ANOMALY BASED IMPROVED NETWORK INTRUSION DETECTION SYSTEM USING CLUSTERING TECHNIQUES

Main Article Content

Sunil M Sangve
Uday V Kulkarni

Abstract

The detection of new threats has become a need for secured communication to provide complete data confidentiality. The network requires anomaly detection to shield from hurtful activities. There are various types of metaheuristic methods used for anomaly detection. In this paper, a new approach is proposed for network anomaly detection using multi-start metaheuristic method and enhancement in clustering algorithms. The main stages involved in the proposed approach are: preprocessing, clustering, training dataset selection and the performance evaluation based on training and testing dataset to detect anomalies. The performance of two clustering algorithms, i.e. K-means and expectation maximization (EM) is compared using detection accuracy, false positive rate, and detector generation time. The experimental results are based on NSL-KDD dataset. The results show that the EM clustering performs better than K-means clustering algorithm.

Downloads

Download data is not yet available.

Article Details

Section
Articles
Author Biographies

Sunil M Sangve, Zeal College of Engineering and Research, SPPU, Pune

Department of Computer Engineering Assistant Professor

Uday V Kulkarni, SRTMU, Nanded

Computer Science and Engineering Professor

References

Garcıa-Teodoro P, Dıaz-Verdejo J, Macia-Fernandez G, “Anomaly-based network intrusion detection: techniques, systems and challenges,†Computer Security, 2009;28(1–2):pp.18–28.

Denning ED, “An intrusion-detection model,†IEEE Transactions on Software Engineering, 1987; 13(2):pp. 222–32.

Staniford-Chen S., Tung B., Porrar P., Kahn C., Schnackenberg D., Feiertag R., “The common intrusion detection framework data formats,†1998, Internet draft ‘draft-Stanford-cidf-dataformat00.txt’.

R Bace, P Mell, “Intrusion detection systems,†National Institute of Standards and Technology (NIST), Technical Report 800-31, 2001.

Stavroulakis P, Stamp M, “Handbook of information and communication security,†New York: Springer-Verlag, 2010.

Roesch M, “Snort-lightweight intrusion detection for networks,†In: Proceedings of the 143th USENIX Conference on System Administration, Seattle, Washington; 1999. pp. 229-238.

Genetic algorithm. [Online] 2013.http://en.wikipedia.org/wiki/Genetic_algorithm

The metaheuristic method available at http://en.wikipedia.org/wiki/Metaheuristic#/media/File:Metaheuristics_classification.svg

Chung YY, Wahid N, “A hybrid network intrusion detection system using simplified swarm optimization (SSO),†Applied Soft Computing, 2012;12(9): pp. 3014–22.

Dasgupta D, Yu S, Nino F, “Recent advances in artificial immune systems: modelsandapplications,†Applied Soft Computing, 2011; 11 (2): pp.1574–87.

Abadeh MS, Mohamadi H, Habibi J, “Design and analysis of genetic fuzzy systems for intrusion detection in computer networks,†Expert System Applications, 2011; 38(6): pp. 7067–75.

Shameli Sendi A, Dagenais M, Jabbarifar M, Couture M, “Real time intrusion prediction based on optimized alerts with hidden Markov model ,†JNW, 2012;7(2): pp.311–21.

Xu X, “Sequential anomaly detection based on temporal difference learning: principles, models and case studies,†Applied Soft Computing, 2010; 10(3): pp. 859–67.

Wang SS, Yan KQ, Wang SC, Liu CW, “An integrated intrusion detection system for cluster- based wireless sensor networks,†Expert System Applications, 2011; 38(12): pp. 15234–43.

KartitA, Saidi A, Bezzazi F, El MarrakiM, Radi A, “A new approach to intrusion detection system,â€JATIT, 2012; 36(2): pp.284–90.

Adaniya MH AC, Lima MF, Rodrigues JJPC, Abraa˜o T, Jr. MLP, “Anomaly detection using DSNS and firefly harmonic clustering algorithm,†In: IEEE international conference on communications (IEEE ICC 2012), Ottawa, Canada; 2012. pp.10–5.

B. Zhang, M. Hsu, and U. Dayal, “K-harmonic means - a data clustering algorithm,†Hewlett- Packard Laboratories, Palo Alto, Tech. Rep. HPL-1999-124, Outubro 1999.

Gong M, Zhang J, Ma J, Jiao L., “An efficient negative selection algorithm with further training for anomaly detection,†Knowledge-Based System, 2012; 30: pp.185–91.

M. Saniee Abadeh, J. Habibi, C. Lucas, “Intrusion detection using a fuzzy genetics-based learning algorithm,†Journal of Network and Computer Applications, 30 (2007) pp.414–428.

Aziz ASA, Salama M, ellaHassanien A, El-Ola Hanafi S., “Detectors generation using genetic algorithm for a negative selection inspired anomaly network intrusion detection system,†In: FedCSIS proceedings of federated conference on computer science and information systems; Wroclaw: IEEE, 2012. pp. 597–602.

Wang D, Zhang F, Xi L, “Evolving boundary detector for anomaly detection,†Expert System Applications, 2011; 38(3): pp. 2412–20.

Shapiro JM, Lamont GB, PetersonGL, “Anevolutionary algorithm to generate hyper- ellipsoid detectors for negative selection,†In: Beyer HG, editor. GECCO ‘05.Proceedings of the 2005 conference on Genetic and evolutionary computation. NewYork, NY, USA: ACM; 2005. pp. 337–44.

Rousseau P.J., Van Zomeren B.C., “Unmasking multivariate outliers and leverage points,â€Journal of the American Statistical Association, Vol. 85 (411), 1990, pp. 633-651

E. Eskin, “Anomaly detection over noisy data using learned probability distributions,†in Proc. 7th International Conference on Machine Learning, Morgan Kaufmann, 2000, pp. 255– 262.

C. Manikopoulos and S.Papavassiliou, “Network Intrusion and Fault Detection: Statistical roach,†IEEE Commun. Mag., vol. 40, no. 10, October 2002, pp.76–82.

Ye N, Emran SM, Chen Q, Vilbert S, “Multivariate statistical analysis of audit trails for host- based intrusion detection,†IEEE Transactions on Computers2002.

S. C. Lee and D. V. Heinbuch, “Training a neural-network based intrusion detector to recognize novel attacks,†IEEE Trans. Syst. Man Cybern. A, vol. 31, no. 4, 2001, pp.294–299.

M. Amini, R. Jalili, and H. R. Shahriari, “RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks,†Computers & Security, vol. 25, no. 6, 2006, pp. 459–468.

[29] G. Liu, Z. Yi, and S.Yang, “A hierarchical intrusion detection model based on the PCA neural networks,†Neurocomputing, vol. 70, no. 7-9, 2007, pp.1561–1568.

[30] R. C. Chen, K. F. Cheng, Y. H. Chen, and C. F. Hsieh, “Using Rough Set and Support Vector Machine for Network Intrusion Detection System,†In Proc. First Asian Conference on Intelligent Information and Database Systems.Washington, DC, USA: IEEE Computer Society, 2009, pp. 465–470.

The NSL-KDD dataset. The available World Wide Web is http://nsl.cs.unb.ca/NSL-KDD/

Tamer F.Ghanem, Wail S. Elkilani, Hatem, “A hybrid approach for efficient anomaly detection using metaheuristic methods,†Journal of advanced research,2014.

Tapas Kanungo, David M. Mount, Nathan S. Netanyahu, Christine D. Piatko, Ruth Silverman and Angela Y.Wu. “An Efficient k-means Clustering Algorithm: Analysis and Implementation,†IEEE Transactions on pattern analysis and machine intelligence, vol.24, No.7, July 2002, pp.881-892.

The EMclustering available at https://en.wikipedia.org/wiki/Expectation%E2%80%93maximization_algorithm