scholarly journals A Novel Framework for NIDS Throuh Fast Knn Classifier on CICIDS 2017 Dataset

2020 ◽  
Vol 8 (5) ◽  
pp. 3669-3675
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Evaluation Process ◽  
Computational Time ◽  
Network Intrusion Detection ◽  
Network Intrusion ◽  
Knn Classifier ◽  
Frame Work ◽  
Variance Index ◽  
Neighbor Classifier

This paper investigates the performance of a Fast kNearest Neighbor Classifier (FkNN) for Network Intrusion Detection System (NIDS) on Cloud Environment. For this study Variance Index based Partial Distance Search (VIPDS) kNN [7] is adopted as an FkNN classifier. A benchmark dataset CICIDS2017[16] is considered for the evaluation process because it is a 78 featured dataset with most updated cloud related attacks. To achieve this objective a frame work is proposed for implementing FkNN and compared with kNN classifier by considering two performance measures Accuracy and computational time. This study explores the gain in the computational time without compromising the Accuracy while using FkNN instead of kNN over a large featured dataset. The conclusions are drawn as per the results obtained from the experiments conducted on CICIDS2017 dataset.

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

2017 ◽  
Vol 5 (1) ◽  
pp. 8-15
Author(s):  
Sergii Hilgurt ◽  
Keyword(s):  
Information Security ◽  
Pattern Matching ◽  
Intrusion Detection System ◽  
Detection System ◽  
Finite Automata ◽  
Network Intrusion Detection ◽  
Security Systems ◽  
Analytical Technique ◽  
Network Intrusion ◽  
Pros And Cons

The multi-pattern matching is a fundamental technique found in applications like a network intrusion detection system, anti-virus, anti-worms and other signature- based information security tools. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore’s law, traditional software solutions can no longer keep up. Therefore, hardware approaches are frequently being used by developers to accelerate pattern matching. Reconfigurable FPGA-based devices, providing the flexibility of software and the near-ASIC performance, have become increasingly popular for this purpose. Hence, increasing the efficiency of reconfigurable information security tools is a scientific issue now. Many different approaches to constructing hardware matching circuits on FPGAs are known. The most widely used of them are based on discrete comparators, hash-functions and finite automata. Each approach possesses its own pros and cons. None of them still became the leading one. In this paper, a method to combine several different approaches to enforce their advantages has been developed. An analytical technique to quickly advance estimate the resource costs of each matching scheme without need to compile FPGA project has been proposed. It allows to apply optimization procedures to near-optimally split the set of pattern between different approaches in acceptable time.

Proposed Hybrid Classifier to Improve Network Intrusion Detection System using Data Mining Techniques

2020 ◽  
Vol 38 (1B) ◽  
pp. 6-14
Author(s):  
ٍٍSarah M. Shareef ◽  
Soukaena H. Hashim
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
Intrusion Detection System ◽  
Detection System ◽  
Multinomial Logistic Regression ◽  
Network Intrusion Detection ◽  
Limiting Factor ◽  
Network Intrusion ◽  
Network Intrusion Detection System ◽  
Normal Behavior

Network intrusion detection system (NIDS) is a software system which plays an important role to protect network system and can be used to monitor network activities to detect different kinds of attacks from normal behavior in network traffics. A false alarm is one of the most identified problems in relation to the intrusion detection system which can be a limiting factor for the performance and accuracy of the intrusion detection system. The proposed system involves mining techniques at two sequential levels, which are: at the first level Naïve Bayes algorithm is used to detect abnormal activity from normal behavior. The second level is the multinomial logistic regression algorithm of which is used to classify abnormal activity into main four attack types in addition to a normal class. To evaluate the proposed system, the KDDCUP99 dataset of the intrusion detection system was used and K-fold cross-validation was performed. The experimental results show that the performance of the proposed system is improved with less false alarm rate.

Sign in / Sign up

Export Citation Format

Share Document