A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features

Full Text (PDF, 1142KB), PP.1-11

Views: 0 Downloads: 0

Author(s)

Yaser Ghaderipour 1 Hamed Dinari 2,*

1. Department of Computer Science, University of Tabriz, East Azerbaijan Province, Tabriz, Iran

2. Department of Computer Engineering (CE), Iran University of Science and Technology (IUST), Tehran Province, Tehran, Iran

* Corresponding author.

DOI: https://doi.org/10.5815/ijmsc.2020.04.01

Received: 23 Apr. 2020 / Revised: 1 May 2020 / Accepted: 13 May 2020 / Published: 8 Aug. 2020

Index Terms

Cyber Attack, Intrusion Detection System (IDS), Network Security, Machine Learning, Support Vector Regression (SVR)

Abstract

Today unauthorized access to sensitive information and cybercrimes is rising because of increasing access to the Internet. Improvement in software and hardware technologies have made it possible to detect some attacks and anomalies effectively. In recent years, many researchers have considered flow-based approaches through machine learning algorithms and techniques to reveal anomalies. But, they have some serious defects. By way of illustration, they require a tremendous amount of data across a network to train and model network’s behaviors. This problem has been caused these methods to suffer from desirable performance in the learning phase. In this paper, a technique to disclose intrusions by Support Vector Regression (SVR) is suggested and assessed over a standard dataset. The main intension of this technique is pruning the remarkable portion of the dataset through mathematics concepts. Firstly, the input dataset is modeled as a Directed Graph (DG), then some well-known features are extracted in which these ones represent the nature of the dataset. Afterward, they are utilized to feed our model in the learning phase. The results indicate the satisfactory performance of the proposed technique in the learning phase and accuracy over the other ones.

Cite This Paper

Yaser Ghaderipour, Hamed Dinari. " A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features ", International Journal of Mathematical Sciences and Computing (IJMSC), Vol.6, No.4, pp.1-11, 2020. DOI: 10.5815/ijMSC.2020.04.01

Reference

[1]Lewis, James and Baker, Stewart, The economic impact of cybercrime and cyber espionage. McAfee, 2013.

[2]Mukherjee, Biswanath and Heberlein, L Todd and Levitt, Karl N, "Network intrusion detection," IEEE network, vol. 8, no. 3, pp. 26-41, 1994.

[3]Scarfone, Karen and Mell, Peter, "Guide to intrusion detection and prevention systems (idps)," 2012.

[4]Lazarevic, Aleksandar and Kumar, Vipin and Srivastava, Jaideep, "Intrusion detection: A survey," in Managing Cyber Threats. Springer, 2005, pp. 19-78.

[5]Paxson, Vern, "Bro: a system for detecting network intruders in real-time," Computer networks, vol. 31, no. 23-24, pp. 2435-2463, 1999. 

[6]Roesch, Martin and others, "Snort: Lightweight intrusion detection for networks.," in Lisa, 1999, vol. 99, pp. 229-238.

[7]Sperotto, Anna and Schaffrath, Gregor and Sadre, Ramin and Morariu, Cristian and Pras, Aiko and Stiller, Burkhard, "An overview of IP flow-based intrusion detection," IEEE communications surveys & tutorials, vol. 12, no. 3, pp. 343-356, 2010.

[8]Quittek, J and Zseby, T and Claise, B and Zander, S, "Requirements for IP flow information export (IPFIX)," 2004.

[9]Claise, Benoit, "Specification of the IP flow information export (IPFIX) protocol for the exchange of IP traffic flow information," 2008.

[10]Akoglu, Leman and Tong, Hanghang and Koutra, Danai, "Graph based anomaly detection and description: a survey," Data mining and knowledge discovery, vol. 29, no. 3, pp. 626-688, 2015.

[11]Winter, Philipp and Hermann, Eckehard and Zeilinger, Markus, "Inductive intrusion detection in flow-based network data using one-class support vector machines," in 2011 4th IFIP international conference on new technologies, mobility and security. IEEE, 2011, pp. 1-5.

[12]Sheikhan, Mansour and Jadidi, Zahra, "Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network," Neural Computing and Applications, vol. 24, no. 3-4, pp. 599-611, 2014.

[13]Liao, Hung-Jen and Lin, Chun-Hung Richard and Lin, Ying-Chih and Tung, Kuang-Yuan, "Intrusion detection system: A comprehensive review," Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16-24, 2013.

[14]Li, Zhichun and Gao, Yan and Chen, Yan, "HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency," Computer Networks, vol. 54, no. 8, pp. 1282-1299, 2010. 

[15]David, Jisa and Thomas, Ciza, "Intrusion Detection Using Flow-Based Analysis of Network Traffic," in International Conference on Computer Science and Information Technology. Springer, 2011, pp. 391-399.

[16]Hellemons, Laurens and Hendriks, Luuk and Hofstede, Rick and Sperotto, Anna and Sadre, Ramin and Pras, Aiko, "SSHCure: a flow-based SSH intrusion detection system," in IFIP International Conference on Autonomous Infrastructure, Management and Security. Springer, 2012, pp. 86-97.

[17]Sperotto, Anna and Sadre, Ramin and Van Vliet, Frank and Pras, Aiko, "A labeled data set for flow-based intrusion detection," in International Workshop on IP Operations and Management. Springer, 2009, pp. 39-50.

[18]Staniford-Chen, Stuart and Cheung, Steven and Crawford, Richard and Dilger, Mark and Frank, Jeremy and Hoagland, James and Levitt, Karl and Wee, Christopher and Yip, Raymond and Zerkle, Dan, "GrIDS-a graph based intrusion detection system for large networks," in Proceedings of the 19th national information systems security conference. Baltimore, 1996, vol. 1, pp. 361-370.

[19]Axelsson, Stefan, "Intrusion detection systems: A survey and taxonomy," 2000.

[20]Ellis, D and Aiken, John G and McLeod, Adam M and Keppler, David R and Amman, Paul G, "Graph-based worm detection on operational enterprise networks," McLean, VA, USA: MITRE Corporation, 2006.

[21]Iliofotou, Marios and Pappu, Prashanth and Faloutsos, Michalis and Mitzenmacher, Michael and Singh, Sumeet and Varghese, George, "Network traffic analysis using traffic dispersion graphs (TDGs): techniques and hardware implementation," 2007.

[22]Zhou, Yingjie and Hu, Guangmin and He, Weisong, "Using graph to detect network traffic anomaly," in 2009 International Conference on Communications, Circuits and Systems. IEEE, 2009, pp. 341-345.

[23]Sun, Jimeng and Xie, Yinglian and Zhang, Hui and Faloutsos, Christos, "Less is more: Sparse graph mining with compact matrix decomposition," Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 1, no. 1, pp. 6-22, 2008.

[24]Mingqiang, Zhou and Hui, Huang and Qian, Wang, "A graph-based clustering algorithm for anomaly intrusion detection," in 2012 7th International Conference on Computer Science & Education (ICCSE). IEEE, 2012, pp. 1311-1314.

[25]Kelton, AP and Luis, AM and Rodrigo, YM and Clayton, R and Joao, P and Xavier, Alexandre and others, "A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks," Information Sciences, vol. 294, pp. 95-108, 2015.

[26]Ma, Jiefei and Le, Franck and Russo, Alessandra and Lobo, Jorge, "Detecting distributed signature-based intrusion: The case of multi-path routing attacks," in IEEE Conference on Computer Communications (INFOCOM), 2015, pp. 558-566.

[27]Bronte, Robert and Shahriar, Hossain and Haddad, Hisham M, "A signature-based intrusion detection system for web applications based on genetic algorithm," in Proceedings of the 9th International Conference on Security of Information and Network, 2016, pp. 32-39.

[28]Erlacher, Felix, and Falko Dressler, "FIXIDS: A high-speed signature-based flow intrusion detection system," in IEEE/IFIP Network Operations and Management Symposium, 2018, pp. 1-8.

[29]Jelidi, Mohamed and Ghourabi, Abdallah and Gasmi, Karim, "A Hybrid Intrusion Detection System for Cloud Computing Environments," in International Conference on Computer and Information Sciences (ICCIS), 2019, pp. 1-6.

[30]Cortes, Corinna and Vapnik, Vladimir, "Support-vector networks," Machine learning, vol. 20, no. 3, pp. 273-297, 1995.

[31]Basak, Debasish and Pal, Srimanta and Patranabis, Dipak Chandra, "Support vector regression," Neural Information Processing-Letters and Reviews, vol. 11, no. 10, pp. 203-224, 2007.

[32]Eiben, Agoston E and Smith, James E and others, Introduction to evolutionary computing. Springer, 2003, vol. 53.

[33]C. a. V. V. Cortes, "Support-vector networks," Machine learning, vol. 20, no. 3, pp. 273-297, 1995.