A comparative simulation of normalization methods for machine learning-based intrusion detection systems using KDD Cup’99 dataset

Network Intrusion detection systems (NIDS) detect malicious and intrusive information in computer networks. Presently, commercial NIDS is based on machine learning approaches that have complex algorithms and increase intrusion detection efficiency and efficacy. These machine learning-based NIDS use high dimensional network traffic data from which intrusive information is to be detected. This high-dimensional network traffic data in NIDS needs to be preprocessed and normalized to make it suitable for machine learning tools. A machine learning approach with appropriate normalization and prepossessing increases NIDS performance. This paper presents an empirical study on various normalization methods implemented on a benchmark network traffic dataset, KDD Cup’99, that has been used to evaluate the NIDS model. The present study shows decimal normalization has a better prediction performance than non-normalized traffic data categorized into ‘normal’ or ‘intrusive’ classes.

SELECTION OF CLASSIFIER MODELS FOR INTRUSION DETECTION SYSTEM(IDS)

Any unusual move can be considered a break in quirks. Some procedures and calculations were mentioned in the drafting to identify irregularities. In most cases, true positive and false positive limits were used to observe their display. However, depending on the application, an off-base false positive or false positive can have serious adverse repercussions. This requires the incorporation of cost-sensitive limits on display. Furthermore, the more popular KDD-CUP-99 test data set has a huge information size that requires some pre-management measure. Our work in this article begins by listing the need for a delicate cost examination with some original models. After talking about the KDDCUP-99, a methodology for the end of the reflections is proposed and later the possibility of reducing the amount of the most significant reflections in a simple way and the size of the KDD-CUP-99 in a indirect way. From the revealed writing, the general techniques are chosen to detect the irregularities that best behave for the various types of aggressions. These various filing cabinets are stacked to frame a team. An expensive method is proposed to dispense the relative loads to the classifiers equipped for the realization of the finished product. The profitability of the false and genuine positive results is performed and a technique is proposed to choose the components of the profitability measures to further improve the results and achieve the best overall exposure. There is talk of the effect on the exchange of execution due to the merger of the viability of the expense.

Intrusion Detection Method Based on Adaptive Clonal Genetic Algorithm and Backpropagation Neural Network

Intrusion Detection System (IDS) is an important part of ensuring network security. When the system faces network attacks, it can identify the source of threats in a timely and accurate manner and adjust strategies to prevent hackers from intruding. Efficient IDS can identify external threats well, but traditional IDS has poor performance and low recognition accuracy. To improve the detection rate and accuracy of IDS, this paper proposes a novel ACGA-BPNN method based on adaptive clonal genetic algorithm (ACGA) and backpropagation neural network (BPNN). ACGA-BPNN is simulated on the KDD-CUP’99 and UNSW-NB15 data sets. The simulation results indicate that, in contrast to the methods based on simulated annealing (SA) and genetic algorithm (GA), the detection rate and accuracy of ACGA-BPNN are much higher than of GA-BPNN and SA-BPNN. In the classification results of KDD-CUP’99, the classification accuracy of ACGA-BPNN is 11% higher than GA-BPNN and 24.2% higher than SA-BPNN, and F-score reaches 99.0%. In addition, ACGA-BPNN has good global searchability and its convergence speed is higher than that of GA-BPNN and SA-BPNN. Furthermore, ACGA-BPNN significantly improves the overall detection performance of IDS.

K-Modes Clustering Algorithm Based on Weighted Overlap Distance and Its Application in Intrusion Detection

In order to better apply the K-modes algorithm to intrusion detection, this paper overcomes the problems of the existing K-modes algorithm based on rough set theory. Firstly, for the problem of K-modes clustering in the initial class center selection, an initial class center selection algorithm Ini_Weight based on weighted density and weighted overlap distance is proposed. Secondly, based on the Ini_Weight algorithm, a new K-modes clustering algorithm WODKM based on weighted overlap distance is proposed. Thirdly, the WODKM clustering algorithm is applied to intrusion detection to obtain a new unsupervised intrusion detection model. The model detects the intrusion by dividing the clusters in the clustering result into normal clusters and abnormal clusters and analyzing the weighted average density of the object x to be detected in each cluster and the weighted overlapping distance of x and each center point. We verified the intrusion detection performance of the model on the KDD Cup 99 dataset. The experimental results of the current study show that the proposed intrusion detection model achieves efficient results and solves the problems existing in the present-day intrusion detection system to some extent.

Building attack detection system base on machine learning

These days, security threats detection, generally discussed to as intrusion, has befitted actual significant and serious problem in network, information and data security. Thus, an intrusion detection system (IDS) has befitted actual important element in computer or network security. Avoidance of such intrusions wholly bases on detection ability of Intrusion Detection System (IDS) which productions necessary job in network security such it identifies different kinds of attacks in network. Moreover, the data mining has been playing an important job in the different disciplines of technologies and sciences. For computer security, data mining are presented for serving intrusion detection System (IDS) to detect intruders accurately. One of the vital techniques of data mining is characteristic, so we suggest Intrusion Detection System utilizing data mining approach: SVM (Support Vector Machine). In suggest system, the classification will be through by employing SVM and realization concerning the suggested system efficiency will be accomplish by executing a number of experiments employing KDD Cup’99 dataset. SVM (Support Vector Machine) is one of the best distinguished classification techniques in the data mining region. KDD Cup’99 data set is utilized to execute several investigates in our suggested system. The experimental results illustration that we can decrease wide time is taken to construct SVM model by accomplishment suitable data set pre-processing. False Positive Rate (FPR) is decrease and Attack detection rate of SVM is increased .applied with classification algorithm gives the accuracy highest result. Implementation Environment Intrusion detection system is implemented using Mat lab 2015 programming language, and the examinations have been implemented in the environment of Windows-7 operating system mat lab R2015a, the processor: Core i7- Duo CPU 2670, 2.5 GHz, and (8GB) RAM.

Research on Financial Data Query and Distribution Scheme Based on SQL Database

With the advance of optimization and merger colleges and universities, a university often contains more than one campus. The traditional centralized education management system has been unable to meet the needs of use. The model detects the intrusion by dividing the clusters in the clustering result into normal clusters and abnormal clusters and analyzing the weighted average density of object x to be detected in each cluster and the weighted overlapping distance of x and each centre point. We verified the intrusion detection performance of the model on the KDD Cup 99 dataset. The experimental results show that the model established in this paper has certain theoretical value.

Rule Mining Using Particle Swarm Optimization for Intrusion Detection Systems

Traditional data mining techniques are commonly used to build the Intrusion Detection Systems IDSs. They are designed on the basis of some probabilistic methods that still do not take into account some of the important properties of each feature in the dataset. We believe that each feature in the dataset has its own crucial role for its characteristics, which should be taken into consideration. In this work, instead of using the traditional technique or applying feature selection methods we proposed max and min boundary mining approach to solve Anomaly Intrusion Detection System AIDS problem. The main idea of the proposed method is to handle each feature in the dataset independently extracting two important properties represented by max-boundary and min-boundary. First, Particle Swarm Optimization PSO is used to search for the optimal max and min boundary for each feature in each class from the train data set. Second, the generated max and min boundaries are used as detection rules in order to detect anomalies from normal behavior using test dataset. KDD Cup 99 and the new version of KDD Cup 99 called NSL-KDD datasets are used to test the proposed model and its performance is compared with four well-known techniques such as J48, Naïve Bayes, PART and SMO. In addition, performance is also compared with some recent work. Experiment results show that the proposed model is outperformed all other algorithms in all terms (true positive rate, false positive rate, f-measure, Recall, Precision, MCC and AUC).

Network Intrusion Detection Methods Based on Deep Learning

: To detect network attacks more effectively, this study uses Honeypot techniques to collect the latest network attack data and proposes network intrusion detection classification models based on deep learning combined with DNN and LSTM models. Experiments showed that the data set training models gave better results than the KDD CUP 99 training model’s detection rate and false positive rate. The DNN-LSTM intrusion detection algorithm proposed in this study gives better results than KDD CUP 99 training model. Compared to other algorithms such as LeNet, DNN-LSTM intrusion detection algorithm exhibits shorter classification test time along with better accuracy and recall rate of intrusion detection.

Intrusion Detection System using KDD Cup 99 Dataset

Intrusion Detection System is a vital feature of protecting network infrastructure from unauthorized users or hackers. Intrusion detection system is used to identify several types of malicious activities that could effect the safety of network and to reduce network traffic. Because of faster growth of Internet, networks are growing rapidly in every area of society. As a result, large amount of data is travelling across many networks which may lead to vulnerability of integrity and confidentiality of data. Many Machine learning models are opened up providing new opportunity to classify traffic in network. In quest to select a good learning model, this paper illustrates performance between J48, Naive Bayes and Random forest classification models. The KDD Cup 99 dataset is used for experimental analysis to identify which classification model improves correctness of data and attains highest accuracy.