Practical real-time intrusion detection using machine learning approaches

被引:173
作者
Sangkatsanee, Phurivit [1 ]
Wattanapongsakorn, Naruemon [1 ]
Charnsripinyo, Chalermpol [2 ]
机构
[1] King Mongkuts Univ Technol Thonburi, Fac Engn, Dept Comp Engn, Bangkok 10140, Thailand
[2] Natl Elect & Comp Technol Ctr, Klongluang 12120, Pathumthani, Thailand
关键词
Network intrusion detection; Machine learning; Denial of Service; Probe;
D O I
10.1016/j.comcom.2011.07.001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
080201 [机械制造及其自动化];
摘要
The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system. (C) 2011 Elsevier B.V. All rights reserved.
引用
收藏
页码:2227 / 2235
页数:9
相关论文
共 27 条
[1]
Abraham A, 2005, STUD COMP INTELL, V4, P191
[2]
RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks [J].
Amini, Morteza ;
Jalili, Rasool ;
Shahriari, Hamid Reza .
COMPUTERS & SECURITY, 2006, 25 (06) :459-468
[3]
[Anonymous], WEKA 3 6 0 TOOLS
[4]
[Anonymous], 2010, P INT C WORKSH EM TR, DOI [10.1145/1741906.1741914, DOI 10.1145/1741906.1741914]
[5]
[Anonymous], PROCESS EXPLORER TOO
[6]
[Anonymous], JPCAP LIB
[7]
[Anonymous], 2002, PROC ITC CSCC
[8]
An efficient network intrusion detection [J].
Chen, Chia-Mei ;
Chen, Ya-Lin ;
Lin, Hsiao-Chung .
COMPUTER COMMUNICATIONS, 2010, 33 (04) :477-484
[9]
Network intrusion detection: Evaluating cluster, discriminant, and logit analysis [J].
Katos, Vasilios .
INFORMATION SCIENCES, 2007, 177 (15) :3060-3073
[10]
Labib K., 2002, NETWORKS SECURITY