Using Quality Threshold distance to detect intrusion in TCP/IP network

Hatungimana Gervais, Abdul Munif, Tohari Ahmad

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

False positive rate is the main shortcoming for anomaly-based network intrusion detection systems. Many approaches have been proposed with dominating machine learning and artificial intelligence techniques or its combination. High false positive rate is due to being more general while designing detection model. Rule-based network intrusion detection systems lack high false positive rate if any, because rules are tighter to individually known type of attack. Although anomaly-based network intrusion detection systems do not need prior knowledge of attack, it is still possible to imitate some rule-based specificity at certain level while designing detection model in order to reduce the false positive rate. The specificity being handled in this paper is the design of network intrusion detection system for TCP/IP network traffic. Then we propose a method to prepare quality clusters to build a network intrusion detection model. It has been surveyed that some research did not bring contribution to network based intrusion detection systems due to improperly preprocessed data especially during feature selection. In this paper, we propose an attribute selection method with basic TCP network features only. By doing so, the experiment confirms the false positive rate (0.2%) and maintains overall system accuracy (99.6 %).

Original languageEnglish
Title of host publication2016 IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages80-84
Number of pages5
ISBN (Electronic)9781509054466
DOIs
Publication statusPublished - 21 Apr 2017
Event5th IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016 - Surabaya, Indonesia
Duration: 8 Dec 201610 Dec 2016

Publication series

Name2016 IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016 - Proceedings

Conference

Conference5th IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016
Country/TerritoryIndonesia
CitySurabaya
Period8/12/1610/12/16

Keywords

  • clustering
  • information security
  • intrusion detection system
  • network security
  • network-based IDS

Fingerprint

Dive into the research topics of 'Using Quality Threshold distance to detect intrusion in TCP/IP network'. Together they form a unique fingerprint.

Cite this