Two level classifier based on anomaly artificial immune system

العناوين الأخرى

مصنف ثنائي المستوى مستند على الشروذ في الجهاز المناعي الاصطناعي

مقدم أطروحة جامعية

al-Douri, Yamur Qahtan

مشرف أطروحة جامعية

Samawi, Venus W.

أعضاء اللجنة

Awdah, Jihad M.
al-Rababa, Mamun
Ubayd, Nadim Ali Miri

الجامعة

جامعة آل البيت

الكلية

كلية الأمير الحسين بن عبد الله لتكنولوجيا المعلومات

القسم الأكاديمي

قسم علوم الحاسوب

دولة الجامعة

الأردن

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2011

الملخص الإنجليزي

With the rapid growth of computer networks, data and network security has become an essential problem due to the increasing attempts of intrusion events.

Therefore, several methods are available to detect and eliminate intrusion attempts on computer system and networks.

Artificial Immune System (AIS), is a strong computational intelligence method inspired by biology immune system is an adaptive system, is used to provide protection for computer systems.

The function of biology immune system is to identify and categorize body cells into two groups.

The first is self named antibody which is part of a system used to detect and eliminate antigens, and the second is a non-self named antigen.

An antigen is synonymous with foreign attacks. Many researchers used AIS with an anomaly technique depend on the differences of packets presented in the parts of the protocol header, to overcome the weakness of Signature-based by pattern matching of known attack patterns. Motivated by the need to detect intrusions as soon as they happen, it is important to find detection antibodies that could be used to detect suspicious access and prevent accessing the system.

In this research, a genetic algorithm is used to reduce the clustered feature set, and generate detection antibodies.

The unrecognized access records are then fed to C4.5 algorithm (Decision Tree) to improve classification accuracy. Researchers suggest that employing features selected from NSL-KDD cup data to avoid redundant records which may cause learning algorithm bias [Tav09].

NSL-KDD contains 41 features and is labeled as either normal or an attack.

NSL-KDD cup have 22544 records. In this research, at first, NSL-KDD features are clustered using Kohonen neural network.

K-Means clustering algorithm used to classify or to group the dataset based on features into K number of group (K clusters) where K is a positive integer number equals 8 classes. The first classifier (the Genetic algorithm) trained with the clustered features by using the principles of selection and evolution producing several solutions to a given problem.

As a result, two Antibody rules are generated (that could recognize Normal and Antigen) applied on access records.

If the antibodies could not recognize the access record (either both antibodies were true or both were false), then the access record is labeled as unknown (unrecognized). The second classifier is used to developed rule generator, based on best features defined in the first classifier, using C4.5 algorithm decision tree.

Also, two Antibody rules are generated (that could recognize Normal and Antigen).

The generated antibodies are applied on the unknown access records to classify them.

In case the C4.5 could not recognize an access record (i.e.

the access record still unrecognized), unknown records are treated as Antigen. Cross validation is used for estimating the performance of the suggested model.

After applying the resulted two classifiers on the testing groups, the system accuracy reaches 99.9% in detection of Antigen.

Also as another result, the best features (the features involved in normal and attack antibodies) defined from Genetic algorithm (GA) are distinguished as important discrimination features.

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

الموضوعات

• الذكاء الاصطناعي
• أساليب المحاكاة
• معالجة البيانات
• الآلات المنطقية
• هندسة الإلكترونيات الحيوية

عدد الصفحات

95

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-314945