A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification

S. Vahid Farrahi; Mahsa Kamali Sarvestani; Marzieh Ahmadzadeh

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Process Optimization Time for a Service in 4G Network by SNMP Monitoring and IaaS Cloud Computing

August

2013

An Implementation and Comparative Analysis of PID Controller and their Auto Tuning Method for Three Tank Liquid Level Control

May

2011

Towards Standardization of Deregulated Electricity Market Communications in Nigeria

November

2015

An Analysis of Wide-Area Networks

Oct

2016

Reseach Article

A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification

by S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 121 - Number 19

Year of Publication: 2015

Authors: S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh

10.5120/21652-4983

S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh . A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification. International Journal of Computer Applications. 121, 19 ( July 2015), 47-50. DOI=10.5120/21652-4983

@article{ 10.5120/21652-4983,

author = { S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh },

title = { A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification },

journal = { International Journal of Computer Applications },

issue_date = { July 2015 },

volume = { 121 },

number = { 19 },

month = { July },

year = { 2015 },

issn = { 0975-8887 },

pages = { 47-50 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume121/number19/21652-4983/ },

doi = { 10.5120/21652-4983 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T23:08:53.394925+05:30

%A S. Vahid Farrahi

%A Mahsa Kamali Sarvestani

%A Marzieh Ahmadzadeh

%T A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification

%J International Journal of Computer Applications

%@ 0975-8887

%V 121

%N 19

%P 47-50

%D 2015

%I Foundation of Computer Science (FCS), NY, USA

Abstract

In this paper, a new algorithm has been proposed for network intrusion detection. The proposed algorithm operates in a simple but efficient manner. It uses labeled data in the training phase, which means that our algorithm is a supervised algorithm. In the training phase of the algorithm, the data are categorized based on their class label values. Then, the algorithm compute a center point for each category of the class label. A center point is a mean of all samples that belong to the same category. Finally, in the testing phase, the algorithm uses Euclidean distance metric to label the test data based on their distances to the center points. In other words, each test data assigns to the nearest center point. However, a pre-defined threshold has been used in the testing phase in order to deal with zero-day attacks. If a test data point is closer to the normal center it will be assign to the normal class but in this case the algorithm checks the pre-defined threshold. If the distance to the normal center was greater than the pre-defined threshold the test data point will be classify as an attack, else it will be assign to the normal class. Experimental results show that the proposed algorithm is superior to single Naïve Bayes classifier. The detection rate of the proposed algorithm with 95% confidence is between 95. 88 ± 0. 11 and the detection rate of Naïve Bayes algorithm with the same confidence is between 90. 03 ± 0. 31.

References

E. Biermann, E. Cloete, and L. M. Venter, "A comparison of intrusion detection systems," Computers & Security, vol. 20, pp. 676-683, 2001.
B. Morin and L. Mé, "Intrusion detection and virology: an analysis of differences, similarities and complementariness," Journal in computer virology, vol. 3, pp. 39-49, 2007.
P. Kabiri and A. A. Ghorbani, "Research on Intrusion Detection and Response: A Survey," IJ Network Security, vol. 1, pp. 84-102, 2005.
P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, pp. 18-28, 2009.
A. Patcha and J. -M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Networks, vol. 51, pp. 3448-3470, 2007.
S. Mukherjee and N. Sharma, "Intrusion detection using naive Bayes classifier with feature reduction," Procedia Technology, vol. 4, pp. 119-128, 2012.
B. M. Bidgoli, M. Analoui, M. H. Rezvani, and H. S. Shahhoseini, "Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces," in Trends in Intelligent Systems and Computer Engineering, ed: Springer, 2008, pp. 273-284.
N. B. Amor, S. Benferhat, and Z. Elouedi, "Naive bayes vs decision trees in intrusion detection systems," in Proceedings of the 2004 ACM symposium on Applied computing, 2004, pp. 420-424.
M. Panda and M. R. Patra, "A comparative study of data mining algorithms for network intrusion detection," in Emerging Trends in Engineering and Technology, 2008. ICETET'08. First International Conference on, 2008, pp. 504-507.
P. Laskov, P. Düssel, C. Schäfer, and K. Rieck, "Learning intrusion detection: supervised or unsupervised?," in Image Analysis and Processing–ICIAP 2005, ed: Springer, 2005, pp. 50-57.
A. K. Jain, M. N. Murty, and P. J. Flynn, "Data clustering: a review," ACM computing surveys (CSUR), vol. 31, pp. 264-323, 1999.
M. Jianliang, S. Haikun, and B. Ling, "The application on intrusion detection based on k-means cluster algorithm," in Information Technology and Applications, 2009. IFITA'09. International Forum on, 2009, pp. 150-152.
M. Tavallaee, E. Bagheri, W. Lu, and A. -A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009, 2009.
R. Jain, The art of computer systems performance analysis: John Wiley & Sons, 2008.
G. W. Milligan and M. C. Cooper, "A study of standardization of variables in cluster analysis," Journal of classification, vol. 5, pp. 181-204, 1988.

Index Terms

Computer Science

Information Sciences

Keywords

Data Mining Network Intrusion Detection Zero-day Attacks Identifying Supervised Learning Anomaly Detection