A proposed HTTP service based IDS

Abstract The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. Security administrators use Intrusion-Detection System (IDS) to monitor network traffic and host activities to detect attacks against hosts and network resources. In this paper IDS based on Naive Bayes classifier is analyzed. The main objective is to enhance IDS performance through preparing the training data set allowing to detect malicious connections that exploit the http service. Results of application are demonstrated and discussed. In the training phase of the proposed IDS, at first a feature selection technique based on Naive Bayes classifier is used, this technique identifies the most important HTTP traffic features that can be used to detect HTTP attacks. In the testing and running phases proposed IDS classifies the network traffic based on the requested service, then based on the selected features Naive Bayes classifier is used to analyze the HTTP service based traffic and identifies the HTTP normal connections and attacks. The performance of the IDS is measured through experiments using NSL-KDD data set. The results show that the detection rate of the IDS is about 99%, the false-positive rate is about 1%, and the false-negative rate is about 0.25%; therefore, proposed IDS holds the highest detection rate and the lowest false alarm compared with other leading IDS. In addition, the proposed IDS based on Naive Bayes is used to classify network connections as a normal or attack. And it holds a high detection rate and a low false alarm.

[1]  K. Raghuveer,et al.  Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers , 2013, 2013 International Conference on Computer Communication and Informatics.

[2]  Jane Labadin,et al.  Feature selection based on mutual information , 2015, 2015 9th International Conference on IT in Asia (CITA).

[3]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[4]  Chowdhury Mofizur Rahman,et al.  Adaptive Intrusion Detection based on Boosting and , 2011 .

[5]  Ljiljana Trajkovic,et al.  Feature selection for classification of BGP anomalies using Bayesian models , 2012, 2012 International Conference on Machine Learning and Cybernetics.

[6]  Houkuan Huang,et al.  Feature selection for text classification with Naïve Bayes , 2009, Expert Syst. Appl..

[7]  Alexander G. Tartakovsky,et al.  Efficient Computer Network Anomaly Detection by Changepoint Detection Methods , 2012, IEEE Journal of Selected Topics in Signal Processing.

[8]  Hari Om,et al.  A hybrid system for reducing the false alarm rate of anomaly intrusion detection system , 2012, 2012 1st International Conference on Recent Advances in Information Technology (RAIT).

[9]  Yang-Xia Luo The Research of Bayesian Classifier Algorithms in Intrusion Detection System , 2010, 2010 International Conference on E-Business and E-Government.

[10]  Jiawei Han,et al.  Generalized Fisher Score for Feature Selection , 2011, UAI.

[11]  Wen Gao,et al.  Online selecting discriminative tracking features using particle filter , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[12]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[13]  C. N. Modi,et al.  Bayesian Classifier and Snort based network intrusion detection system in cloud computing , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).