Contribution of Four Class Labeled Attributes of Kdd Dataset on Detection and False Alarm Rate for Intrusion Detection System

KDD Cup dataset has been key in studying the Intrusion Detection Systems whose attributes can be labeled in four classes. The objective of this study is to assimilate the contribution of attributes from each of these four classes in achieving high detection rate and low false alarm rate. Machine learning algorithms are employed to study the classification of KDD Cup dataset in two classes of normal and anomalous data. Different variants of KDD Cup dataset are created with respect to four labels and each of these variants is simulated on a set of same algorithms. The results derived from the study of each data variant is analyzed and compared to derive a broad conclusion. This pragmatic study compiles the findings for detection rate and false alarm rate in intrusion detection systems with respect to data under each of the four labels. The study contributes to the estimation of desired attributes for achieving maximum detection rate and minimum false alarm rate simultaneously while adhering to the earlier findings signifying the obligatory connection of basic labeled attributes in intrusion detection. The study can help reduce the data complexity while identifying major attributes of a particular label that are significant in getting high detection rate and low false alarm rate at the same time.

[1]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[2]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[3]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[4]  Vijay Kumar Jha,et al.  Data Mining based Hybrid Intrusion Detection System , 2014 .

[5]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[6]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[7]  M. N. Masrek,et al.  Comparison of Machine Learning algorithms performance in detecting network intrusion , 2010, 2010 International Conference on Networking and Information Technology.

[8]  John E. Gaffney,et al.  Evaluation of intrusion detectors: a decision theory approach , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[10]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Robert P. W. Duin,et al.  Precision-recall operating characteristic (P-ROC) curves in imprecise environments , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[12]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[13]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[14]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[15]  Hong Shen,et al.  Application of online-training SVMs for real-time intrusion detection with different considerations , 2005, Comput. Commun..

[16]  C. Apte,et al.  Data mining with decision trees and decision rules , 1997, Future Gener. Comput. Syst..

[17]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[18]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[19]  Boris Skoric,et al.  An Information-Theoretic Measure of Intrusion Detection Capability , 2005 .

[20]  Sio-Iong Ao Data Mining Algorithms , 2008 .

[21]  Xiangliang Zhang,et al.  Processing of massive audit data streams for real-time anomaly intrusion detection , 2008, Comput. Commun..