7,034 research outputs found
Evaluation of Machine Learning Algorithms for Intrusion Detection System
Intrusion detection system (IDS) is one of the implemented solutions against
harmful attacks. Furthermore, attackers always keep changing their tools and
techniques. However, implementing an accepted IDS system is also a challenging
task. In this paper, several experiments have been performed and evaluated to
assess various machine learning classifiers based on KDD intrusion dataset. It
succeeded to compute several performance metrics in order to evaluate the
selected classifiers. The focus was on false negative and false positive
performance metrics in order to enhance the detection rate of the intrusion
detection system. The implemented experiments demonstrated that the decision
table classifier achieved the lowest value of false negative while the random
forest classifier has achieved the highest average accuracy rate
Packet Classification based on Boundary Cutting analysis by using Bloom Filters
Packet classification has received a great deal of attention over the half decade in applications such as Quality of Service (QoS), security, firewalls, Network Intrusion Detection System (NIDS), multimedia services, differentiated services. They perform different operations at different flows. Existing decision-tree-based packet classification algorithms, HiCuts and HyperCuts perform search by geometrical representation of rules in a classifier by searching for a geometric space to which packet belongs. These decision tree algorithms have complications in finding number of cuts and the field. Also fixed interval-based cutting not covers the actual space for each rule. Hence it is ineffective and requires huge storage requirement. In recent years, Bloom Filter, which is space-efficient and probabilistic data structure for membership queries, becomes popular in many network applications. It requires small amount of memory and used to avoid lookups to sustain high throughput. It handles the large database and provides security in network applications like NIDS. This paper presents a boundary cutting (BC) scenario which exploits the structure of classifiers. It finds out the space that each rule covers and perform cutting according to rule boundary. Hence it is deterministic, and more effective in providing improved search performance and efficient in memory requirement. Security roles are also considered during classification.
DOI: 10.17762/ijritcc2321-8169.15075
Hierarchical TCP network traffic classification with adaptive optimisation
Nowadays, with the increasing deployment of modern packet-switching networks,
traffic classification is playing an important role in network administration. To
identify what kinds of traffic transmitting across networks can improve network
management in various ways, such as traffic shaping, differential services, enhanced
security, etc. By applying different policies to different kinds of traffic, Quality
of Service (QoS) can be achieved and the granularity can be as fine as flow-level.
Since illegal traffic can be identified and filtered, network security can be enhanced
by employing advanced traffic classification.
There are various traditional techniques for traffic classification. However,
some of them cannot handle traffic generated by applications using non-registered
ports or forged ports, some of them cannot deal with encrypted traffic and some
techniques require too much computational resources. The newly proposed technique
by other researchers, which uses statistical methods, gives an alternative
approach. It requires less resources, does not rely on ports and can deal with encrypted
traffic. Nevertheless, the performance of the classification using statistical
methods can be further improved.
In this thesis, we are aiming for optimising network traffic classification based
on the statistical approach. Because of the popularity of the TCP protocol, and
the difficulties for classification introduced by TCP traffic controls, our work is
focusing on classifying network traffic based on TCP protocol. An architecture has
been proposed for improving the classification performance, in terms of accuracy
and response time. Experiments have been taken and results have been evaluated
for proving the improved performance of the proposed optimised classifier.
In our work, network packets are reassembled into TCP flows. Then, the
statistical characteristics of flows are extracted. Finally the classes of input flows
can be determined by comparing them with the profiled samples. Instead of using only one algorithm for classifying all traffic flows, our proposed system employs
a series of binary classifiers, which use optimised algorithms to detect different
traffic classes separately. There is a decision making mechanism for dealing with
controversial results from the binary classifiers. Machining learning algorithms
including k-nearest neighbour, decision trees and artificial neural networks have
been taken into consideration together with a kind of non-parametric statistical
algorithm β Kolmogorov-Smirnov test. Besides algorithms, some parameters are
also optimised locally, such as detection windows, acceptance thresholds. This
hierarchical architecture gives traffic classifier more flexibility, higher accuracy
and less response time
- β¦