A DISTANCE BASED ALGORITHM FOR NETWORK ANOMALY DETECTION USING INITIAL CLASSIFICATION OF ‘PROTOCOL TYPE’ ATTRIBUTE

Article Sidebar

PDF
Published: Aug 28, 2017
DOI: https://doi.org/10.26483/ijarcs.v8i7.4390
Keywords:
Anomaly Detection, KYOTO 2006 Dataset, classification, norm, protocol type, network security

Main Article Content

D Ashok Kumar
Associate Professor, Department of Computer Science Government Arts College, Thuvakudimalai, Tiruchirappalli, India
SR Venugopalan
Information and Computing technologies Aeronautical Development Agency PB No.1718, Vimanapura Post, Bangalore

Abstract

With the increased use of Internet and Internet of Things (IoT), data is being shared/generated instantaneously between/by various devices that range from small sensors to various appliances. Though this offers lots of tangible benefits, there are certain concerns such as the requirement of faster networks, higher bandwidth and huge storage etc., are there and the major concern is security of the data. The rate of information generation/exchange has increased the significance secure networks. As the network speed and bandwidth are ever increasing, Anomaly detection has attracted the attention of researchers to overcome the difficulties faced in signature based intrusion detection where detecting new attacks are not possible and the other factors which affect intrusion detection such as detection rate and the time required to detect intrusions. In this study a novel algorithm for network anomaly detection based on distance and initial classification of data based on 'protocol type' is proposed. The algorithm is tested with Kyoto University's 2006+ Benchmark dataset (new version of data). The results of the proposed algorithm outperform all the known/commonly used classification algorithms with respect to Detection Rate, False Alarm Rate, Recall and F-score.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 8 No. 7 (2017): July-August 2017
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.

References

D. Ashok Kumar & S.R. Venugopalan, “Intrusion detection by initial classification-based on protocol type,†Int. J. Advanced Intelligence Paradigms, Vol. 9(2/3), pp. 122-138, 2017

D. Ashok Kumar & S.R. Venugopalan , “A Novel algorithm for Network Anomaly Detection using Adaptive Machine Learning,†In Advanced Computing and Intelligent Technologies (ICACIE 16), December 2016.

The UCI KDD Archive: KDD Cup 1999 Data, Information and Computer ScienceUniversity of California, Irvine, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999). Accessed 2 February 2014.

Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D. and Nakao, K., “Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation,†In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29-36, April 2011.

Ammar, A., “Comparison of Feature Reduction Techniques for the Binominal Classification of Network Traffic,†Journal of Data Analysis and Information Processing, Vol. 3(02),2005, pp.11.

Davidson, D., Smith, R., Doyle, N. and Jha, S., “September. Protocol normalization using attribute grammars,†In European Symposium on Research in Computer Security, Springer Berlin Heidelberg Sep 2009, pp. 216-231.

Ihsan, Z., Idris, M. Y., & Abdullah, A. H.. “Attribute Normalization Techniques and Performance of Intrusion Classifiers: A Comparative Analysis,†Life Science Journal, Vol. 10(4), 2013.

WEKA: Waikato Environment for Knowledge Analysis: Software for machine learning, The University of Waikato, Hamilton, New-Zealand

Kyoto 2006+ New version data (Unvailed on Apr. 2017) [with IP addresses (sanitized), with Bro 2.4], http://www.takakura.com/Kyoto_data/new_data201704/ accessed on 02/06/2017.

Chavez, A., Hamlet, J., Lee, E., Martin, M. and Stout, W.,.†Network randomization and dynamic defense for critical infrastructure systems,†Sandia National Laboratories Report—SAND2015-3324, 277 p.13 April 2015.

Wang, Yun, .Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection: Modern Statistically-Based Intrusion Detection and Protection. IGI Global, 2008.

https://www.sans.org/reading-room/whitepapers/detection/intruion-detection-systemsdefinition-chaallenges-343. accessed on 06-01-2016

Panda, M. and Patra, M.R., “Network intrusion detection using naive bayes,†International journal of computer science and network security, Vol. 7(12), 2007, pp.258-263.

Hussein, S. M., Ali, F. H. M., & Kasiran, Z.. “Evaluation effectiveness of hybrid IDs using snort with naive Bayes to detect attacks,†In Digital Information and Communication Technology and it's Applications (DICTAP), Second International Conference, pp. 256-260. IEEE, May 2012.

Brar, R., & Sharma, N., “A Novel Density Based K-Means Clustering Algorithm for Intrusion Detection,â€. Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org,Vol. 3(3), 2015.