Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana

Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behaviour. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchi...

Full description

Saved in:
Bibliographic Details
Main Author: Hatungimana, Gervais
Format: Article
Language:English
Published: Universiti Teknologi MARA Press (Penerbit UiTM) 2018
Subjects:
Online Access:http://ir.uitm.edu.my/id/eprint/43252/1/43252.pdf
http://ir.uitm.edu.my/id/eprint/43252/
https://mjoc.uitm.edu.my
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Mara
Language: English
id my.uitm.ir.43252
record_format eprints
spelling my.uitm.ir.432522021-03-10T07:50:25Z http://ir.uitm.edu.my/id/eprint/43252/ Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana Hatungimana, Gervais Analysis Analytical methods used in the solution of physical problems Neural networks (Computer science) Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behaviour. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper, we propose an alternative method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper, we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.99%, 1,1 false positive rates, accuracy, precision and recall respectively for NIDS and 0%,99.61%, 0.991,0.97 false positive rates, accuracy, precision and recall respectively for HIDS Universiti Teknologi MARA Press (Penerbit UiTM) 2018 Article PeerReviewed text en http://ir.uitm.edu.my/id/eprint/43252/1/43252.pdf Hatungimana, Gervais (2018) Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana. Malaysian Journal of Computing (MJoC), 3 (2). pp. 93-107. ISSN ISSN: 2231-7473 eISSN: 2600-8238 https://mjoc.uitm.edu.my
institution Universiti Teknologi Mara
building Tun Abdul Razak Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Mara
content_source UiTM Institutional Repository
url_provider http://ir.uitm.edu.my/
language English
topic Analysis
Analytical methods used in the solution of physical problems
Neural networks (Computer science)
spellingShingle Analysis
Analytical methods used in the solution of physical problems
Neural networks (Computer science)
Hatungimana, Gervais
Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
description Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behaviour. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper, we propose an alternative method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper, we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.99%, 1,1 false positive rates, accuracy, precision and recall respectively for NIDS and 0%,99.61%, 0.991,0.97 false positive rates, accuracy, precision and recall respectively for HIDS
format Article
author Hatungimana, Gervais
author_facet Hatungimana, Gervais
author_sort Hatungimana, Gervais
title Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
title_short Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
title_full Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
title_fullStr Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
title_full_unstemmed Pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (POC2MSF) / Gervais Hatungimana
title_sort pairwise clusters optimization and cluster most significant feature methods for anomaly-based network intrusion detection system (poc2msf) / gervais hatungimana
publisher Universiti Teknologi MARA Press (Penerbit UiTM)
publishDate 2018
url http://ir.uitm.edu.my/id/eprint/43252/1/43252.pdf
http://ir.uitm.edu.my/id/eprint/43252/
https://mjoc.uitm.edu.my
_version_ 1695534661515608064