International Journal of Computer Networks and Applications

Open Access Open Access  Restricted Access Subscription Access

Towards Improved Detection of Intrusions with Constraint-Based Clustering (CBC)


Affiliations
1 Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
2 Department of Information Science and Engineering, CMR Institute of Technology, Bangalore, India
3 Department of Computer Science and Engineering, SRM Institute of Science and Technology, SRM Nagar, Chennai, Tamil Nadu, India
 

The modern society is greatly benefited by the advancement of the Internet. The quick surge in the number of connections and the ease of access to the Internet have given rise to tremendous security threat to individuals and organizations. In addition to intrusion prevention techniques like firewalls, intrusion detection systems (IDS) are an obligatory level of safety for establishments to identify insiders and outsiders with malicious intentions. Anomaly-based IDS is in the literature for the last few decades, but still the existing methods lack in three main aspects – difficulty in handling mixed attribute types, more dependence on input parameters and incompetence in maintaining a good balance between detection rate (DR) and false alarm rate (FAR). The research work proposed in this paper proposes a semi supervised IDS based on outlier detection which first selects the important features that help in identifying intrusive events and then applies a constraint-based clustering algorithm to closely learn the properties of normal connections. The proposed method can handle data with mixed attribute types efficiently, requires less number of parameters and maintains a good balance between DR and FAR. The standard NSL-KDD benchmark dataset is used for performance evaluation and the experimental results yielded an overall DR of 99.52% and FAR of 1.15%. It is successful in identifying 99.81% of DoS attacks, 99.71% of Probe attacks, 98.73% of R2L attacks and 96.50% of U2R attacks.

Keywords

Anomaly, Classification, Feature Extraction, NSL-KDD Dataset, Outlier, Intrusion Detection.
User
Notifications
Font Size


  • Towards Improved Detection of Intrusions with Constraint-Based Clustering (CBC)

Abstract Views: 399  |  PDF Views: 0

Authors

J. Rene Beulah
Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
C. Pretty Diana Cyril
Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
S. Geetha
Department of Information Science and Engineering, CMR Institute of Technology, Bangalore, India
D. Shiny Irene
Department of Computer Science and Engineering, SRM Institute of Science and Technology, SRM Nagar, Chennai, Tamil Nadu, India

Abstract


The modern society is greatly benefited by the advancement of the Internet. The quick surge in the number of connections and the ease of access to the Internet have given rise to tremendous security threat to individuals and organizations. In addition to intrusion prevention techniques like firewalls, intrusion detection systems (IDS) are an obligatory level of safety for establishments to identify insiders and outsiders with malicious intentions. Anomaly-based IDS is in the literature for the last few decades, but still the existing methods lack in three main aspects – difficulty in handling mixed attribute types, more dependence on input parameters and incompetence in maintaining a good balance between detection rate (DR) and false alarm rate (FAR). The research work proposed in this paper proposes a semi supervised IDS based on outlier detection which first selects the important features that help in identifying intrusive events and then applies a constraint-based clustering algorithm to closely learn the properties of normal connections. The proposed method can handle data with mixed attribute types efficiently, requires less number of parameters and maintains a good balance between DR and FAR. The standard NSL-KDD benchmark dataset is used for performance evaluation and the experimental results yielded an overall DR of 99.52% and FAR of 1.15%. It is successful in identifying 99.81% of DoS attacks, 99.71% of Probe attacks, 98.73% of R2L attacks and 96.50% of U2R attacks.

Keywords


Anomaly, Classification, Feature Extraction, NSL-KDD Dataset, Outlier, Intrusion Detection.

References





DOI: https://doi.org/10.22247/ijcna%2F2021%2F207980