Network Intrusion Detection Using One-Class Classification Based on Standard Deviation of Service's Normal Behavior

Barhoom, Tawfiq S. and Matar, Ramzi A. (2015) Network Intrusion Detection Using One-Class Classification Based on Standard Deviation of Service's Normal Behavior. International Journal of Computer Trends and Technology (IJCTT), 26 (1). pp. 17-25.

[img]
Preview
Text
IJCTT-V26P104.pdf

Download (304kB) | Preview
Official URL: http://www.ijcttjournal.org/archives/ijctt-v26p104

Abstract

A lot of efforts have been given toward designing a perfect NIDS that has a high detection rate and low false alarm rate. Some have used misuse detection technique which fails to detect zero-day attacks, while the problem of using supervised learning is the cost of producing labeled dataset which is essential for training the model and also the model is trained on known attacks which may fail to detect new variant attacks. On the other hand, unsupervised learning has the problem of labeling the generated clusters. Once-Class Classification learning technique (OCC) suffers from the high dimensional network feature spaces, Also, problems may arise when large differences in density exist. To overcome these problems, we proposed OCC-NIDS model based on the standard deviation of service’s normal behaviour. Through this model we dealt with each network service as single class instead of dealing with all network services as a single class. By this way we use just the relevant features of each service, hence reducing the high dimensional network feature spaces and also ensure that each class has – a proximately – uniform distribution. The proposed model proved that it is able to detect abnormal network traffic with high detection rate and low false positive rate. It achieved 99.72% detection rate and 99.65% accuracy rate with a false alarm rate reached 0.7% and false positive rate 0.005% on KDD Cup’99 dataset.

Item Type: Article
Uncontrolled Keywords: Network Intrusion Detection, Service’s Normal Behaviour, One-Class Classification, Standard Deviation
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science
Depositing User: Mr Ramzi Matar
Date Deposited: 14 Feb 2018 12:22
Last Modified: 11 Mar 2018 09:03
URI: http://scholar.alaqsa.edu.ps/id/eprint/244

Actions (login required)

View Item View Item