Intrusion Detection System based on Hybrid Classifier and User Profile Enhancement Techniques

This paper presents a user intrusion detection system based on hybrid classifier and profile enhancement techniques. The proposed approach is an anomaly-based intrusion detection system that uses supervised learning based on event logs. A standard user profile is first built on the historical log data. This user profile is then used to detect anomalous user behavior by comparing it against the new log data. The intrusion detection system is designed as a hybrid classifier using Naïve Bayes and Support Vector Machine (SVM). The results from the hybrid classifier show improved accuracy and reduced false positives. Furthermore, the user profile is enhanced by adding a new set of features. It is observed that using session based features to enhance the user profile improved the performance of the classifier. The experiments are conducted on historical log data from two different sources and in both the cases a performance improvement is observed. In the case of a hybrid classifier, an accuracy of 0.929 and a precision of 0.953 is observed. While after the enhancement of the user profile, accuracy and precision increased to 0.931 and 0.958 respectively.

[1]  Angela Denise Landress A hybrid approach to reducing the false positive rate in unsupervised machine learning intrusion detection , 2016, SoutheastCon 2016.

[2]  Neha Gupta,et al.  Reducing False Positive in Intrusion Detection System : A Survey , 2016 .

[3]  Malcolm I. Heywood,et al.  Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning , 2020, IEEE Transactions on Network and Service Management.

[4]  Christoph Meinel,et al.  Identifying Suspicious User Behavior with Neural Networks , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[5]  T. Lane,et al.  Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .

[6]  George M. Mohay,et al.  Detection of Anomalies from User Profiles Generated from System Logs , 2011, AISC.

[7]  Kaizhi Chen,et al.  Insider Threat Detection Based on Deep Belief Network Feature Representation , 2017, 2017 International Conference on Green Informatics (ICGI).

[8]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[9]  Victor A. Skormin,et al.  Behavioral Modeling for Suspicious Process Detection in Cloud Computing Environments , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[10]  Risto Vaarandi,et al.  An unsupervised framework for detecting anomalous messages from syslog log files , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[11]  Ramiro Gonçalves,et al.  Intrusion detection systems in Internet of Things: A literature review , 2018, 2018 13th Iberian Conference on Information Systems and Technologies (CISTI).

[12]  ChenJinjun,et al.  Host-Based Intrusion Detection System with System Calls , 2018 .

[13]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[14]  Sandeep Sigdel,et al.  An approach to develop a hybrid algorithm based on support vector machine and Naive Bayes for anomaly detection , 2017, 2017 International Conference on Computing, Communication and Automation (ICCCA).

[15]  Kathleen Goeschel,et al.  Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis , 2016, SoutheastCon 2016.

[16]  Joel J. P. C. Rodrigues,et al.  A comprehensive survey on network anomaly detection , 2018, Telecommunication Systems.

[17]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[18]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[19]  Roksana Boreli,et al.  A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[20]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[21]  Kim-Kwang Raymond Choo,et al.  User profiling in intrusion detection: A review , 2016, J. Netw. Comput. Appl..

[22]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[23]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[24]  Rich Caruana,et al.  Predicting good probabilities with supervised learning , 2005, ICML.

[25]  Amit Gupta,et al.  Study and Analysis of Breast Cancer Cell Detection using Naïve Bayes, SVM and Ensemble Algorithms , 2016 .

[26]  Kai Ye,et al.  Key Feature Recognition Algorithm of Network Intrusion Signal Based on Neural Network and Support Vector Machine , 2019, Symmetry.

[27]  Christoph Meinel,et al.  Multi-step Attack Pattern Detection on Normalized Event Logs , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.