A New Model For Network-Based Intrusion Prevention System Inspired By Apoptosis
The burgeoning growth of cyber-attacks, which have become more difficult to confine, has made intrusions much harder to detect and prevent. The development of technology has gradually encouraged the advent of more sophisticated intrusions, which generally cause the loss of critical data, time and...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Subjects: | |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The burgeoning growth of cyber-attacks, which have become more difficult to confine,
has made intrusions much harder to detect and prevent. The development of technology
has gradually encouraged the advent of more sophisticated intrusions, which generally
cause the loss of critical data, time and money, security breaches, damage to software
and hardware, the halt of normal operations, and damage to company reputation. In
existing Intrusion Prevention Systems (IPSs), there is a high false positive rate, lack of
conditional signature competence and inadequate standard intrusion classification to
identify an intrusion. Therefore, there is a need for a new intrusion classification and an
intrusion prevention model. Hence, this study aims to develop a new intrusion
classification, and an enhanced model called the Network-based Intrusion Prevention
System inspired by Apoptosis (NIPSA), by applying the conditional technique and
apoptosis with the aim to achieve a better accuracy rate. The NIPSA model consists of
the NIPSA Knowledge Discovery in Databases (KDD), the NIPSA intrusion
classification, and the NIPSA intrusion apoptosis algorithm. Apoptosis is adapted from
the human immunology system, a concept that has been integrated into the NIPSA
model. Moreover, security metrics have been applied to assign weight and severity
ranks and values, which act as input to trigger apoptosis. The CICIDS2017 dataset is
used in this study, where the size of the training dataset and the testing dataset are 1183
and 788, respectively. The WEKA software was used to process the experimental data.
Then, the proposed model in this study was evaluated by simulating it in WEKA using
five different classification algorithms (SMO, J48, IBk, BayesNet, and Naïve-Bayes).
The NIPSA model of intrusion classification based on the SMO algorithm produced
results with an overall accuracy rate of 98.86%, 0.3% false positive rate, and 1.1% false
negative rate. This result has been compared with a previous study and showed an
improvement in false positive rate and false negative rate of 0.8% and 3.7%,
respectively. As for the prevention part, an overall accuracy rate of 95.43% has been
achieved by applying apoptosis to the proposed model. The results of this study could
serve as a benchmark against future works in this field. |
---|