Journal ArticleDOI
A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
TLDR
The experimental results demonstrate that the proposed hybrid intrusion detection method is better than the conventional methods in terms of the detection rate for both unknown and known attacks while it maintains a low false positive rate.Abstract:
In this paper, a new hybrid intrusion detection method that hierarchically integrates a misuse detection model and an anomaly detection model in a decomposition structure is proposed. First, a misuse detection model is built based on the C4.5 decision tree algorithm and then the normal training data is decomposed into smaller subsets using the model. Next, multiple one-class SVM models are created for the decomposed subsets. As a result, each anomaly detection model does not only use the known attack information indirectly, but also builds the profiles of normal behavior very precisely. The proposed hybrid intrusion detection method was evaluated by conducting experiments with the NSL-KDD data set, which is a modified version of well-known KDD Cup 99 data set. The experimental results demonstrate that the proposed method is better than the conventional methods in terms of the detection rate for both unknown and known attacks while it maintains a low false positive rate. In addition, the proposed method significantly reduces the high time complexity of the training and testing processes. Experimentally, the training and testing time of the anomaly detection model is shown to be only 50% and 60%, respectively, of the time required for the conventional models.read more
Citations
More filters
Journal ArticleDOI
Survey of intrusion detection systems: techniques, datasets and challenges
TL;DR: A taxonomy of contemporary IDS is presented, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes are presented, and evasion techniques used by attackers to avoid detection are presented.
Journal ArticleDOI
A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security
TL;DR: A comprehensive survey of ML methods and recent advances in DL methods that can be used to develop enhanced security methods for IoT systems and presents the opportunities, advantages and shortcomings of each method.
Journal ArticleDOI
CANN: An intrusion detection system based on combining cluster centers and nearest neighbors
TL;DR: A novel feature representation approach, namely the cluster center and nearest neighbor (CANN) approach, which shows that the CANN classifier not only performs better than or similar to k-NN and support vector machines trained and tested by the original feature representation in terms of classification accuracy, detection rates, and false alarms.
Journal ArticleDOI
Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm
TL;DR: The evaluation results show that the feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.
Journal ArticleDOI
A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection
TL;DR: A detailed investigation and analysis of various machine learning techniques have been carried out for finding the cause of problems associated with variousMachine learning techniques in detecting intrusive activities and future directions are provided for attack detection using machinelearning techniques.
References
More filters
Journal ArticleDOI
LIBSVM: A library for support vector machines
Chih-Chung Chang,Chih-Jen Lin +1 more
TL;DR: Issues such as solving SVM optimization problems theoretical convergence multiclass classification probability estimates and parameter selection are discussed in detail.
Journal ArticleDOI
The WEKA data mining software: an update
TL;DR: This paper provides an introduction to the WEKA workbench, reviews the history of the project, and, in light of the recent 3.6 stable release, briefly discusses what has been added since the last stable version (Weka 3.4) released in 2003.
Williamson, estimating the support of a high-dimensional distribution
TL;DR: The algorithm is a natural extension of the support vector algorithm to the case of unlabeled data by carrying out sequential optimization over pairs of input patterns and providing a theoretical analysis of the statistical performance of the algorithm.
Journal ArticleDOI
Estimating the Support of a High-Dimensional Distribution
TL;DR: In this paper, the authors propose a method to estimate a function f that is positive on S and negative on the complement of S. The functional form of f is given by a kernel expansion in terms of a potentially small subset of the training data; it is regularized by controlling the length of the weight vector in an associated feature space.
Proceedings ArticleDOI
A detailed analysis of the KDD CUP 99 data set
TL;DR: A new data set is proposed, NSL-KDD, which consists of selected records of the complete KDD data set and does not suffer from any of mentioned shortcomings.