Authors: Dewan Md. Farid, Jerome Darmont, Nouria Harbi, Nguyen Huu Hoa, Mohammad Zahidur Rahman

Abstract:

In this paper, a new learning approach for network intrusion detection using naïve Bayesian classifier and ID3 algorithm is presented, which identifies effective attributes from the training dataset, calculates the conditional probabilities for the best attribute values, and then correctly classifies all the examples of training and testing dataset. Most of the current intrusion detection datasets are dynamic, complex and contain large number of attributes. Some of the attributes may be redundant or contribute little for detection making. It has been successfully tested that significant attribute selection is important to design a real world intrusion detection systems (IDS). The purpose of this study is to identify effective attributes from the training dataset to build a classifier for network intrusion detection using data mining algorithms. The experimental results on KDD99 benchmark intrusion detection dataset demonstrate that this new approach achieves high classification rates and reduce false positives using limited computational resources.

Keywords: Attributes selection, Conditional probabilities, information gain, network intrusion detection.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1063064

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2643

References:

[1] Richard Heady, George Luger, Arthur Maccabe, and Mark Servilla, "The Architecture of a Network Level Intrusion Detection System," Technical report, University of New Mexico, 1990.
[2] James P. Anderson, "Computer Security Threat Monitoring and Surveillance," Technical report, James P. Anderson Co., Fort Washington, Pennsylvania. April 1980.
[3] Dorothy E. Denning, "An Intrusion Detection Model," IEEE Transaction on Software Engineering, SE-13(2), 1987, pp. 222-232.
[4] Mukkamala S., Sung A. H. and Abraham A., "Intrusion Detection using Ensemble of Soft Computing Paradigms," In Proceedings of the 3rd International Conference on Intelligent Systems Design and Applications, Springer Verlag Germany, 2003, pp. 209-217.
[5] W.K. Lee, and S.J.Stolfo, "A Data Mining Framework for Building Intrusion Detection Models," In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA: IEEE computer Society Press, 1999, pp. 120-132.
[6] Commission of the European Communities, "Information Technology Security Evaluation Criteria," Version 2.1.1991.
[7] MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/idaval/
[8] Marcus A. Maloof, and Ryszard S. Michalski, "Incremental learning with partial instance memory," In Proceedings of Foundations of Intelligent Systems: 13th International Symposium, ISMIS 2002, volume 2366 of Lecture Notes in Artificial Intelligence, Springer-Verlag, 2002, pp. 16-27.
[9] Wenke Lee, "A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems," PhD thesis, Columbia University, 1999.
[10] Wei Fan, "Cost-Sensitive, Scalable and Adaptive Learning using Ensemble-based Methods," PhD thesis, Columbia University, 2001.
[11] M.A. Maloof and R.S. Michalski, "A partial memory incremental learning methodology and its applications to computer intrusion detection," Reports of the Machine Learning and Inference Laboratory MLI 95-2, Machine Learning and Inference Laboratory, George Mason University, 1995.
[12] Kenneth A. Kaufman, Guido Cervone, and Ryszard S. Michalski, "An application of Symbolic Learning to Intrusion Detection: Preliminary Result from the LUS Methodology," Reports of the Machine Learning and Inference Laboratory MLI 03-2, Machine Learning and Inference Laboratory, George Mason University, 2003.
[13] C. Elkan. (2007, Jan, 27). Results of the KDD-99 Knowledge Discovery Contest
[Online]. Available: http://www-cse.ucsd.edu/users/elkan/clresults.html
[14] Tadeusz Pietraszek, and Chris Vanden Berghe, "Defending Against Injection Attacks through Context-sensitive String Evaluation," In Recent Advances in Intrusion Detection (RAID2005), volume 3858 of Lecture Notes in Computer Science, Seattle, WA, 2005, Springer- Verlag, pp. 124-145.
[15] The PHP Group, PHP hypertext preprocessor, Web page at http://www.php.net. 2001-2004
[16] The phpBB group, phpBB,com, Web page at http://www.phpbb,com. 2001-1004
[17] Martin Roesch, "SNORT: The Open Source Network Intrusion System," Official web page of Snort at http://www.snort.org, 1998-2005.
[18] X. Xu, X.N. Wang, "Adaptive network intrusion detection method based on PCA and support vector machines," Lecture Notes in Artificial Intelligence, ADMA 2005, LNAI 3584, 2005, pp. 696-703.
[19] D.Y. Yeung, and Y.X. Ding, "Host-based intrusion detection using dynamic and static behavioral model," Pattern Recognition, 36, 2003, pp. 229-243.