ANOMALY BASED IMPROVED NETWORK INTRUSION DETECTION SYSTEM USING CLUSTERING TECHNIQUES

The detection of new threats has become a need for secured communication to provide complete data confidentiality. The network requires anomaly detection to shield from hurtful activities. There are various types of metaheuristic methods used for anomaly detection. In this paper, a new approach is proposed for network anomaly detection using multi-start metaheuristic method and enhancement in clustering algorithms. The main stages involved in the proposed approach are: preprocessing, clustering, training dataset selection and the performance evaluation based on training and testing dataset to detect anomalies. The performance of two clustering algorithms, i.e. K-means and expectation maximization (EM) is compared using detection accuracy, false positive rate, and detector generation time. The experimental results are based on NSL-KDD dataset. The results show that the EM clustering performs better than K-means clustering algorithm.

[1]  Xin Xu,et al.  Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies , 2010, Appl. Soft Comput..

[2]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[3]  Umeshwar Dayal,et al.  K-Harmonic Means - A Data Clustering Algorithm , 1999 .

[4]  Maoguo Gong,et al.  An efficient negative selection algorithm with further training for anomaly detection , 2012, Knowl. Based Syst..

[5]  Liang Xi,et al.  Evolving boundary detector for anomaly detection , 2011, Expert Syst. Appl..

[6]  P. Rousseeuw,et al.  Unmasking Multivariate Outliers and Leverage Points , 1990 .

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Ali Kartit,et al.  A NEW APPROACH TO INTRUSION DETECTION SYSTEM , 2012 .

[9]  A. N. Zincir-Heywood,et al.  Intrusion Detection Systems , 2008 .

[10]  Christopher C. White,et al.  Focus on Durability, PATH Research at the National Institute of Standards and Technology | NIST , 2001 .

[11]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[12]  Aboul Ella Hassanien,et al.  Detectors generation using genetic algorithm for a negative selection inspired anomaly network intrusion detection system , 2012, 2012 Federated Conference on Computer Science and Information Systems (FedCSIS).

[13]  Wail S. Elkilani,et al.  A hybrid approach for efficient anomaly detection using metaheuristic methods , 2014, Journal of advanced research.

[14]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[15]  Joel J. P. C. Rodrigues,et al.  Anomaly detection using DSNS and Firefly Harmonic Clustering Algorithm , 2012, 2012 IEEE International Conference on Communications (ICC).

[16]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[17]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[18]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[19]  Michel Dagenais,et al.  Real Time Intrusion Prediction based on Optimized Alerts with Hidden Markov Model , 2012, J. Networks.

[20]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[21]  Stuart Staniford-chen,et al.  The Common Intrusion Detection Framework - Data Formats , 1998 .

[22]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[23]  Shu-Chin Wang,et al.  An Integrated Intrusion Detection System for Cluster-based Wireless Sensor Networks , 2011, Expert Syst. Appl..

[24]  Hamid Mohamadi,et al.  Design and analysis of genetic fuzzy systems for intrusion detection in computer networks , 2011, Expert Syst. Appl..

[25]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[26]  Fernando Niño,et al.  Recent Advances in Artificial Immune Systems: Models and Applications , 2011, Appl. Soft Comput..

[27]  C. Lucas,et al.  Intrusion detection using a fuzzy genetics-based learning algorithm , 2007, J. Netw. Comput. Appl..

[28]  Gilbert L. Peterson,et al.  An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection , 2005, GECCO '05.

[29]  D.M. Mount,et al.  An Efficient k-Means Clustering Algorithm: Analysis and Implementation , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[30]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.