An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset

Intrusion detection system (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse based intrusion detection system to detect five categories such as: Exploit, DOS, Probe, Generic and Normal in a network. Further, most of the related works on IDS are based on KDD99 or NSL-KDD 99 data set. These data sets are considered obsolete to detect recent types of attacks and have no significance. In this paper UNSW-NB15 data set is considered as the offline dataset to design own integrated classification based model for detecting malicious activities in the network. Performance of the proposed integrated classification based model is considerably high compared to other existing decision tree based models to detect these five categories. Moreover, this paper generates its own real time data set at NIT Patna CSE lab (RTNITP18) which acts as the working example of proposed intrusion detection model. This RTNITP18 dataset is considered as a test data set to evaluate the performance of the proposed intrusion detection model. The performance analysis of the proposed model with UNSW-NB15 (benchmark data set) and real time data set (RTNITP18) shows higher accuracy, attack detection rate, mean F-measure, average accuracy, attack accuracy, and false alarm rate in comparison to other existing approaches. Proposed IDS model acts as the dog watcher to detect different types of threat in the network.

[1]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[2]  Usha Banerjee,et al.  Evaluation of the Capabilities of WireShark as a tool for Intrusion Detection , 2010 .

[3]  Georgios Kambourakis,et al.  Dendron : Genetic trees driven rule induction for network intrusion detection systems , 2018, Future Gener. Comput. Syst..

[4]  Pawel Kulakowski,et al.  Angle-of-arrival localization based on antenna arrays for wireless sensor networks , 2010, Comput. Electr. Eng..

[5]  Vipin Das,et al.  Network Intrusion Detection System Based On Machine Learning Algorithms , 2010 .

[6]  Muhammad Akram,et al.  Novel decision-making algorithms based on intuitionistic fuzzy rough environment , 2018, Int. J. Mach. Learn. Cybern..

[7]  Ken Ferens,et al.  Network Intrusion Detection Using Machine Learning , 2016 .

[8]  Balwinder Singh Surjan,et al.  MICROGRID: A REVIEW , 2014 .

[9]  B. B. Gupta,et al.  FVBA: A combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain , 2008, 2008 16th IEEE International Conference on Networks.

[10]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[11]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[12]  Dharma P. Agrawal,et al.  Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security , 2016 .

[13]  P.Akshaya Intrusion Detection System Using Machine Learning Approach , 2016 .

[14]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[15]  Anurag Jain,et al.  An Improved Method to Detect Intrusion Using Machine Learning Algorithms , 2016 .

[16]  Hala H. Zayed,et al.  Intrusion Detection: Supervised Machine Learning , 2011, J. Comput. Sci. Eng..

[17]  Shingo Yamaguchi,et al.  A Petri net-based framework of intrusion detection systems , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[18]  Peyman Kabiri,et al.  Feature Selection for Intrusion Detection System Using Ant Colony Optimization , 2016, Int. J. Netw. Secur..

[19]  B. B. Gupta,et al.  A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques , 2011, 2011 European Intelligence and Security Informatics Conference.

[20]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[21]  Mohamed A. Shaheen,et al.  Adaptive Layered Approach using Machine Learning Techniques with Gain Ratio for Intrusion Detection Systems , 2012, ArXiv.

[22]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[23]  Qinghua Hu,et al.  Feature selection based on maximal neighborhood discernibility , 2018, Int. J. Mach. Learn. Cybern..

[24]  B. B. Gupta,et al.  Enhanced CBF Packet Filtering Method to Detect DDoS Attack in Cloud Computing Environment , 2013, ArXiv.

[25]  Éric Gaussier,et al.  A Probabilistic Interpretation of Precision, Recall and F-Score, with Implication for Evaluation , 2005, ECIR.

[26]  Santosh Biswas,et al.  Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization , 2014, International Journal of Machine Learning and Cybernetics.

[27]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[28]  Yasser Yasami,et al.  A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods , 2010, The Journal of Supercomputing.

[29]  Ajit Kalekar,et al.  Real Time Intrusion Detection System using Machine Learning , 2014 .

[30]  Khalid Ashraf,et al.  Kalman Filter-Based Hybrid Indoor Position Estimation Technique in Bluetooth Networks , 2013 .

[31]  Namita Parati,et al.  Intrusion Detection System Using Support Vector Machine , 2013 .

[32]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[33]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[34]  Naruemon Wattanapongsakorn,et al.  Web-based monitoring approach for network-based intrusion detection and prevention , 2014, Multimedia Tools and Applications.

[35]  Lu Feng,et al.  Towards accurate intrusion detection based on improved clonal selection algorithm , 2017, Multimedia Tools and Applications.