TY - GEN
T1 - Using Quality Threshold distance to detect intrusion in TCP/IP network
AU - Gervais, Hatungimana
AU - Munif, Abdul
AU - Ahmad, Tohari
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2017/4/21
Y1 - 2017/4/21
N2 - False positive rate is the main shortcoming for anomaly-based network intrusion detection systems. Many approaches have been proposed with dominating machine learning and artificial intelligence techniques or its combination. High false positive rate is due to being more general while designing detection model. Rule-based network intrusion detection systems lack high false positive rate if any, because rules are tighter to individually known type of attack. Although anomaly-based network intrusion detection systems do not need prior knowledge of attack, it is still possible to imitate some rule-based specificity at certain level while designing detection model in order to reduce the false positive rate. The specificity being handled in this paper is the design of network intrusion detection system for TCP/IP network traffic. Then we propose a method to prepare quality clusters to build a network intrusion detection model. It has been surveyed that some research did not bring contribution to network based intrusion detection systems due to improperly preprocessed data especially during feature selection. In this paper, we propose an attribute selection method with basic TCP network features only. By doing so, the experiment confirms the false positive rate (0.2%) and maintains overall system accuracy (99.6 %).
AB - False positive rate is the main shortcoming for anomaly-based network intrusion detection systems. Many approaches have been proposed with dominating machine learning and artificial intelligence techniques or its combination. High false positive rate is due to being more general while designing detection model. Rule-based network intrusion detection systems lack high false positive rate if any, because rules are tighter to individually known type of attack. Although anomaly-based network intrusion detection systems do not need prior knowledge of attack, it is still possible to imitate some rule-based specificity at certain level while designing detection model in order to reduce the false positive rate. The specificity being handled in this paper is the design of network intrusion detection system for TCP/IP network traffic. Then we propose a method to prepare quality clusters to build a network intrusion detection model. It has been surveyed that some research did not bring contribution to network based intrusion detection systems due to improperly preprocessed data especially during feature selection. In this paper, we propose an attribute selection method with basic TCP network features only. By doing so, the experiment confirms the false positive rate (0.2%) and maintains overall system accuracy (99.6 %).
KW - clustering
KW - information security
KW - intrusion detection system
KW - network security
KW - network-based IDS
UR - http://www.scopus.com/inward/record.url?scp=85019198392&partnerID=8YFLogxK
U2 - 10.1109/COMNETSAT.2016.7907421
DO - 10.1109/COMNETSAT.2016.7907421
M3 - Conference contribution
AN - SCOPUS:85019198392
T3 - 2016 IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016 - Proceedings
SP - 80
EP - 84
BT - 2016 IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th IEEE International Conference on Communication, Network, and Satellite, COMNETSAT 2016
Y2 - 8 December 2016 through 10 December 2016
ER -