scholarly journals SELECTION OF CLASSIFIER MODELS FOR INTRUSION DETECTION SYSTEM(IDS)

2021 ◽  
pp. 171-183
Keyword(s):  
Intrusion Detection ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
True Positive ◽  
Data Set ◽  
Management Measure ◽  
Positive Results ◽  
Kdd Cup 99 ◽  
Selection Of

Any unusual move can be considered a break in quirks. Some procedures and calculations were mentioned in the drafting to identify irregularities. In most cases, true positive and false positive limits were used to observe their display. However, depending on the application, an off-base false positive or false positive can have serious adverse repercussions. This requires the incorporation of cost-sensitive limits on display. Furthermore, the more popular KDD-CUP-99 test data set has a huge information size that requires some pre-management measure. Our work in this article begins by listing the need for a delicate cost examination with some original models. After talking about the KDDCUP-99, a methodology for the end of the reflections is proposed and later the possibility of reducing the amount of the most significant reflections in a simple way and the size of the KDD-CUP-99 in a indirect way. From the revealed writing, the general techniques are chosen to detect the irregularities that best behave for the various types of aggressions. These various filing cabinets are stacked to frame a team. An expensive method is proposed to dispense the relative loads to the classifiers equipped for the realization of the finished product. The profitability of the false and genuine positive results is performed and a technique is proposed to choose the components of the profitability measures to further improve the results and achieve the best overall exposure. There is talk of the effect on the exchange of execution due to the merger of the viability of the expense.

scholarly journals Building attack detection system base on machine learning

2021 ◽  
Vol 6 (2) ◽  
pp. 018-032
Author(s):  
Rasha Thamer Shawe ◽  
Kawther Thabt Saleh ◽  
Farah Neamah Abbas
Keyword(s):  
Data Mining ◽  
Support Vector Machine ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Attack Detection ◽  
Support Vector ◽  
Data Set ◽  
Kdd Cup 99

These days, security threats detection, generally discussed to as intrusion, has befitted actual significant and serious problem in network, information and data security. Thus, an intrusion detection system (IDS) has befitted actual important element in computer or network security. Avoidance of such intrusions wholly bases on detection ability of Intrusion Detection System (IDS) which productions necessary job in network security such it identifies different kinds of attacks in network. Moreover, the data mining has been playing an important job in the different disciplines of technologies and sciences. For computer security, data mining are presented for serving intrusion detection System (IDS) to detect intruders accurately. One of the vital techniques of data mining is characteristic, so we suggest Intrusion Detection System utilizing data mining approach: SVM (Support Vector Machine). In suggest system, the classification will be through by employing SVM and realization concerning the suggested system efficiency will be accomplish by executing a number of experiments employing KDD Cup’99 dataset. SVM (Support Vector Machine) is one of the best distinguished classification techniques in the data mining region. KDD Cup’99 data set is utilized to execute several investigates in our suggested system. The experimental results illustration that we can decrease wide time is taken to construct SVM model by accomplishment suitable data set pre-processing. False Positive Rate (FPR) is decrease and Attack detection rate of SVM is increased .applied with classification algorithm gives the accuracy highest result. Implementation Environment Intrusion detection system is implemented using Mat lab 2015 programming language, and the examinations have been implemented in the environment of Windows-7 operating system mat lab R2015a, the processor: Core i7- Duo CPU 2670, 2.5 GHz, and (8GB) RAM.

scholarly journals To Decrease the Issue of False Alarm Rate by Providing Authentication & Thus Improving the Efficiency of Intrusion Detection System by Comparing the Result of Filtered Clusterer Algorithm & Make-Density Based Clustering Algorithm without Attribute Count

2021 ◽  
Vol 10 (1) ◽  
pp. 110-120
Author(s):  
Pratik Jain* ◽  
Ravikant Kholwal ◽  
Muskan Patidar
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
False Positive ◽  
Intrusion Detection System ◽  
Clustering Algorithm ◽  
Detection System ◽  
Data Set ◽  
Average Data ◽  
Density Based Clustering ◽  
The One

The Intrusion Detection System sends alerts when it detects doubtful activities while monitoring the network traffic and other known threats. In today’s time in the field of Cyber security Intrusion Detection is considered a brilliant topic that could be objective. But it might not remain objectionable for a longer period. For understanding Intrusion Detection, the meaning of Intrusion must be clear at first. According to the oxford’s learners dictionary “Intrusion is the act of entering a place that is private or where you may not be wanted”. For this article, here it defines intrusion as any un-possessed system or network festivity on one (or more) computer(s) or network(s). Here is the example of a faithful user trying to access the system taking more than the usual trial counts to complete his access to the particular account or trying to connect to an unauthorized remote port of a server. The ex-employee who was being fired lately can provoke intrusion or any authentic worker can also provoke intrusion or any other person from the outside world could perform it. In this clause, the average data is found as the attack which is considered as the case of false positive. In this paper, the main focus is on the illustration and a solution offered for the same problem. Here we are using the KDD CUP 1999 data set. According to the outcome, the anomaly class is the one that has a higher number of counts than this class. Even if it is the true user trying to get access but the outcome is an anomaly due to the high number of counts in the class. This paper introduces a solution for the detection of a true person and eradicates the false positive.

scholarly journals Ensemble of Rule Learner and Sequential Minimum Optimization Algorithm for Intrusion Detection System

2019 ◽  
Vol 9 (2) ◽  
pp. 501-506
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Decision Tree ◽  
Optimization Algorithm ◽  
False Positive ◽  
Classification Accuracy ◽  
Intrusion Detection System ◽  
Detection System ◽  
Support Vector ◽  
True Positive

An intrusion detection system is a process which automates analyzing activities in network or a computer system. It is used to detect nasty code, hateful activities, intruders and uninvited communications over the Internet. The general intrusion detection system is struggling with some problems like false positive rate, false negative rate, low classification accuracy and slow speed. Now-a-days, this has turned an attention of many researchers to handle these issues. Recently, ensemble of different base classifier is widely used to implement intrusion detection system. In ensemble method of machine learning, the proper selection of base classifier is a challenging task. In this paper, machine learning ensemble have designed and implemented for the intrusion detection system. The ensemble of Partial Decision Tree and Sequential Minimum optimization algorithm to train support vector machine have used for intrusion detection system. Partial Decision Tree rule learner is simplicity and it generates rules fast. Sequential Minimum optimization algorithm is easy to use and is better scaling with training set size with less computational time. Due to these advantages of both classifiers, they jointly used with different methods of ensemble. We make use of all types of methods of ensemble. The performances of base classifiers have evaluated in term of false positive, accuracy and true positive. Performance results display that proposed majority voting method of ensemble using Partial Decision Tree rule learner and Sequential Minimum optimization algorithm based Support Vector Machine offers highest classification among different ensemble classifiers on training dataset. This method of ensemble exhibits highest true positive and lowest false positive rates. It is also observed that stacking of both PART and SMO exhibits lowest and same classification accuracy on test dataset.

The Study of Invasion Examination Algorithm Based on Improvement Fuzzy C Means

2011 ◽  
Vol 267 ◽  
pp. 720-725
Author(s):  
Ke Chen ◽  
Wen De Ke
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Algorithm ◽  
Initial Value ◽  
Data Set ◽  
Fuzzy C Means ◽  
Improvement Algorithm ◽  
Selection Of

This paper put forward intrusion detection algorithm based on improved fuzzy C means (FCM) algorithm and execute the anomaly detection on KDDCUP data set, build intrusion detection system based improved algorithm and analyze the feasibility of the system. Through the fuzzy C means value's improvement algorithm, solve the fuzzy C means value algorithm problem that the algorithm sensitive to selection of the initial values and easily to fall in the local best solution. Thereby under the condition guarantee integrality and consistency of data attribute values, get rid of blindness of selecting initial value and reduce clustering time and algorithm complexity, enhance speed of the algorithm.

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

scholarly journals DCNN-IDS : Deep Convolutional Neural Network based Intrusion Detection System

2020 ◽  
Author(s):  
Sriram Srinivasan ◽  
Shashank A ◽  
vinayakumar R ◽  
Soman KP
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Intrusion Detection System ◽  
Input Data ◽  
Detection System ◽  
Deep Convolutional Neural Network ◽  
Traffic Data ◽  
Data Set ◽  
Research Problems

In the present era, cyberspace is growing tremendously and the intrusion detection system (IDS) plays a key role in it to ensure information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network-based IDS is to differentiate between normal and malicious traffic data and raise an alert in case of an attack. Apart from the traditional signature and anomaly-based approaches, many researchers have employed various deep learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of deep convolutional neural network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Enhance Network Intrusion Detection System by Exploiting BR Algorithm as an Optimal Feature Selection

2015 ◽  
pp. 17-32 ◽  
Author(s):  
Soukaena Hassan Hashem
Keyword(s):  
Intrusion Detection ◽  
Wireless Network ◽  
Intrusion Detection System ◽  
Missing Values ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Wireless Data ◽  
Data Set ◽  
Network Intrusion ◽  
Network Intrusion Detection System

This chapter aims to build a proposed Wire/Wireless Network Intrusion Detection System (WWNIDS) to detect intrusions and consider many of modern attacks which are not taken in account previously. The proposal WWNIDS treat intrusion detection with just intrinsic features but not all of them. The dataset of WWNIDS will consist of two parts; first part will be wire network dataset which has been constructed from KDD'99 that has 41 features with some modifications to produce the proposed dataset that called modern KDD and to be reliable in detecting intrusion by suggesting three additional features. The second part will be building wireless network dataset by collecting thousands of sessions (normal and intrusion); this proposed dataset is called Constructed Wireless Data Set (CWDS). The preprocessing process will be done on the two datasets (KDD & CWDS) to eliminate some problems that affect the detection of intrusion such as noise, missing values and duplication.

Computer Immunity Using an Intrusion Detection System (IDS)

2013 ◽  
Vol 824 ◽  
pp. 200-205 ◽  
Author(s):  
Susan Konyeha ◽  
Emmanuel A. Onibere
Keyword(s):  
Immune System ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Security Policy ◽  
Detection System ◽  
Human Immune System ◽  
Data Set ◽  
Computer Immune ◽  
Human Immune ◽  
Computer Immune System

Computers are involved in every aspect of modern society and have become an essential part of our lives, but their vulnerability is of increasing concern to us. Security flaws are inherent in the operation of computers Most flaws are caused by errors in the process of software engineering or unforeseen mishaps and it is difficult to solve these problems by conventional methods. A radical way of constantly monitoring the system for newly disclosed vulnerabilities is required. In order to devise such a system, this work draws an analogy between computer immune systems and the human immune system. The computer immune system is the equivalent of the human immune system. The primary objective of this paper is to use an intrusion detection system in the design and implementation of a computer immune system that would be built on the framework of the human immune system. This objective is successfully realized and in addition a prevention mechanism using the windows IP Firewall feature has been incorporated. Hence the system is able to perform intrusion detection and prevention. Data was collected about events occurring in a computer network that violate predefined security policy, such as attempts to affect the confidentiality, integrity or its availability using Snort rules for known attacks and adaptive detection for the unknown attacks. The system was tested using real-time data and Intrusion Detection evaluation (IDEVAL) Department of Defense Advanced Research Projects Agency (DARPA) data set. The results were quite encouraging as few false positive were recorded.

Sign in / Sign up

Export Citation Format

Share Document