Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach

ABSTRACT A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms.

[1]  Valentin Sgarciu,et al.  Intelligent feature selection method rooted in Binary Bat Algorithm for intrusion detection , 2015, 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics.

[2]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[3]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[4]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..

[5]  Xiangjian He,et al.  A Novel Feature Selection Approach for Intrusion Detection Data Classification , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[6]  B. B. Gupta,et al.  A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques , 2011, 2011 European Intelligence and Security Informatics Conference.

[7]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[8]  Shingo Yamaguchi,et al.  A Petri net-based framework of intrusion detection systems , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[9]  V. N. Tiwari,et al.  A Novel Intrusion Detection System Based on Soft Computing Techniques Using Neuro- Fuzzy Classifier for Packet Dropping Attack in MANETs , 2016, Int. J. Netw. Secur..

[10]  Kuinam J. Kim,et al.  A feature selection approach to find optimal feature subsets for the network intrusion detection system , 2015, Cluster Computing.

[11]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[12]  Hazem M. El-Bakry,et al.  A real-time intrusion detection algorithm for network security , 2008 .

[13]  Kalyani Waghmare,et al.  Intrusion Detection System using Support Vector Machine (SVM) and Particle Swarm Optimization (PSO) , 2014 .

[14]  Francisco Herrera,et al.  On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems , 2015, Expert Syst. Appl..

[15]  Olusegun Folorunso,et al.  An Improved Semi-Global Alignment Algorithm for Masquerade Detection , 2011, Int. J. Netw. Secur..

[16]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[17]  Manas Ranjan Patra,et al.  Hybrid intelligent systems for detecting network intrusions , 2015, Secur. Commun. Networks.

[18]  Philip K. Chan,et al.  MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences , 2004, VizSEC/DMSEC '04.

[19]  Brett J. Borghetti,et al.  A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection , 2015, IEEE Communications Surveys & Tutorials.

[20]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[21]  Steven Furnell,et al.  D-FICCA: A density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks , 2014 .

[22]  Bhushan H. Trivedi,et al.  Improving Performance of Mobile Agent Based Intrusion Detection System , 2015, 2015 Fifth International Conference on Advanced Computing & Communication Technologies.

[23]  Przemyslaw Kudlacik,et al.  Fuzzy approach for intrusion detection based on user’s commands , 2016, Soft Comput..

[24]  Valentin Sgarciu,et al.  Anomaly intrusions detection based on support vector machines with bat algorithm , 2014, 2014 18th International Conference on System Theory, Control and Computing (ICSTCC).

[25]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[26]  Mohammad Reza Ahmadi,et al.  An Intrusion Prediction Technique Based on Co-evolutionary Immune System for Network Security (CoCo-IDP) , 2009, Int. J. Netw. Secur..

[27]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[28]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[29]  Michel Toulouse,et al.  A Consensus Based Network Intrusion Detection System , 2015, 2015 5th International Conference on IT Convergence and Security (ICITCS).

[30]  Dharma P. Agrawal,et al.  Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security , 2016 .

[31]  Boleslaw K. Szymanski,et al.  Sequence alignment for masquerade detection , 2008, Comput. Stat. Data Anal..

[32]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[33]  Xu Zhang,et al.  Efficient classification using parallel and scalable compressed model and its application on intrusion detection , 2014, Expert Syst. Appl..

[34]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..

[35]  Shaveta Rani,et al.  Optimal Keyless Algorithm for Security , 2015 .

[36]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[37]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[38]  Dongsu Han,et al.  Scaling the performance of network intrusion detection with many-core processors , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[39]  Jamal Raiyn,et al.  A survey of Cyber Attack Detection Strategies , 2014 .

[40]  T. Lane,et al.  Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .

[41]  Tom Fawcett,et al.  Combining Data Mining and Machine Learning for Effective User Profiling , 1996, KDD.

[42]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[43]  Muhammad Hussain,et al.  Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components , 2014, Neural Computing and Applications.

[44]  Omar Al-Jarrah,et al.  Network Intrusion Detection System Using Neural Network Classification of Attack Behavior , 2015 .