Anomaly intrusion detection system using immune network with reduced network traffic features
Intrusion Detection Systems (IDS) are developed to be the defense against these security threats. Current signature based IDS like firewalls and anti viruses, which rely on labeled training data, generally can not detect novel attacks. A method that offers a promise to solve this problem is the anom...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2010
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/11367/6/MuradAbdoRassamMFSKSM2010.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.11367 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.113672017-09-28T03:21:18Z Anomaly intrusion detection system using immune network with reduced network traffic features 2010-04 Qasem, Murad Abdo Rassam QA75 Electronic computers. Computer science Intrusion Detection Systems (IDS) are developed to be the defense against these security threats. Current signature based IDS like firewalls and anti viruses, which rely on labeled training data, generally can not detect novel attacks. A method that offers a promise to solve this problem is the anomaly based IDS. Literature has shown that direction towards reducing false positive rate and thus enhancing the detection rate and speed have shifted from accurate machine learning classifiers to the adaptive models like bio-inspired models. Consequently, this study has been introduced to enhance the detection rate and speed up the detection process by reducing the network traffic features. Moreover, it aimed to investigate the implementation of the bio-inspired Immune Network approach for clustering different kinds of attacks. This approach aimed at enhancing the detection rate of novel attacks and thus decreasing the high false positive rate in IDS. Rough Set method was applied to reduce the dimension of KDD CUP ’99 dataset which used by this study and select only the features that best represent all kinds of attacks. Immune Network clustering was then applied using aiNet algorithm in order to cluster normal data from attacks in the testing dataset. The results revealed that detection rate and speed were enhanced by using only the most significant features. Furthermore, it was found that Immune Network clustering method is robust in detecting novel attacks in the test dataset. The principal conclusion was that IDS is enhanced by the use of significant network traffic features besides the implementation of the Immune Network clustering to detect novel attacks. 2010-04 Thesis http://eprints.utm.my/id/eprint/11367/ http://eprints.utm.my/id/eprint/11367/6/MuradAbdoRassamMFSKSM2010.pdf application/pdf en public masters Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems Faculty of Computer Science and Information System |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| language |
English |
| topic |
QA75 Electronic computers Computer science |
| spellingShingle |
QA75 Electronic computers Computer science Qasem, Murad Abdo Rassam Anomaly intrusion detection system using immune network with reduced network traffic features |
| description |
Intrusion Detection Systems (IDS) are developed to be the defense against these security threats. Current signature based IDS like firewalls and anti viruses, which rely on labeled training data, generally can not detect novel attacks. A method that offers a promise to solve this problem is the anomaly based IDS. Literature has shown that direction towards reducing false positive rate and thus enhancing the detection rate and speed have shifted from accurate machine learning classifiers to the adaptive models like bio-inspired models. Consequently, this study has been introduced to enhance the detection rate and speed up the detection process by reducing the network traffic features. Moreover, it aimed to investigate the implementation of the bio-inspired Immune Network approach for clustering different kinds of attacks. This approach aimed at enhancing the detection rate of novel attacks and thus decreasing the high false positive rate in IDS. Rough Set method was applied to reduce the dimension of KDD CUP ’99 dataset which used by this study and select only the features that best represent all kinds of attacks. Immune Network clustering was then applied using aiNet algorithm in order to cluster normal data from attacks in the testing dataset. The results revealed that detection rate and speed were enhanced by using only the most significant features. Furthermore, it was found that Immune Network clustering method is robust in detecting novel attacks in the test dataset. The principal conclusion was that IDS is enhanced by the use of significant network traffic features besides the implementation of the Immune Network clustering to detect novel attacks. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Qasem, Murad Abdo Rassam |
| author_facet |
Qasem, Murad Abdo Rassam |
| author_sort |
Qasem, Murad Abdo Rassam |
| title |
Anomaly intrusion detection system using immune network with reduced network traffic features |
| title_short |
Anomaly intrusion detection system using immune network with reduced network traffic features |
| title_full |
Anomaly intrusion detection system using immune network with reduced network traffic features |
| title_fullStr |
Anomaly intrusion detection system using immune network with reduced network traffic features |
| title_full_unstemmed |
Anomaly intrusion detection system using immune network with reduced network traffic features |
| title_sort |
anomaly intrusion detection system using immune network with reduced network traffic features |
| granting_institution |
Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems |
| granting_department |
Faculty of Computer Science and Information System |
| publishDate |
2010 |
| url |
http://eprints.utm.my/id/eprint/11367/6/MuradAbdoRassamMFSKSM2010.pdf |
| _version_ |
1747814845097443328 |