ANOMALY BASED IMPROVED NETWORK INTRUSION DETECTION SYSTEM USING CLUSTERING TECHNIQUES

Article Sidebar

PDF
Published: Aug 28, 2017
DOI: https://doi.org/10.26483/ijarcs.v8i7.4453
Keywords:
Metaheuristic method, K-means clustering, EM clustering, Anomaly Network Intrusion detection system(ANIDS), Genetic Algorithm.

Main Article Content

Sunil M Sangve
Zeal College of Engineering and Research, SPPU, Pune
Uday V Kulkarni
SRTMU, Nanded

Abstract

The detection of new threats has become a need for secured communication to provide complete data confidentiality. The network requires anomaly detection to shield from hurtful activities. There are various types of metaheuristic methods used for anomaly detection. In this paper, a new approach is proposed for network anomaly detection using multi-start metaheuristic method and enhancement in clustering algorithms. The main stages involved in the proposed approach are: preprocessing, clustering, training dataset selection and the performance evaluation based on training and testing dataset to detect anomalies. The performance of two clustering algorithms, i.e. K-means and expectation maximization (EM) is compared using detection accuracy, false positive rate, and detector generation time. The experimental results are based on NSL-KDD dataset. The results show that the EM clustering performs better than K-means clustering algorithm.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 8 No. 7 (2017): July-August 2017
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.
Author Biographies

Sunil M Sangve, Zeal College of Engineering and Research, SPPU, Pune

Department of Computer Engineering Assistant Professor

Uday V Kulkarni, SRTMU, Nanded

Computer Science and Engineering Professor

References

Garcıa-Teodoro P, Dıaz-Verdejo J, Macia-Fernandez G, “Anomaly-based network intrusion detection: techniques, systems and challenges,†Computer Security, 2009;28(1–2):pp.18–28.

Denning ED, “An intrusion-detection model,†IEEE Transactions on Software Engineering, 1987; 13(2):pp. 222–32.

Staniford-Chen S., Tung B., Porrar P., Kahn C., Schnackenberg D., Feiertag R., “The common intrusion detection framework data formats,†1998, Internet draft ‘draft-Stanford-cidf-dataformat00.txt’.

R Bace, P Mell, “Intrusion detection systems,†National Institute of Standards and Technology (NIST), Technical Report 800-31, 2001.

Stavroulakis P, Stamp M, “Handbook of information and communication security,†New York: Springer-Verlag, 2010.

Roesch M, “Snort-lightweight intrusion detection for networks,†In: Proceedings of the 143th USENIX Conference on System Administration, Seattle, Washington; 1999. pp. 229-238.

Genetic algorithm. [Online] 2013.http://en.wikipedia.org/wiki/Genetic_algorithm

The metaheuristic method available at http://en.wikipedia.org/wiki/Metaheuristic#/media/File:Metaheuristics_classification.svg

Chung YY, Wahid N, “A hybrid network intrusion detection system using simplified swarm optimization (SSO),†Applied Soft Computing, 2012;12(9): pp. 3014–22.

Dasgupta D, Yu S, Nino F, “Recent advances in artificial immune systems: modelsandapplications,†Applied Soft Computing, 2011; 11 (2): pp.1574–87.

Abadeh MS, Mohamadi H, Habibi J, “Design and analysis of genetic fuzzy systems for intrusion detection in computer networks,†Expert System Applications, 2011; 38(6): pp. 7067–75.

Shameli Sendi A, Dagenais M, Jabbarifar M, Couture M, “Real time intrusion prediction based on optimized alerts with hidden Markov model ,†JNW, 2012;7(2): pp.311–21.

Xu X, “Sequential anomaly detection based on temporal difference learning: principles, models and case studies,†Applied Soft Computing, 2010; 10(3): pp. 859–67.

Wang SS, Yan KQ, Wang SC, Liu CW, “An integrated intrusion detection system for cluster- based wireless sensor networks,†Expert System Applications, 2011; 38(12): pp. 15234–43.

KartitA, Saidi A, Bezzazi F, El MarrakiM, Radi A, “A new approach to intrusion detection system,â€JATIT, 2012; 36(2): pp.284–90.

Adaniya MH AC, Lima MF, Rodrigues JJPC, Abraa˜o T, Jr. MLP, “Anomaly detection using DSNS and firefly harmonic clustering algorithm,†In: IEEE international conference on communications (IEEE ICC 2012), Ottawa, Canada; 2012. pp.10–5.

B. Zhang, M. Hsu, and U. Dayal, “K-harmonic means - a data clustering algorithm,†Hewlett- Packard Laboratories, Palo Alto, Tech. Rep. HPL-1999-124, Outubro 1999.

Gong M, Zhang J, Ma J, Jiao L., “An efficient negative selection algorithm with further training for anomaly detection,†Knowledge-Based System, 2012; 30: pp.185–91.

M. Saniee Abadeh, J. Habibi, C. Lucas, “Intrusion detection using a fuzzy genetics-based learning algorithm,†Journal of Network and Computer Applications, 30 (2007) pp.414–428.

Aziz ASA, Salama M, ellaHassanien A, El-Ola Hanafi S., “Detectors generation using genetic algorithm for a negative selection inspired anomaly network intrusion detection system,†In: FedCSIS proceedings of federated conference on computer science and information systems; Wroclaw: IEEE, 2012. pp. 597–602.

Wang D, Zhang F, Xi L, “Evolving boundary detector for anomaly detection,†Expert System Applications, 2011; 38(3): pp. 2412–20.

Shapiro JM, Lamont GB, PetersonGL, “Anevolutionary algorithm to generate hyper- ellipsoid detectors for negative selection,†In: Beyer HG, editor. GECCO ‘05.Proceedings of the 2005 conference on Genetic and evolutionary computation. NewYork, NY, USA: ACM; 2005. pp. 337–44.

Rousseau P.J., Van Zomeren B.C., “Unmasking multivariate outliers and leverage points,â€Journal of the American Statistical Association, Vol. 85 (411), 1990, pp. 633-651

E. Eskin, “Anomaly detection over noisy data using learned probability distributions,†in Proc. 7th International Conference on Machine Learning, Morgan Kaufmann, 2000, pp. 255– 262.

C. Manikopoulos and S.Papavassiliou, “Network Intrusion and Fault Detection: Statistical roach,†IEEE Commun. Mag., vol. 40, no. 10, October 2002, pp.76–82.

Ye N, Emran SM, Chen Q, Vilbert S, “Multivariate statistical analysis of audit trails for host- based intrusion detection,†IEEE Transactions on Computers2002.

S. C. Lee and D. V. Heinbuch, “Training a neural-network based intrusion detector to recognize novel attacks,†IEEE Trans. Syst. Man Cybern. A, vol. 31, no. 4, 2001, pp.294–299.

M. Amini, R. Jalili, and H. R. Shahriari, “RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks,†Computers & Security, vol. 25, no. 6, 2006, pp. 459–468.

[29] G. Liu, Z. Yi, and S.Yang, “A hierarchical intrusion detection model based on the PCA neural networks,†Neurocomputing, vol. 70, no. 7-9, 2007, pp.1561–1568.

[30] R. C. Chen, K. F. Cheng, Y. H. Chen, and C. F. Hsieh, “Using Rough Set and Support Vector Machine for Network Intrusion Detection System,†In Proc. First Asian Conference on Intelligent Information and Database Systems.Washington, DC, USA: IEEE Computer Society, 2009, pp. 465–470.

The NSL-KDD dataset. The available World Wide Web is http://nsl.cs.unb.ca/NSL-KDD/

Tamer F.Ghanem, Wail S. Elkilani, Hatem, “A hybrid approach for efficient anomaly detection using metaheuristic methods,†Journal of advanced research,2014.

Tapas Kanungo, David M. Mount, Nathan S. Netanyahu, Christine D. Piatko, Ruth Silverman and Angela Y.Wu. “An Efficient k-means Clustering Algorithm: Analysis and Implementation,†IEEE Transactions on pattern analysis and machine intelligence, vol.24, No.7, July 2002, pp.881-892.

The EMclustering available at https://en.wikipedia.org/wiki/Expectation%E2%80%93maximization_algorithm