Call for Paper - November 2023 Edition
IJCA solicits original research papers for the November 2023 Edition. Last date of manuscript submission is October 20, 2023. Read More

Performance Evaluation of Attack Detection Algorithms using Improved Hybrid IDS with Online Captured Data

Print
PDF
 
Download Full Text
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 146 - Number 8
Year of Publication: 2016
Authors:
Vinita R. Shewale, Hitendra D. Patil
10.5120/ijca2016910839

Vinita R Shewale and Hitendra D Patil. Performance Evaluation of Attack Detection Algorithms using Improved Hybrid IDS with Online Captured Data. International Journal of Computer Applications 146(8):35-40, July 2016. BibTeX

@article{10.5120/ijca2016910839,
	author = {Vinita R. Shewale and Hitendra D. Patil},
	title = {Performance Evaluation of Attack Detection Algorithms using Improved Hybrid IDS with Online Captured Data},
	journal = {International Journal of Computer Applications},
	issue_date = {July 2016},
	volume = {146},
	number = {8},
	month = {Jul},
	year = {2016},
	issn = {0975-8887},
	pages = {35-40},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume146/number8/25421-2016910839},
	doi = {10.5120/ijca2016910839},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

The role of Intrusion Detection System (IDS) is having a very essential role in network Security. As the need of internet is increasing day by day, the importance of security is also increasing. A traditional intrusion detection technology indicates the limitations like low detection rate, high false alarm rate and so on. Performance of the classifier is a necessary concern in terms of its effectiveness; also number of feature to be examined by the IDS should be improved. In this, hybrid IDS is applied using Snort with J48 Graft Decision tree algorithm, J48 Graft Decision tree with Pruning using feature selection and Naïve Bayes algorithm. In J48 Graft Decision tree with pruning, only discrete value attributes for classification are considered and for Naive Bayes redundant records are removed with feature selection. KDDCup’99 dataset is used to train and test the classifier. The performance of the classifiers is also tested on dataset created by capturing online packets which classifies packet as either normal or anomaly. Results and analyses show that, J48 Graft decision tree with pruning and Naive Bayes approach is giving better results with enhanced accuracy than existing classification techniques.

References

  1. S. Hussein, F. Ali and Z. Kasiran, "Evaluation Effectiveness of hybrid IDS Using Snort with Naive Bayes to Detect Attacks," Digital Information and Communication Technology and its Applications (DICTAP), pp. 256-260, 2012.
  2. J. Marin, D. Ragsdale and J. Surdu, "A Hybrid Approach to the Profile Creation and Intrusion Detection," in DARPA Information Survivability Conference and Exposition , 2001.
  3. M. L. Shyu, S. C. Chen, K. Sarinnapakorn and L. Chang, "A novel anomaly detection scheme based on principal component classifier," in Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, Melbourne, FL, USA, 2003.
  4. M. A. Aydin, A. H. Zaim and K. G. Ceylan, "A hybrid intrusion detection system design for computer network security," Computers & Electrical Engineering, vol. 35, pp. 517-526, May 2009.
  5. C. Amza, C. Leordeanu and V. Cristea, "Hybrid Network Intrusion Detection," in IEEE International Conference on Intelligent Computer Communication and, 2011.
  6. D. J. Brown, B. Suckow and T. Wang, A Survey of Intrusion Detection Systems, Department of Computer Science, University of California, San Diego, 2002.
  7. J. Beale, A. Baker, J. Esler and S. Northcutt, Snort: IDS and IPS toolkit: Syngress Media Inc, 2007.
  8. KDDCup99 Dataset, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html1999
  9. DARPA intrusion detection evaluation, https://www.ll.mit.edu/ideval/data/1998data.html
  10. C. Thomas V. Sharma N. Balakrishnan, “Usefulness of DARPA Dataset for Intrusion Detection System Evaluation” Proceedings of SPIE, Vol. 6973, 2008.
  11. R. Chitrakar and H. Chuanhe, “Anomaly based Intrusion Detection using Hybrid Learning Approach of combining k-Medoids Clustering and Naïve Bayes Classification”, IEEE,2012.
  12. J. Han and M. Kamber, Data mining concepts and techniques, 2nd ed., Morgan Kaufmann Publishers, 2006.

Keywords

Classification Algorithms, Pruning, Anomaly Detection, Accuracy, KDD, Hybrid, Snort.