Towards Practical Anomaly-Based Intrusion Detection by Outlier Mining on TCP Packets

Intrusion detection System (IDS) is an important part of the security of large networks like the Internet. With increasing number of data being transmitted day by day from one subnetwork to another, the system needs to identify intrusion in such large datasets in an effectively and timely manner. So the application of knowledge discovery comes handy to identify unusual accesses or attacks. Improving an IDS’s performance and accuracy is one of the major challenges network security research today. In this paper, we propose a practical anomaly-based IDS using outlier mining of the readily available basic Transmission Control Protocol (TCP) header information as well as other easily derivable attributes. We use a two-step approach of k-means clustering and one-class support vector machine (SVM) to model the normal sessions presented in MIT DARPA ’99 dataset. We then feed the testing set to the resultant model to predict the attacks sessions.

[1]  Xin Zhang,et al.  The Application of Machine Learning Methods to Intrusion Detection , 2012, 2012 Spring Congress on Engineering and Technology.

[2]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[3]  Jim Alves-Foss,et al.  NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach , 2001, NSPW '01.

[4]  Hadi Sarvari,et al.  Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches , 2010, 2010 International Conference of Soft Computing and Pattern Recognition.

[5]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[6]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[7]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[8]  Shan Suthaharan,et al.  Relevance feature selection with data cleaning for intrusion detection system , 2012, 2012 Proceedings of IEEE Southeastcon.

[9]  Ali A. Ghorbani,et al.  Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[10]  M. Hanumanthappa,et al.  Intrusion Detection System using decision tree algorithm , 2012, 2012 IEEE 14th International Conference on Communication Technology.

[11]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[12]  Jim Alves-Foss,et al.  NATE: Network Analysis ofAnomalousTrafficEvents, a low-cost approach , 2001 .