Open Access Open Access  Restricted Access Subscription Access

Intrusion Detection System Classification using Different Machine Learning Algorithms on KDD-99 and NSL-KDD Datasets


Affiliations
1 Department of Computer Science, Eastern Michigan University, Ypsilanti, Michigan, United States
2 School of Information Security and Applied Computing, Eastern Michigan University, Ypsilanti, Michigan, United States
 

Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.

Keywords

Intrusion Detection System, KDD-99 Cup, NSL-KDD, Machine Learning Algorithms.
User
Notifications
Font Size

  • “DARPA98 attack description and schedule,” https://www.ll.mit.edu/ideval/docs/attacks.html, 1998, retrieved December 15, 2016.
  • L. Breiman, J. H. Friedman, R. A. Olshen, and C. J. Stone, Classification and Regression Trees, 1984.
  • D. A. Cieslak and N. V. Chawla, “A framework for monitoring classifiers’ performance: when and why failure occurs? “Knowledge and Information Systems, vol. 18, no. 1, pp. 83–108, 2009.
  • M. Fugate and J. R. Gattiker, “Anomaly detection enhanced classification in computer intrusion detection,” in Pattern Recognition with Support Vector Machines, vol. 2388, 2002, pp. 186–197.
  • M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, 2009.
  • J. McHugh, “Testing Intrusion detection systems: a critique of the 1998and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory,” ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 262–294, 2000.
  • S. Sung, A.H. Mukkamala. “Identifying important features for intrusion detection using support vector machines and neural networks”. In Proceedings of the Symposium on Applications and the Internet (SAINT), pp. 209–216. IEEE.
  • H. Kayacik, A. Zincir-Heywood and M. Heywood. “Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets”. In Proceedings of the Third Annual Conference on Privacy, Security and Trust (PST). 2005.
  • C. Lee, S. Shin and J. Chung. “Network intrusion detection through genetic feature selection”. In Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD), pp. 109–114. IEEE Computer Society,2006.
  • H. Zhang and J.Su., “Naive Bayes for optimal ranking”, Journal of Experimental and Theoretical Artificial Intelligence. 2008, 20: 79-93.
  • Z. Muda, W. Yassin, M.N. Sulaiman, N.I. Udzir, “Intrusion Detection based on K-Means Clustering and Naïve Bayes Classification” 2011 7thInternational Conference on IT in Asia (CITA)”.
  • Weiming Hu, Steve Maybank, “AdaBoost-Based Algorithm for Network Intrusion Detection”. In IEEE transaction on systems, MAN, and CYBERNETICS, APRIL 2008.

Abstract Views: 320

PDF Views: 295




  • Intrusion Detection System Classification using Different Machine Learning Algorithms on KDD-99 and NSL-KDD Datasets

Abstract Views: 320  |  PDF Views: 295

Authors

Ravipati Rama Devi
Department of Computer Science, Eastern Michigan University, Ypsilanti, Michigan, United States
Munther Abualkibash
School of Information Security and Applied Computing, Eastern Michigan University, Ypsilanti, Michigan, United States

Abstract


Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.

Keywords


Intrusion Detection System, KDD-99 Cup, NSL-KDD, Machine Learning Algorithms.

References