CFP last date
20 March 2024
Reseach Article

A Cluster based Hybrid Framework for Network Intrusion Detection

by Nusrat Mojumder, Md. Shahabub Alam, Mehtaz Afsana Borsha, Md. Mehedi Islam Khandaker, Syeda Shabanam Hasan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 172 - Number 1
Year of Publication: 2017
Authors: Nusrat Mojumder, Md. Shahabub Alam, Mehtaz Afsana Borsha, Md. Mehedi Islam Khandaker, Syeda Shabanam Hasan
10.5120/ijca2017915058

Nusrat Mojumder, Md. Shahabub Alam, Mehtaz Afsana Borsha, Md. Mehedi Islam Khandaker, Syeda Shabanam Hasan . A Cluster based Hybrid Framework for Network Intrusion Detection. International Journal of Computer Applications. 172, 1 ( Aug 2017), 23-29. DOI=10.5120/ijca2017915058

@article{ 10.5120/ijca2017915058,
author = { Nusrat Mojumder, Md. Shahabub Alam, Mehtaz Afsana Borsha, Md. Mehedi Islam Khandaker, Syeda Shabanam Hasan },
title = { A Cluster based Hybrid Framework for Network Intrusion Detection },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2017 },
volume = { 172 },
number = { 1 },
month = { Aug },
year = { 2017 },
issn = { 0975-8887 },
pages = { 23-29 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume172/number1/28216-2017915058/ },
doi = { 10.5120/ijca2017915058 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:19:11.002364+05:30
%A Nusrat Mojumder
%A Md. Shahabub Alam
%A Mehtaz Afsana Borsha
%A Md. Mehedi Islam Khandaker
%A Syeda Shabanam Hasan
%T A Cluster based Hybrid Framework for Network Intrusion Detection
%J International Journal of Computer Applications
%@ 0975-8887
%V 172
%N 1
%P 23-29
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the rise in storage and manipulation of sensitive data over networks and the colossal growth of network-based-services, security of network systems is being increasingly threatened. The necessity to create an efficient intrusion detection mechanism to detect cutting-edge cyber-attacks has become a daunting task for both the research community and the network industry. Various state-of-the-art methods have been employed in regards to solving this issues, Data-Mining being one of the most effective approaches. However, the generalization ability of individual data mining algorithms has limitations, and hence detecting complex attacks remains a daunting task. In such a context, this paper presents a novel hybrid technique based on the combination of both clustering and classification data mining approaches for developing an effective network intrusion detection system (NIDS) with increased accuracy and reduced false alarm rate. The models are trained and tested using the NSL-KDD intrusion detection dataset and information gain based feature reduction is used. In the result, a comparative study between different data mining classification methods after clustering is presented. Finally, it is experimentally prove that the proposed method is considerably more effective compared to some contemporary hybrid intelligence approaches.

References
  1. Anderson, J. (1980). Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Co., Fort Washington, PA.
  2. Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. Booz-Allen and Hamilton Inc Mclean Va.
  3. Akbar, S., Rao, K. N., & Chandulal, J. A. (2010). Intrusion detection system methodologies based on data analysis. International Journal of Computer Applications, 5(2), 10-20.
  4. Debar, H., Dacier, M., & Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8), 805-822.
  5. Zhang, J., Zulkernine, M., & Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5), 649-659.
  6. Huang, J. Z., Xu, J., Ng, M., & Ye, Y. (2008). Weighting method for feature selection in k-means. Computational Methods of feature selection, 193-209.
  7. NSL-KDD dataset http://nsl.cs.unb.ca/NSL-KDD/ Last Visited: May 2016
  8. Ashoor, A. S., & Gore, S. (2011). Importance of intrusion detection system (IDS). International Journal of Scientific and Engineering Research, 2(1), 1-4.
  9. Elbasiony, R. M., Sallam, E. A., Eltobely, T. E., & Fahmy, M. M. (2013). A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Engineering Journal, 4(4), 753-762.
  10. Md Tahir, H., Hasan, W., Md Said, A., Zakaria, N. H., Katuk, N., Kabir, N. F., Md Omar, H., Ghazali, O. & Yahya, N. I. (2015). Hybrid machine learning technique for intrusion detection system. 5th International Conference on Computing and Informatics (ICOCI).
  11. Laftah Al-Yaseen, W., Ali Othman, Z., & Ahmad Nazri, M. Z. (2015). Hybrid Modified-Means with C4. 5 for Intrusion Detection Systems in Multiagent Systems. The Scientific World Journal, 2015.
  12. Chahal, J. K., & Kaur, A. (2016). A Hybrid Approach based on Classification and Clustering for Intrusion Detection System. IJMSC-International Journal of Mathematical Sciences and Computing (IJMSC), 2(4), 34.
  13. Muda, Z., Yassin, W., Sulaiman, M. N., & Udzir, N. I. (2011, July). Intrusion detection based on K-Means clustering and Naïve Bayes classification. In Information Technology in Asia (CITA 11), 2011 7th International Conference on (pp. 1-6). IEEE.
  14. Li, Z., Li, Y., & Xu, L. (2011, September). Anomaly intrusion detection method based on k-means clustering algorithm with particle swarm optimization. In Information Technology, Computer Engineering and Management Sciences (ICM), 2011 International Conference on (Vol. 2, pp. 157-161). IEEE.
  15. Bisen, M., & Dubey, A. (2015). An Intrusion Detection System Based On Support Vector Machine Using Hierarchical Clustering and Genetic Algorithm. The SIJ Transactions on Computer Science Engineering & its Applications (CSEA), 3(1).
  16. Peddabachigari, S., Abraham, A., Grosan, C., & Thomas, J. (2007). Modeling intrusion detection system using hybrid intelligent systems. Journal of network and computer applications, 30(1), 114-132.
  17. Farid, D. M., Harbi, N., Bahri, E., Rahman, M. Z., & Rahman, C. M. (2010). Attacks classification in adaptive intrusion detection using decision tree. World Academy of Science, Engineering and Technology, 63, 86-90.
  18. Juma, S., MUDA, Z., Mohamed, M. A., & YASSIN, W. (2015). Machine Learning Techniques for Intrusion Detection System: A Review. Journal of Theoretical & Applied Information Technology, 72(3).
  19. Golmah, V. (2014). An efficient hybrid intrusion detection system based on C5. 0 and SVM. International Journal of Database Theory and Application, 7(2), 59-70.
  20. Sagale, A. D., & Kale, S. G. (2014). Combining Naive Bayesian and support vector machine for intrusion detection system. IJCAT International Journal of Computing and Technology, 1(3).
  21. Elkan, C. (2003). Using the triangle inequality to accelerate k-means. In Proceedings of the 20th International Conference on Machine Learning (ICML-03) (pp. 147-153).
  22. Vapnik, V. N., & Kotz, S. (1982). Estimation of dependences based on empirical data (Vol. 40). New York: Springer-Verlag.
  23. Rokach, L., & Maimon, O. (2014). Data mining with decision trees: theory and applications. World scientific.
  24. Breiman, L. (2001). Random forests. Machine learning, 45(1), 5-32.
  25. Ho, T. K. (1995, August). Random decision forests. In Document Analysis and Recognition, 1995. Proceedings of the Third International Conference on (Vol. 1, pp. 278-282). IEEE.
  26. Subaira, A. S., & Anitha, P. (2014, January). Efficient classification mechanism for network intrusion detection system based on data mining techniques: a survey. In Intelligent Systems and Control (ISCO), 2014 IEEE 8th International Conference on (pp. 274-280). IEEE.
  27. Tribak, H., Delgado-Marquez, B. L., Rojas, P., Valenzuela, O., Pomares, H., & Rojas, I. (2012, May). Statistical analysis of different artificial intelligent techniques applied to Intrusion Detection System. In Multimedia Computing and Systems (ICMCS), 2012 International Conference on (pp. 434-440). IEEE.
  28. Baig, Z. A., Shaheen, A. S., & AbdelAal, R. (2011). One-dependence estimators for accurate detection of anomalous network traffic. International Journal for Information Security Research (IJISR), 1(4), 202-210.
  29. Koller, D., & Sahami, M. (1996). Toward optimal feature selection. Stanford InfoLab.
  30. Information gain in decision trees https://en.wikipedia.org/wiki/Information_gain_in_decision_trees Last Visited: November 2016
  31. NSL-KDD dataset http://nsl.cs.unb.ca/NSL-KDD/ Last Visited: May 2016
  32. Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009, July). A detailed analysis of the KDD CUP 99 data set. In Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on (pp. 1-6). IEEE.
  33. Dhanabal, L., & Shantharajah, S. P. (2015). A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6), 446-452.
  34. Govindarajan, M. (2014). Hybrid intrusion detection using ensemble of classification methods. International Journal of Computer Network and Information Security, 6(2), 45.
  35. Yassin, W., Udzir, N. I., Muda, Z., & Sulaiman, M. N. (2013, August). Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In Proc. 4th Int. Conf. Comput. Informatics, ICOCI (No. 49, pp. 298-303).
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Detection Network Security Data Mining Feature Selection NSL-KDD Information Gain K-means clustering Naïve Bayes K-nearest-neighbor Decision Tree Support Vector Machine Random Forest.