Raman Singh

An intrusion detection system using network traffic profiling and online sequential extreme learning machine

Alpha profiling reduces the number of comparisons by 85.76%.Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.Beta profiling is used to reduce the size of training dataset by 7.83%.Network traffic profiling and feature selection reduce space and time complexity.Accuracy of 98.66% and false positive rate of 1.74% are achieved in 2.43 s. Anomaly based Intrusion Detection Systems (IDS) learn normal and anomalous behavior by analyzing network traffic in various benchmark datasets. Common challenges for IDSs are large amounts of data to process, low detection rates and high rates of false alarms. In this paper, a technique based on the Online Sequential Extreme Learning Machine (OS-ELM) is presented for intrusion detection. The proposed technique uses alpha profiling to reduce the time complexity while irrelevant features are discarded using an ensemble of Filtered, Correlation and Consistency based feature selection techniques. Instead of sampling, beta profiling is used to reduce the size of the training dataset. For performance evaluation of proposed technique the standard NSL-KDD 2009 (Network Security Laboratory-Knowledge Discovery and Data Mining) dataset is used. In this paper time and space complexity of the proposed technique is also discussed. The experimental results yielded an accuracy of 98.66% with a false positive rate of 1.74% and a detection time of 2.43 s for binary class NSL-KDD dataset. The proposed IDS achieve 97.67% of accuracy with 1.74% of false positive rate in 2.65 s of detection time for multi-class NSL-KDD dataset. The Kyoto University benchmark dataset is also used to test the proposed IDS. Accuracy of 96.37% with false positive rate of 5.76% is yielded by the proposed technique. The proposed technique outperforms other published techniques in terms of accuracy, false positive rate and detection time. Based on the experimental results achieved, we conclude that the proposed technique is an efficient method for network intrusion detection.

Analysis of Feature Selection Techniques for Network Traffic Dataset

Time taken by Intrusion Detection System (IDS) in order to detect malwares is very crucial factor. Network traffic dataset have many features and all may not contribute in detection of threats. Rejecting irrelevant features may increase performance of IDS by reducing computational time. In this paper, feature selection techniques based on Gain ratio attribute, Correlation feature selection, Chi Squared attribute, Consistency subset, Filtered attribute, Filtered subset, Information gain attribute, One RA attribute and Symmetrical Uncert attribute evaluation are tested on three classifiers (Naïve Bayes, J48 and PART) by using Weka data mining and machine learning tool on UCI KDD CUP 1999 network traffic dataset. The feature selection methods are analyzed on parameters like accuracy, number of features selected out of total features, time taken, TP rate and FP rate. The result shows that almost same level of accuracy can be achieved by reducing number of features considerably which also takes less computational time to detect threats. Filtered subset evaluation comes out to be best technique which suggests only 17.07 % of total features. Hence it is proposed that reduced number of features should be used in IDS for the quick detection of threats.

Internet attacks and intrusion detection system: A review of the literature

Purpose The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research. Design/methodology/approach The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions. Findings The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks. Originality/value This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.

SAMPLING BASED APPROACHES TO HANDLE IMBALANCES IN NETWORK TRAFFIC DATASET FOR MACHINE LEARNING TECHNIQUES

Network traffic data is huge, varying and imbalanced because various classes are not equally distributed. Machine learning (ML) algorithms for traffic analysis uses the samples from this data to recommend the actions to be taken by the network administrators as well as training. Due to imbalances in dataset, it is difficult to train machine learning algorithms for traffic analysis and these may give biased or false results leading to serious degradation in performance of these algorithms. Various techniques can be applied during sampling to minimize the effect of imbalanced instances. In this paper various sampling techniques have been analysed in order to compare the decrease in variation in imbalances of network traffic datasets sampled for these algorithms. Various parameters like missing classes in samples, probability of sampling of the different instances have been considered for comparison.

Key management using Chebyshev polynomials for mobile ad hoc networks

A dedicated key server cannot be instituted to manage keys for MANETs since they are dynamic and unstable. The Lagranges polynomial and curve fitting are being used to implement hierarchical key management for Mobile Ad hoc Networks (MANETs). The polynomial interpolation by Lagrange and curve fitting requires high computational efforts for higher order polynomials and moreover they are susceptible to Runges phenomenon. The Chebyshev polynomials are secure, accurate, and stable and there is no limit to the degree of the polynomials. The distributed key management is a big challenge in these time varying networks. In this work, the Chebyshev polynomials are used to perform key management and tested in various conditions. The secret key shares generation, symmetric key construction and key distribution by using Chebyshev polynomials are the main elements of this projected work. The significance property of Chebyshev polynomials is its recursive nature. The mobile nodes usually have less computational power and less memory, the key management by using Chebyshev polynomials reduces the burden of mobile nodes to implement the overall system.

Performance analysis of an Intrusion Detection System using Panjab University Intrusion DataSet

Intrusion Detection System (IDS) can be used to detect malware by its network activities or behavioral profiles. Common challenges for IDS are large amount of data to process, low detection rate and high rate of false alarms. Online Sequential Extreme Learning Machine (OS-ELM) based IDS with network traffic profiling is tested on Panjab University - Intrusion DataSet (PU-IDataSet). This IDS is known as alpha-FST-Beta IDS. The training connections are first categorized on the basis of protocol and service features. This categorization is named as alpha profiling. It increases the scalability and reduces the time complexity of IDS. Large feature set of network traffic dataset is reduced using ensemble of three feature selection techniques. Beta profiling is used to reduce the size of training dataset. Various parameters like accuracy, true positive rate, false positive rate, true negative rate, false negative rate, precision, F1-score and detection time is used to evaluate the performance. The results obtained encourage the integration of this system in intrusion detection models.

Analyzing Statistical Effect of Sampling on Network Traffic Dataset

In sampling of huge network traffic dataset, some packets are chosen out of total packets. Leftover packets may have effect on statistical characteristics of the data. In this paper effect of sampling on statistical characteristics is discussed. A well-known benchmarked NSL KDD network traffic dataset is used. Three sampling techniques namely - random, systematic and under-over sampling are used. Various attributes of dataset considered are duration, src_bytes, dst_bytes, wrong_fragment, num_compromised, num_file_ creations and srv_count. Parameter of statistical characteristics like range, mean and standard deviation is used for analysis purpose. Result shows that sampling has considerable statistical effect on network traffic dataset.