Improving anomalous rare attack detection rate for intrusion detection system using support vector machine and genetic programming

Commonly addressed problem in intrusion detection system (IDS) research works that employed NSL-KDD dataset is to improve the rare attacks detection rate. However, some of the rare attacks are hard to be recognized by the IDS model due to their patterns are totally missing from the training set, hence, reducing the rare attacks detection rate. This problem of missing rare attacks can be defined as anomalous rare attacks and hardly been solved in IDS literature. Hence, in this letter, we proposed a new classifier to improve the anomalous attacks detection rate based on support vector machine (SVM) and genetic programming (GP). Based on the experimental results, our classifier, GPSVM, managed to get higher detection rate on the anomalous rare attacks, without significant reduction on the overall accuracy. This is because, GPSVM optimization task is to ensure the accuracy is balanced between classes without reducing the generalization property of SVM

Clasificador de intrusiones para riesgos de seguridad de aplicaciones

Los ataques a los sistemas siguen incrementándose día a día, el mayor conocimiento tanto de las herramientas computacionales, como de las debilidades de las mismas. La confidencialidad y la seguridad de los datos comerciales y personales así como las aplicaciones de misión crítica son parte de lo que las organizaciones no pueden permitir que estén el peligro de un fallo de seguridad. Las entidades deben tener de aplicaciones que cumplan con aspectos de seguridad, privacidad, acceso a la información de manera autorizada, en otras palabras que mitigan los riesgos asociados al manejo de la información. El objetivo de todo sistema de seguridad informática es proteger el principal valor de las organizaciones: datos e información. Cada organización tiene diferente políticas de seguridad y requerimientos dependiendo de su misión. Por ejemplo el caso de un banco, un proveedor de servicios en Internet, una universidad o una firma de consultoría. Sin embargo, todas tienen como objetivo común, de una u otra forma, mantener la confidencialidad, integridad y disponibilidad de los datos. Los sistemas de seguridad informática como firewalls, sistemas de detección de intrusos, anti-virus, y estándares para configurar sistemas operacionales y redes entre otros, conforman un sistema de apoyo que busca garantizar la protección de la información

Review on Intrusion Detection System Based on The Goal of The Detection System

An extensive review of the intrusion detection system (IDS) is presented in this paper. Previous studies review the IDS based on the approaches (algorithms) used or based on the types of the intrusion itself. The presented paper reviews the IDS based on the goal of the IDS (accuracy and time), which become the main objective of this paper. Firstly, the IDS were classified into two types based on the goal they intend to achieve. These two types of IDS were later reviewed in detail, followed by a comparison of some of the studies that have earlier been carried out on IDS. The comparison is done based on the results shown in the studies compared. The comparison shows that the studies focusing on the detection time reduce the accuracy of the detection compared to other studies

AK-means geometric smote with data complexity analysis for imbalanced dataset

Many binary class datasets in real-life applications are affected by class imbalance problem. Data complexities like noise examples, class overlap and small disjuncts problems are observed to play a key role in producing poor classification performance. These complexities tend to exist in tandem with class imbalance problem. Synthetic Minority Oversampling Technique (SMOTE) is a well-known method to re-balance the number of examples in imbalanced datasets. However, this technique cannot effectively tackle data complexities and has the capability of magnifying the degree of complexities. Therefore, various SMOTE variants have been proposed to overcome the downsides of SMOTE. Furthermore, no existing study has yet to identify the correlation between N1 complexity measure and classification measures such as geometric mean (G-Mean) and F1-Score. This study aims: (i) to identify the suitable complexity measures that have correlation with performance measures, (ii) to propose a new SMOTE variant which is K-Means Geometric SMOTE (KM-GSMOTE) that incorporates complexity measures during synthetic data generation task, and (iii) to evaluate KM-GSMOTE in term of classification performance. Series of experiments have been conducted to evaluate the classification performances related to G-Mean and F1-Score as well as the measurement of N1 complexity of benchmark SMOTE variants and KM-GSMOTE. The performance of KM-GSMOTE was evaluated on 6 benchmark binary datasets from the UCI repository. KM-GSMOTE records the highest percentage of average differences of G-Mean (22.76%) and F1-Score (15.13%) for SVM classifier. A correlation between classification measures and N1 complexity measures has been observed from the experimental results. The contributions of this study are (i) introduction of KM-GSMOTE that combines complexity measurement with model selection to pick models with the best classification performance and lower complexity value and (ii) observation of connection between classification performance and complexity measure, showing that as N1 complexity measure decreases, the likelihood of obtaining a substantial classification performance increases