AIRCC's International Journal of Computer Science and Information Technology

Open Access Open Access  Restricted Access Subscription Access

Ensemble Design for Intrusion Detection Systems


Affiliations
1 Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai, India
2 Computer Science Department, Sethu Institute of Technology, Madurai, India
 

Intrusion Detection problem is one of the most promising research issues of Information Security. The problem provides excellent opportunities in terms of providing host and network security. Intrusion detection is divided into two categories with respect to the type of detection. Misuse detection and Anomaly detection. Intrusion detection is done using rule based, Statistical, and Soft computing techniques. The rule based measures provides better results but the extensibility of the approach is still a question. The statistical measures are lagging in identifying the new types of attacks. Soft Computing Techniques offers good results since learning is done using the training, and during testing the new pattern of attacks was also recognized appreciably. This paper aims at detecting Intruders using both Misuse and Anomaly detection by applying Ensemble of soft Computing Techniques. Neural networks, Support Vector Machines and Naïve Bayes Classifiers are trained and tested individually and the classification rates for different classes are observed. Then threshold values are set for all the classes. Based on this threshold value the ensemble approach produces result for various classes. The standard kddcup'99 dataset is used in this research for Misuse detection. Shonlau dataset of truncated UNIX commands is used for Anomaly detection. The detection rate and false alarm rates are notified. Multilayer Perceptrons, Naïve Bayes classifiers and Support vector machines with three kernel functions are used for detecting intruders. The Precision, Recall and F- Measure for all the techniques are calculated. The cost of the techniques is estimated using the cost measures. The Receiver Operating Characteristic (ROC) curves are drawn for all the techniques. The results show that Support Vector Machines and Ensemble approach provides better detection rate of 99% than the other algorithms.

Keywords

Intrusion Detection Systems, Anomaly Detection Systems, Misuse Detection Systems, Support Vector Machines, Naive Bayes Classifiers, Multilayer Perceptrons, Ensemble Approach.
User
Notifications
Font Size

Abstract Views: 200

PDF Views: 116




  • Ensemble Design for Intrusion Detection Systems

Abstract Views: 200  |  PDF Views: 116

Authors

T. Subbulakshmi
Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai, India
A. Ramamoorthi
Computer Science Department, Sethu Institute of Technology, Madurai, India
S. Mercy Shalinie
Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai, India

Abstract


Intrusion Detection problem is one of the most promising research issues of Information Security. The problem provides excellent opportunities in terms of providing host and network security. Intrusion detection is divided into two categories with respect to the type of detection. Misuse detection and Anomaly detection. Intrusion detection is done using rule based, Statistical, and Soft computing techniques. The rule based measures provides better results but the extensibility of the approach is still a question. The statistical measures are lagging in identifying the new types of attacks. Soft Computing Techniques offers good results since learning is done using the training, and during testing the new pattern of attacks was also recognized appreciably. This paper aims at detecting Intruders using both Misuse and Anomaly detection by applying Ensemble of soft Computing Techniques. Neural networks, Support Vector Machines and Naïve Bayes Classifiers are trained and tested individually and the classification rates for different classes are observed. Then threshold values are set for all the classes. Based on this threshold value the ensemble approach produces result for various classes. The standard kddcup'99 dataset is used in this research for Misuse detection. Shonlau dataset of truncated UNIX commands is used for Anomaly detection. The detection rate and false alarm rates are notified. Multilayer Perceptrons, Naïve Bayes classifiers and Support vector machines with three kernel functions are used for detecting intruders. The Precision, Recall and F- Measure for all the techniques are calculated. The cost of the techniques is estimated using the cost measures. The Receiver Operating Characteristic (ROC) curves are drawn for all the techniques. The results show that Support Vector Machines and Ensemble approach provides better detection rate of 99% than the other algorithms.

Keywords


Intrusion Detection Systems, Anomaly Detection Systems, Misuse Detection Systems, Support Vector Machines, Naive Bayes Classifiers, Multilayer Perceptrons, Ensemble Approach.