Intrusion Detection with Multi-Connected Representation

Full Text (PDF, 576KB), PP.35-42

Views: 0 Downloads: 0

Author(s)

Abdelkader Khobzaoui 1,* Abderrahmane Yousfate 2

1. Moulay Tahar University, Saida, Algeria

2. Djilali Liabes University, Sidi Bel Abbes, Algeria

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2016.01.05

Received: 16 May 2015 / Revised: 6 Sep. 2015 / Accepted: 10 Oct. 2015 / Published: 8 Jan. 2016

Index Terms

Connected representation, Discriminant Analysis, Mahalanobis distance, mixture of probability laws, multi-connected representation, natural class, synthetic class

Abstract

Recently, considerable attention has been given to data mining techniques to improve the performance of intrusion detection systems (IDS). This has led to the application of various classification and clustering techniques for the purpose of intrusion detection. Most of them assume that behaviors, both normal and intrusions, are represented implicitly by connected classes. We state that such assumption isn't evident and is a source of the low detection rate and false alarm. This paper proposes a suitable method able to reach high detection rate and overcomes the disadvantages of conventional approaches which consider that behaviors must be closed to connected representation only. The main strategy of the proposed method is to segment sufficiently each behavior representation by connected subsets called natural classes which are used, with a suitable metric, as tools to build the expected classifier.
The results show that the proposed model has many qualities compared to conventional models; especially regarding those have used DARPA data set for testing the effectiveness of their methods. The proposed model provides decreased rates both for false negative rates and for false positives.

Cite This Paper

Abdelkader Khobzaoui, Abderrahmane Yousfate, "Intrusion Detection with Multi-Connected Representation", International Journal of Computer Network and Information Security(IJCNIS), Vol.8, No.1, pp.35-42, 2016. DOI:10.5815/ijcnis.2016.01.05

Reference

[1]R. Agarwal and M. V. Joshi, PNrule: A new framework for learning classifier models in data mining, Technical TR 00-015, Department of Computer Science, University of Minnesota, 2000.
[2]E. Al Daoud. Intrusion Detection Using a New Particle Swarm Method and Support Vector Machines. World Academy of Science, Engineering and Technology, 2013. 77, 59-62.
[3]V. Barot, S.S. Chauhan and B. Patel. Feature Selection for Modeling Intrusion Detection. International Journal of Computer Network and Information Security (IJCNIS), 2014. 6(7), 56-62.
[4]N. Ben Amor, S. Benferhat and Z. Elouedi. Naive Bayes vs decision trees Intrusion Detection Systems. In Proceeding ACM Symposium on Applied Computing, Nicosia, Cyprus. 2004.
[5]K. Burbeck and S. Nadjm-Tehrani. ADWICE - anomaly detection with real-time incremental clustering, In Park, C.-s., Chee, S. (eds.) ICISC 2004. Springer 2005. LNCS, 3506, 407-424.
[6]D.E. Denning “An Intrusion-Detection Model”, IEEE transactions on software engineering, 1987, SE-13(2), 222-232.
[7]H.F. Eid, A. Darwish, A.E. Hassanien, A. Abraham. Principle components analysis and support vector machine based intrusion detection system, In 10th international conference on intelligent systems design and applications (ISDA), Cairo, Egypt, 2010. 363-367.
[8]K.M. Faraoun, and A. Boukelif. Securing network traffic using genetically evolved transformations, Malaysian Journal of Computer Science, 2006. 19(1), 9-28.
[9]D.W. Farid, J. Darmont, and M.R. Zahidur. Attribute Weighting with Adaptive NBTree for Reducing False Positives in Intrusion Detection. International Journal of Computer Science and Information Security (IJCSIS), 2010. 8 (1), 19-26.
[10]KDD99 Dataset. from http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/, 1999.
[11]L. Khan, M. Awad & B. Thuraisingham. A new intrusion detection system using support vector machines and hierarchical clustering, The VLDB Journal, 2007. 16, 507-521.
[12]S. Kumar, S. Kumar and N. Sukumar. Multidensity Clustering Algorithm for Anomaly Detection Using KDD’99 Data set. A. Abraham et al. (Eds.) Springer, ACC 2011, Part I, CCIS 190, 619-630.
[13]R. Lippmann, J.W. Haines, J.D., Fried, J. Korba, K. Das. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2000. 34(4), 579-595.
[14]G. J. McLachlan “Classification and mixture ML approaches to cluster analysis.” Handbook of Statistics, 1982. 2, 199-208.
[15]B. Mukherjee, L.T. Heberlein, K.N. Levitt “Network Intrusion Detection” IEEE Network, 1994. 8(3), pp. 26-41.
[16]H.A. Nguyen and D. Choi. « Application of Data Mining to Network Intrusion Detection: Classifier Selection Model. » Y. Ma, D.Choi, and S. Ata (Eds.), Springer : APNOMS 2008. LNCS 5297, 399-408.
[17]R Core Team. R: A language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria. URL http://www.R-project.org/, 2015.
[18]S. Rastegari, P. Hingston and C.-P. Lam. Evolving statistical rule sets for network intrusion detection. Applied Soft Computing, 2015. 33, 348-359.
[19]M. Sabhnani and G. Serpen. Application of Machine Learning Algorithms to KDD Intrusion Detection Data set within Misuse Detection Context. In Proceedings of the International Conference on Machine Learning, Models, Technologies and Applications (MLMTA), 2003.1, 209-215.
[20]S. Singh, S. Silakari. Generalized Discriminant Analysis algorithm for feature reduction in Cyber Attack Detection System, International Journal of Computer Science and Information Security, 2009. 6(1), 173-180.
[21]M.-Y. Su. Real-time anomaly detection systems for Denial of Service attacks by weighted k-nearest-neighbor classifiers, Expert Systems with Applications, 2011. 38, 3492-3498.
[22]A. Tesfahun, D. L. Bhaskari. Effective hybrid Intrusion Detection System: A Layered Approach. International Journal of Computer Network and Information Security (IJCNIS), 2015. 7(3), 35-41.
[23]S.X. Wu, W. Banzhaf. The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 2010. 10, 1-35.
[24]D. Yang and H. Qi. A Network Intrusion Detection Method using Independent Component Analysis, In 19th International Conference on Pattern Recognition, 2008.
[25]D.-Y. Yeung & C. Chow. Parzen-window Network Intrusion Detectors. In: 16th International Conference on Pattern Recognition, Quebec, Canada, 2002. 11-15.