CFP last date
22 April 2024
Reseach Article

A Novel Combined Method for Network Intrusion Detection Systems Aimed at Detecting Novel Attacks

by Mohammad Mehdi Masoumi, Marzieh Ahmadzadeh, Reza Javidan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 149 - Number 5
Year of Publication: 2016
Authors: Mohammad Mehdi Masoumi, Marzieh Ahmadzadeh, Reza Javidan
10.5120/ijca2016911407

Mohammad Mehdi Masoumi, Marzieh Ahmadzadeh, Reza Javidan . A Novel Combined Method for Network Intrusion Detection Systems Aimed at Detecting Novel Attacks. International Journal of Computer Applications. 149, 5 ( Sep 2016), 50-54. DOI=10.5120/ijca2016911407

@article{ 10.5120/ijca2016911407,
author = { Mohammad Mehdi Masoumi, Marzieh Ahmadzadeh, Reza Javidan },
title = { A Novel Combined Method for Network Intrusion Detection Systems Aimed at Detecting Novel Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2016 },
volume = { 149 },
number = { 5 },
month = { Sep },
year = { 2016 },
issn = { 0975-8887 },
pages = { 50-54 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume149/number5/25997-2016911407/ },
doi = { 10.5120/ijca2016911407 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:53:57.879186+05:30
%A Mohammad Mehdi Masoumi
%A Marzieh Ahmadzadeh
%A Reza Javidan
%T A Novel Combined Method for Network Intrusion Detection Systems Aimed at Detecting Novel Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 149
%N 5
%P 50-54
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion Detection Systems are important tools in computer networks security. To date, many practical methods have been proposed using data mining techniques, however, presence of novel is not considered in most of the proposed method. As the presence of novel attacks in the real world is unavoidable, proposing methods that consider novel attacks is crucial in this area of research. In this paper, a combined method has been presented for Network Intrusion Detection Systems using K-NN and K-Means clustering algorithm. A threshold has been used for detection of novel attacks. The proposed method is superior to a hybrid method in the literature that does not consider novel attacks, in which K-means clustering algorithm and K-Nearest Neighbor(K-NN) algorithm have been combined, in terms of accuracy, detection rate, and false alarm rate.

References
  1. B. Morin and L. Mé, "Intrusion detection and virology: an analysis of differences, similarities and complementariness," Journal in computer virology, vol. 3, pp. 39-49, 2007.
  2. A. Patcha and J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer networks, vol. 51, pp. 3448-3470, 2007.
  3. S. V. Farrahi, M. K. Sarvestani, and M. Ahmadzadeh, "A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification," International Journal of Computer Applications, vol. 121, 2015.
  4. D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, "A survey of distance and similarity measures used within network intrusion anomaly detection," Communications Surveys & Tutorials, IEEE, vol. 17, pp. 70-91, 2015.
  5. S. Agrawal and J. Agrawal, "Survey on Anomaly Detection using Data Mining Techniques," Procedia Computer Science, vol. 60, pp. 708-713, 2015.
  6. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, pp. 18-28, 2009.
  7. E. Biermann, E. Cloete, and L. M. Venter, "A comparison of intrusion detection systems," Computers & Security, vol. 20, pp. 676-683, 2001.
  8. M. Ahmed, A. N. Mahmood, and J. Hu, "A survey of network anomaly detection techniques," Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.
  9. W.-C. Lin, S.-W. Ke, and C.-F. Tsai, "CANN: An intrusion detection system based on combining cluster centers and nearest neighbors," Knowledge-based systems, vol. 78, pp. 13-21, 2015.
  10. P. Laskov, P. Düssel, C. Schäfer, and K. Rieck, "Learning intrusion detection: supervised or unsupervised?," in Image Analysis and Processing–ICIAP 2005, ed: Springer, 2005, pp. 50-57.
  11. R. M. Elbasiony, E. A. Sallam, T. E. Eltobely, and M. M. Fahmy, "A hybrid network intrusion detection framework based on random forests and weighted k-means," Ain Shams Engineering Journal, vol. 4, pp. 753-762, 2013.
  12. F. Kuang, W. Xu, and S. Zhang, "A novel hybrid KPCA and SVM with GA model for intrusion detection," Applied Soft Computing, vol. 18, pp. 178-184, 2014.
  13. Z. Muda, W. Yassin, M. Sulaiman, and N. I. Udzir, "A K-Means and Naive Bayes learning approach for better intrusion detection," Information technology journal, vol. 10, pp. 648-655, 2011.
  14. Z. Muda, W. Yassin, M. Sulaiman, and N. Udzir, "Intrusion detection based on K-Means clustering and Naïve Bayes classification," in Information Technology in Asia (CITA 11), 2011 7th International Conference on, 2011, pp. 1-6.
  15. S. K. Sharma, P. Pandey, S. K. Tiwari, and M. S. Sisodia, "An improved network intrusion detection technique based on k-means clustering via Naïve bayes classification," in Advances in Engineering, Science and Management (ICAESM), 2012 International Conference on, 2012, pp. 417-422.
  16. Z. Muda, W. Yassin, M. N. Sulaiman, and N. I. Udzir, "Intrusion detection based on k-means clustering and OneR classification," in Information Assurance and Security (IAS), 2011 7th International Conference on, 2011, pp. 192-197.
  17. Y. Yasami and S. P. Mozaffari, "A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods," The Journal of Supercomputing, vol. 53, pp. 231-245, 2010.
  18. S. V. Farrahi and M. Ahmadzadeh, "KCMC: A Hybrid Learning Approach for Network Intrusion Detection using K-means Clustering and Multiple Classifiers," International Journal of Computer Applications, vol. 124, 2015.
  19. J. Zhang and M. Zulkernine, "A hybrid network intrusion detection technique using random forests," in Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on, 2006, p. 8 pp.
  20. M. Tavallaee, E. Bagheri, W. Lu, and A.-A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009, 2009.
  21. H. NASOOTI, M. AHMADZADEH, M. KESHTGARY, and S. VAHID, "The Impact of Distance Metrics on K-means Clustering Algorithm Using in Network Intrusion Detection Data."
  22. G. W. Milligan and M. C. Cooper, "A study of standardization of variables in cluster analysis," Journal of classification, vol. 5, pp. 181-204, 1988.
  23. V. Rampure and A. Tiwari, "A Rough Set Based Feature Selection on KDD CUP 99 Data Set," International Journal of Database Theory and Application, vol. 8, pp. 149-156, 2015.
  24. R. Jain, The art of computer systems performance analysis: John Wiley & Sons, 2008.
Index Terms

Computer Science
Information Sciences

Keywords

Network Intrusion Detection Hybrid Learning Network Security Data Mining