A New Model For Network-Based Intrusion Prevention System Inspired By Apoptosis

The burgeoning growth of cyber-attacks, which have become more difficult to confine, has made intrusions much harder to detect and prevent. The development of technology has gradually encouraged the advent of more sophisticated intrusions, which generally cause the loss of critical data, time and...

Full description

Saved in:
Bibliographic Details
Main Author: Mohammed Nadir bin Ali
Format: Thesis
Language:English
Subjects:
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The burgeoning growth of cyber-attacks, which have become more difficult to confine, has made intrusions much harder to detect and prevent. The development of technology has gradually encouraged the advent of more sophisticated intrusions, which generally cause the loss of critical data, time and money, security breaches, damage to software and hardware, the halt of normal operations, and damage to company reputation. In existing Intrusion Prevention Systems (IPSs), there is a high false positive rate, lack of conditional signature competence and inadequate standard intrusion classification to identify an intrusion. Therefore, there is a need for a new intrusion classification and an intrusion prevention model. Hence, this study aims to develop a new intrusion classification, and an enhanced model called the Network-based Intrusion Prevention System inspired by Apoptosis (NIPSA), by applying the conditional technique and apoptosis with the aim to achieve a better accuracy rate. The NIPSA model consists of the NIPSA Knowledge Discovery in Databases (KDD), the NIPSA intrusion classification, and the NIPSA intrusion apoptosis algorithm. Apoptosis is adapted from the human immunology system, a concept that has been integrated into the NIPSA model. Moreover, security metrics have been applied to assign weight and severity ranks and values, which act as input to trigger apoptosis. The CICIDS2017 dataset is used in this study, where the size of the training dataset and the testing dataset are 1183 and 788, respectively. The WEKA software was used to process the experimental data. Then, the proposed model in this study was evaluated by simulating it in WEKA using five different classification algorithms (SMO, J48, IBk, BayesNet, and Naïve-Bayes). The NIPSA model of intrusion classification based on the SMO algorithm produced results with an overall accuracy rate of 98.86%, 0.3% false positive rate, and 1.1% false negative rate. This result has been compared with a previous study and showed an improvement in false positive rate and false negative rate of 0.8% and 3.7%, respectively. As for the prevention part, an overall accuracy rate of 95.43% has been achieved by applying apoptosis to the proposed model. The results of this study could serve as a benchmark against future works in this field.