Genetic Algorithm's Fitness Value and False Positive in Network Intrusion Detection System

2008 ◽  
Vol 3 (2) ◽  
pp. 14-19
Author(s):  
Jeya S
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Network Intrusion ◽  
Network Intrusion Detection System ◽  
Fitness Value

A Prototype for Network Intrusion Detection System using Danger Theory

2015 ◽  
Vol 73 (2) ◽  
Author(s):  
Raed Al-Dhubhani ◽  
Norbik Bashah Idris ◽  
Faisal Saeed
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Negative ◽  
False Negative Rate ◽  
Network Intrusion Detection ◽  
Danger Theory ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset.  

Proposed Hybrid Classifier to Improve Network Intrusion Detection System using Data Mining Techniques

2020 ◽  
Vol 38 (1B) ◽  
pp. 6-14
Author(s):  
ٍٍSarah M. Shareef ◽  
Soukaena H. Hashim
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
Intrusion Detection System ◽  
Detection System ◽  
Multinomial Logistic Regression ◽  
Network Intrusion Detection ◽  
Limiting Factor ◽  
Network Intrusion ◽  
Network Intrusion Detection System ◽  
Normal Behavior

Network intrusion detection system (NIDS) is a software system which plays an important role to protect network system and can be used to monitor network activities to detect different kinds of attacks from normal behavior in network traffics. A false alarm is one of the most identified problems in relation to the intrusion detection system which can be a limiting factor for the performance and accuracy of the intrusion detection system. The proposed system involves mining techniques at two sequential levels, which are: at the first level Naïve Bayes algorithm is used to detect abnormal activity from normal behavior. The second level is the multinomial logistic regression algorithm of which is used to classify abnormal activity into main four attack types in addition to a normal class. To evaluate the proposed system, the KDDCUP99 dataset of the intrusion detection system was used and K-fold cross-validation was performed. The experimental results show that the performance of the proposed system is improved with less false alarm rate.

Sign in / Sign up

Export Citation Format

Share Document