Abstract
In this paper we discuss and analyze some of the intelligent classifiers which allows for automatic detection and classification of networks attacks for any intrusion detection system. We will proceed initially with their analysis using the WEKA software to work with the classifiers on a well-known IDS (Intrusion Detection Systems) dataset like NSL-KDD dataset. The NSL-KDD dataset of network attacks was created in a military network by MIT Lincoln Labs. Then we will discuss and experiment some of the hybrid AI (Artificial Intelligence) classifiers that can be used for IDS, and finally we developed a Java software with three most efficient classifiers and compared it with other options. The outputs would show the detection accuracy and efficiency of the single and combined classifiers used.
Article PDF
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
Hofmann A. and Sick, B. (2011). “Online Intrusion Alert Aggregation with Generative Data Stream Modeling”, Dependable and Secure Computing, IEEE Transactions on, vol. 8, pp. 282–294.
Neethu, B. (2012). “Classification of Intrusion Detection Dataset using machine learning Approaches”, International Journal of Electronics and Computer Science Engineering, vol. 1, pp. 1044–51, 2012.
Bace, R. (1999). An Introduction to Intrusion Detection and Assessment: For System and Network Security Management. ICSA White, 2, p.32.
Bayesnets.com, (2014). Bayes nets. [Online] Available at: http://www.bayesnets.com/ [Accessed 25 May. 2014].
CitizenNet and Blackwell, A. (2012). A Gentle Introduction to Random Forests, Ensembles, and Performance Metrics in a Commercial System. Accessed online on 21 August 2014. [Online] Available at: http://citizennet.com/blog/2012/11/10/random-forests-ensembles-and-performance-metrics/
Cooper, G. and Herskovits, E. (1992). A Bayesian method for the induction of probabilistic networks from data, Machine Learning. 9, pp.309–347.
Thomas, V. Sharma and N. Balakrishnan (2008), “Usefulness of DARPA dataset for intrusion detection system evaluation”, Proceedings of SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security.
K. Reddy, M. IAENG, V. N. Reddy, and P. G. Rajulu, (2011). “A Study of Intrusion Detection in Data Mining”, World Congress on Engineering, vol. III, July 6–8.
G. Kalyani and A. J. Lakshmi, (2012). “Performance Assessment of Different Classification Techniques for Intrusion Detection”, IOSR Journal of Computer Engineering (IOSRJCE), vol. 7, no. 5, pp. 25–29, 2012.
G. V. Nadiammai and M. Hemalatha, (2012). “Perspective analysis of machine learning classifiers for detecting network intrusions”, IEEE Third International Conference on Computing Communication & Networking Technologies (ICCCNT), India, pp. 1–7.
IDS, A. (2014). An Introduction to IDS | Symantec Connect Community. [Online] Available at: http://www.symantec.com/connect/articles/introductionids [Accessed 25 May. 2014].
J. McHugh, “Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory”. ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 262–294, 2000.
James P. Anderson, (1980). “Computer security threat monitoring and surveillance”, Technical Report, Fort Washington, Pennsylvania, USA.
Jemili, F., Zaghdoud, M. and Ben Ahmed, M. (2007). A framework for an adaptive intrusion detection system using Bayesian network. pp.66–70.
KDD Cup 1999 Data (2014), Data and Task description, Online: http://kdd.ics.uci.edu/databases/kddcup99/ (accessed on May 2014).
M, Oded, and R, Lior. (2010). Random Trees in the “Data Mining and Knowledge Discovery Handbook”, Springer.
M. A. Aydin, et al., (2009). “A hybrid intrusion detection system design for computer network security”, Computers & Electrical Engineering, vol.35, pp. 517–526.
M. K. Siddiqui and S. Naahid, (2013), Analysis of KDD CUP 99 Dataset using Clustering based Data Mining, International Journal of Database Theory and Application, 6(5), pp.23–34.
M. Tavallaee, E. Bagheri, L. Wei, and A. A. Ghorbani, (2009). “A detailed analysis of the KDD CUP 99 dataset”, in IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA . pp. 1–6.
M. Mahoney and P. Chan, “An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection”. In Recent Advances in Intrusion Detection, vol. 2820 of Lecture Notes in Computer Science, pp. 220–237. Springer Berlin / Heidelberg, 2003.
NSL-KDD. (2014). The NSL-KDD Dataset. [Online] Available at: http://nsl.cs.unb.ca/NSL-KDD/ [Accessed: 4 Mar 2014]
P, A, M., Abraham, A. and Patra, M. R. (2012). A hybrid intelligent approach for network intrusion detection. Procedia Engineering, 30 pp. 1–9.
P. Srinivasulu, D. Nagaraju, P. R. Kumar, and K. N. Rao, (2009). “Classifying the Network Intrusion Attacks using Data Mining Classification Methods and their Performance Comparison”, IJCSNS International Journal of Computer Science and Network Security, vol. 9, no.6, pp. 11–18.
Pearl, J. (1988). Probabilistic Reasoning in Intelligent Systems. Morgan Kaufmann, 0–934613, pp.73–7.
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, (2000). “The 1999 DARPA off-line intrusion detection evaluation”, Computer Networks, vol. 34, no. 4, pp. 579–595.
S. Benferhat and K. Tabia, “Integrating Anomaly-Based Approach into Bayesian Network Classifiers”, (2009). e-Business and Telecommunications, pp. 127–139.
S. Subramanian, V. B. Srinivasan, and C. Ramasa, (2012). “Study on Classification Classifiers for Network Intrusion Systems”, pp. 1242–1246.
Schultz, M. G., Eskin, E., Zadok, E., and Stolfo, S. J. (2001). “Data Mining Methods for detection of New Malicious Executables”, IEEE Symposium on Security and Privacy, Columbia University, pp.38–49.
Snort. (2014). The open Source network intrusion detection system [Online]. Available: http://www.snort.org.
Stat.berkeley.edu (2014). Random forests - classification description. [Online]Available at: http://www.stat.berkeley.edu/~breiman/RandomForests/cc_home.htm [Accessed 25 May 2014]
StatSoft (2014). Naive Bayes Classifier. [Online] Available at: http://www.statsoft.com/textbook/naive-bayes-classifier [Accessed 25 August 2014]
T. Elvis, et al., (2004). “A serial combination of anomaly and misuse IDSes applied to http traffic”, Proceedings of the 20th Annual Computer Security Applications Conference, pp.428–437.
T. Hwang, T.Lee, and Y. Lee, (2007). “A Three-tier IDS via Data Mining Approach”, 3rd annual ACM workshop on Mining network data, pp. 1–6.
Tavallaee, M., Bagheri, E., Lu, W. and Ghorba ni, A. (2009). A detailed analysis of the KDD CUP 99 dataset. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, Cisda, pp. 1–6.
W. Lee and S. J. Stolfo, “Data mining approaches for intrusion detection (1998).”, 7th USENIX Security Symposium, San Antonio, TX.
WEKA. (2014). Weka 3 - Data Mining with Open Source Machine Learning Software in Java. [Online] Available at: http://www.cs.waikato.ac.nz/ml/weka/ [Accessed: 4 Mar 2014].
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
About this article
Cite this article
Albayati, M., Issac, B. Analysis of Intelligent Classifiers and Enhancing the Detection Accuracy for Intrusion Detection System. Int J Comput Intell Syst 8, 841–853 (2015). https://doi.org/10.1080/18756891.2015.1084705
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1080/18756891.2015.1084705