Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques

Abstract Anomaly based Intrusion Detection System (IDS) is getting popularity due to its adaptability to the changes in the behavior of network traffic as it has the ability to detect the new attacks. As it is very difficult to set any predefined rule for identifying correctly attack traffic since there is no major difference between normal and attack traffic. In this paper, Anomaly traffic detection system based on the Entropy of network features and Support Vector Machine (SVM) are compared. Further, a hybrid technique that is combination of both entropy of network features and support vector machine is compared with individual methods. DARPA Intrusion Detection Evaluation dataset is used in order to evaluate the methods. It is proved that entropy based detection technique is capable of identifying anomalies in network better than support vector machine based detection system. In addition, hybrid approach outperforms entropy and SVM based techniques.

[1]  Yi Lu,et al.  Clustering and Classification Based Anomaly Detection , 2006, FSKD.

[2]  Shunji Abe,et al.  Detecting DoS attacks using packet size distribution , 2007, 2007 2nd Bio-Inspired Models of Network, Information and Computing Systems.

[3]  Thair Nu Phyu Survey of Classification Techniques in Data Mining , 2009 .

[4]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[5]  Vyas Sekar,et al.  An empirical evaluation of entropy-based traffic anomaly detection , 2008, IMC '08.

[6]  Bhavani Thuraisingham,et al.  On-line anomaly detection based on relative entropy , 2011, 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology.

[7]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[8]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[9]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10]  Kenichi Yoshida,et al.  Entropy based intrusion detection , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[11]  Qian Quan,et al.  Entropy Based Method for Network Anomaly Detection , 2009, 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing.

[12]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[13]  D.S. Yeung,et al.  Denial of service detection by support vector machines and radial-basis function neural network , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[14]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.