A New Data mining Based Approach for Network Intrusion Detection
Description
Nowadays, as information systems are more open to the Internet, the importance of secure networks is tremendously increased. New intelligent Intrusion Detection Systems (IDSs) which are based on sophisticated algorithms rather than current signature-base detections are in demand. In this paper, we propose a new data-mining based technique for intrusion detection using an ensemble of binary classifiers with feature selection and multiboosting simultaneously. Our model employs feature selection so that the binary classifier for each type of attack can be more accurate, which improves the detection of attacks that occur less frequently in the training data. Based on the accurate binary classifiers, our model applies a new ensemble approach which aggregates each binary classifier’s decisions for the same input and decides which class is most suitable for a given input. During this process, the potential bias of certain binary classifier could be alleviated by other binary classifiers’ decision. Our model also makes use of multiboosting for reducing both variance and bias. The experimental results show that our approach provides better performance in terms of accuracy and cost than the winner entry of the ‘Knowledge Development and Data mining’ (KDD) ’99 cup challenge. Future works will extend our analysis to a new ‘Protected Repository for the Defense of Infrastructure against Cyber Threats’ (PREDICT) dataset as well as real network data.
Introduction
There has been a recent awareness of the risk associated with network attacks by criminals or terrorists, as information systems are now more open to the Internet than ever before. Records made available by the Pentagon showed that they logged over 79,000 attempted intrusions in 2005 with about 1,300 successful ones. The deployment of sophisticated firewalls or authentication systems is no longer enough for building a secure information system. In addition, most of intrusion detection systems nowadays rely on handcrafted signatures just like anti-viruses which have to be updated continuously in order to be effective against new attacks. There is a need now to focus on the detection of unknown intrusions instead of relying on this signature based approach. This has led to another approach to intrusion detection which consists of detecting anomalies on the network. The anomaly detection attempts to quantify usual or acceptable behavior and flags other irregular behavior as potentially intrusive. Unfortunately, the number of false positives generated by existing such systems is often too high, and it requires network administrators to go over too many entries, which reduces their efficiency. In this paper, we will present a new data-mining based technique for intrusion detection using an ensemble of binary classifiers with feature selection and multiboosting simultaneously. Our model employs feature selection so that the binary classifier for each type of attack can be more accurate, which improves the detection of attacks that occur less frequently in the training data. Based on the accurate binary classifiers, our model applies a new ensemble approach which aggregates each binary classifier’s decisions for the same input and decides which class is most suitable for a given input. During this process, the potential bias of certain binary classifier could be alleviated by other binary classifiers’ decision. Our model also makes use of multiboosting for reducing both variance and bias. In addition, we will evaluate our model by various experiments.
Existing System
ISOA (Information Security Officer’s Assistant)
Distributed Intrusion Detection System (DIDS)
The MINDS System [78]: The Minnesota Intrusion Detection System (MINDS)
· We are detecting with small about of extension applied to detect.
· At all detection the technology beyond with detection getting delays in Network.
· It will be not used to the environment to detect the network.
· Network will be always busy in this scenario.
· Data Overload
· Increasing amount of False Negative
· False Positive rate is high.
Proposed System
· Reduce the amount false positive and False Negative
· Avoid the data Overload problem
· Reduce the bias and variance
Ability to detect the novel attack
Hi,
ReplyDeleteNice and informative post. I appreciate the work done by author in this blog. Thanks for sharing this informative post.
Intrusion Detection