accuracy in prophecy using MATLAB. The results of the experiment are tested on UCI data sets as a standard bench-mark. It has been found efficient for true prediction of intrusion as well as to reduce the false alarm rate. The proposed fuzzy logic controller IDS (FC-NIDS), is passable to covenant with signature and anomaly based attacks to get enhanced intrusion detection, decreases false alarm and to optimize complexity.

scholarly journals Classifier Rank Identification using Multi-Criteria Decision Making Method for Intrusion Detection Dataset

2019 ◽  
Vol 9 (1) ◽  
pp. 1732-1738 ◽  
Keyword(s):  
Decision Making ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Detection System ◽  
False Positive Rate ◽  
Absolute Error ◽  
Multi Criteria Decision Making ◽  
Intrusion Prevention ◽  
Network Intrusion ◽  
Intrusion Prevention System

Network intrusion detection system (NIDS) tracks network traffic for suspicious activity and policy violations. It generates alerts whenever such activity found. The objective is to detect and report anomalies. Further intrusion prevention system can take action such as blocking traffic from suspected IP addresses. Classification of network traffic as is a tedious task. Existing classifiers are suffered by generating many/false alerts. It is paramount important to select best classification approach among set of available approaches. KDD 99 is the benchmark dataset utilized to test the classification capabilities of classifiers. However, many classifiers generate similar results by measuring performance on various criteria. Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is a traditional multi-criteria decision making (MCDM) approach which is widely used to rank classifiers from number of options that are assessed on various criteria. In this work, KDD 99 dataset is applied as input to bayes net, naive bayes, NB updateable, random forest, oneR, zeroR, adaboostM1, decision stump, J48 and decision table classifiers. The performance of each classifier is measured using 10 different criteria’s such as accuracy, misclassification, RA error, RMS error, false positive rate, f- measure, precision, RRS error, mean absolute error and recall. In order to test the effectiveness of proposed approach weka utility is utilized for classification and classifier performance result are supplied to the TOPSIS. An application is designed to implement TOPSIS method using python. It is observed that J48 secured at the top position with performance score 0.5829.

scholarly journals LSTM deep learning method for network intrusion detection system

2020 ◽  
Vol 10 (3) ◽  
pp. 3315
Author(s):  
Alaeddine Boukhalfa ◽  
Abderrahim Abdellaoui ◽  
Nabil Hmina ◽  
Habiba Chaoui
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Network Intrusion Detection ◽  
Primary Concern ◽  
Great Ability ◽  
Network Intrusion ◽  
Network Intrusion Detection System

The security of the network has become a primary concern for organizations. Attackers use different means to disrupt services or steal information, these various attacks push to think of a new way to block them all in one manner. In addition, these intrusions can change and penetrate the devices of security. To solve these issues, we suggest, in this paper, a new idea for Network Intrusion Detection System (NIDS) based on Long Short-TermMemory (LSTM) to recognize menaces and to obtain a long-term memory on them, inorder to stop the new attacks that are like the existing ones, and at the sametime, to have a single mean to block intrusions. According to the results of the experiments of detections that we have carried out, the Accuracy reaches upto 99.98 % and 99.93 % for respectively the classification of two classes and several classes, Also the False Positive Rate (FPR) reaches up to only 0,068 % and 0,023 % for respectively the classification of two classes and several classes, which proves that the proposed model is very effective, it has a great ability to memorize and differentiate between normal traffic and attack traffic and its identification is more accurate than other Machine Learning classifiers.

A Network Intrusion Detection System for Concept Drifting Network Traffic Data

2021 ◽  
pp. 111-121
Author(s):  
Giuseppina Andresini ◽  
Annalisa Appice ◽  
Corrado Loglisci ◽  
Vincenzo Belvedere ◽  
Domenico Redavid ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Traffic Data ◽  
Network Intrusion ◽  
Network Intrusion Detection System

A Prototype for Network Intrusion Detection System using Danger Theory

2015 ◽  
Vol 73 (2) ◽  
Author(s):  
Raed Al-Dhubhani ◽  
Norbik Bashah Idris ◽  
Faisal Saeed
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
Network Intrusion Detection ◽  
Danger Theory ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset.  

Sign in / Sign up

Export Citation Format

Share Document