9,535 research outputs found
Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.
Master of Science in Computer Engineering. University of KwaZulu-Natal, Durban 2016.In recent years, there has been a rapid increase in Internet usage, which has in turn led to a
rise in malicious network activity. Network Intrusion Detection Systems (NIDS) are tools
that monitor network traffic with the purpose of rapidly and accurately detecting malicious
activity. These systems provide a time window for responding to emerging threats and
attacks aimed at exploiting vulnerabilities that arise from issues such as misconfigured
firewalls and outdated software.
Anomaly-based network intrusion detection systems construct a profile of legitimate or
normal traffic patterns using machine learning techniques, and monitor network traffic for
deviations from the profile, which are subsequently classified as threats or intrusions. Due
to the richness of information contained in network traffic, it is possible to define large
feature vectors from network packets. This often leads to redundant or irrelevant features
being used in network intrusion detection systems, which typically reduces the detection
performance of the system.
The purpose of feature selection is to remove unnecessary or redundant features in a feature
space, thereby improving the performance of learning algorithms and as a result the
classification accuracy. Previous approaches have performed feature selection via optimization
techniques, using the classification accuracy of the NIDS on a subset of the data
as an objective function. While this approach has been shown to improve the performance
of the system, it is unrealistic to assume that labelled training data is available in operational
networks, which precludes the use of classification accuracy as an objective function
in a practical system.
This research proposes a method for feature selection in network intrusion detection that
does not require any access to labelled data. The algorithm uses normalized cluster validity
indices as an objective function that is optimized over the search space of candidate
feature subsets via a genetic algorithm. Feature subsets produced by the algorithm are
shown to improve the classification performance of an anomaly{based network intrusion
detection system over the NSL-KDD dataset. Despite not requiring access to labelled
data, the classification performance of the proposed system approaches that of efective
feature subsets that were derived using labelled training data
A hybrid method of genetic algorithm and support vector machine for intrusion detection
With the development of web applications nowadays, intrusions represent a crucial aspect in terms of violating the security policies. Intrusions can be defined as a specific change in the normal behavior of the network operations that intended to violate the security policies of a particular network and affect its performance. Recently, several researchers have examined the capabilities of machine learning techniques in terms of detecting intrusions. One of the important issues behind using the machine learning techniques lies on employing proper set of features. Since the literature has shown diversity of feature types, there is a vital demand to apply a feature selection approach in order to identify the most appropriate features for intrusion detection. This study aims to propose a hybrid method of Genetic Algorithm and Support Vector Machine. GA has been as a feature selection in order to select the best features, while SVM has been used as a classification method to categorize the behavior into normal and intrusion based on the selected features from GA. A benchmark dataset of intrusions (NSS-KDD) has been in the experiment. In addition, the proposed method has been compared with the traditional SVM. Results showed that GA has significantly improved the SVM classification by achieving 0.927 of f-measure
Automatic Dataset Labelling and Feature Selection for Intrusion Detection Systems
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Correctly labelled datasets are commonly required. Three particular scenarios are highlighted, which showcase this need. When using supervised Intrusion Detection Systems (IDSs), these systems need labelled datasets to be trained. Also, the real nature of the analysed datasets must be known when evaluating the efficiency of the IDSs when detecting intrusions. Another scenario is the use of feature selection that works only if the processed datasets are labelled. In normal conditions, collecting labelled datasets from real networks is impossible. Currently, datasets are mainly labelled by implementing off-line forensic analysis, which is impractical because it does not allow real-time implementation. We have developed a novel approach to automatically generate labelled network traffic datasets using an unsupervised anomaly based IDS. The resulting labelled datasets are subsets of the original unlabelled datasets. The labelled dataset is then processed using a Genetic Algorithm (GA) based approach, which performs the task of feature selection. The GA has been implemented to automatically provide the set of metrics that generate the most appropriate intrusion detection results
An Implementation of Intrusion Detection System Using Genetic Algorithm
Nowadays it is very important to maintain a high level security to ensure
safe and trusted communication of information between various organizations.
But secured data communication over internet and any other network is always
under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are
various approaches being utilized in intrusion detections, but unfortunately
any of the systems so far is not completely flawless. So, the quest of
betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently
detect various types of network intrusions. Parameters and evolution processes
for GA are discussed in details and implemented. This approach uses evolution
theory to information evolution in order to filter the traffic data and thus
reduce the complexity. To implement and measure the performance of our system
we used the KDD99 benchmark dataset and obtained reasonable detection rate
- …