Improving intrusion detection for better anomaly detection based on x-means clustering and multi-layer perceptron classification

Due to excessive usage of network communication through the Internet with sensitive data in recent years, providing competent security medium to secure this data has become the most matters to be considered. One of the significant security mediums is an Intrusion Detection System (IDS) which o...

Full description

Saved in:
Bibliographic Details
Main Author: Abbas, Borkan Ahmed
Format: Thesis
Language:English
Published: 2016
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/66741/1/FSKTM%202016%2028%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Due to excessive usage of network communication through the Internet with sensitive data in recent years, providing competent security medium to secure this data has become the most matters to be considered. One of the significant security mediums is an Intrusion Detection System (IDS) which offers anomaly detection with the proficiency to recognize unforeseen attacks. An IDSs should provide high accuracy, detection rates and low false alarm rate, but yet the majority of previous IDSs approaches suffered from the average rate of accuracy and detection as well as with high rate of false alarm .To enhance the capability of IDS, this thesis proposed a new hybrid machine learning approach based on X-Means and Multilayer perceptron called XM-MLP. X-Means used to cluster the data according to its behavior while multilayer perceptron (MLP) Neural Network classify those data into correct categories i.e. attack or normal. ISCX 2012 benchmark dataset has applied to evaluate the proposed hybrid approach against single MLP classifier and previous hybrid approaches such as KM-MLP, XM-1R and XM-NB where the core detection method is based on clustering or classification technique. The performance of the proposed hybrid approach achieves better result from a single MLP classifier and other hybrid approaches in term of accuracy, detection and false alarm rate.