![](/images/graphics-bg.png)
Network intrusion detection using one-class classification based on standard deviation of service's normal behavior
العناوين الأخرى
كشف التسلل للشبكة باستخدام التصنيف أحادي الفئة المعتمد على الانحراف المعياري للسلوك الطبيعي للخدمة
مقدم أطروحة جامعية
مشرف أطروحة جامعية
أعضاء اللجنة
al-Halis, Ala Mustafa
al-Zaza, Naji Shukri
الجامعة
الجامعة الإسلامية
الكلية
كلية تكنولوجيا المعلومات
دولة الجامعة
فلسطين (قطاع غزة)
الدرجة العلمية
ماجستير
تاريخ الدرجة العلمية
2015
الملخص الإنجليزي
Computer networks and internet have been increasingly used in our daily life.
Due to the explosive growth of network attacks, network intrusion detection systems (NIDS) have become an essential network component which plays a vital role for computer networks' security.
The main purpose of NIDS is to protect network resources from any unauthorized access that may gather confidential data, affect its availability or violate its data integrity.
A lot of efforts have been given toward designing a perfect NIDS that has a high detection rate and low false alarm rate.
Some have used misuse detection technique which fails to detect zero-day attacks, such that there is a high demand for alternative detection techniques.
The problems of using supervised learning is the cost of producing labeled dataset, and also the model is trained on known attacks which may fail to detect new variant attacks.
On the other hand, unsupervised learning has the problem of labeling the generated clusters; which cluster is normal or abnormal.
Semi-supervised learning techniques suffers from the limitation that it cannot outperform supervised classification unless the analyst is absolutely certain that there is some nontrivial relationship between labeled and the unlabeled distribution.
Because of the limitations of previous learning techniques, and because of the increasing diversity and polymorphism of network attacks, a fourth learning technique called One-Class Classification (OCC) has been used to learn the behavior of single class, which is commonly normal traffic, to detect any deviation from it.
However when applying this technique on network as a whole it suffers from the high dimensional network feature spaces.
Also, problems may arise when large differences in density exist.
To overcome these problems, we proposed a primary OCC-NIDS model based on the standard deviation of service's normal behavior.
Through this model we dealt with each network service as single class instead of dealing with all network services as a single class.
By this way we use just the relevant features of each service, hence reducing the high dimensional network feature spaces and also ensure that each class has - a proximately - uniform distribution.
We evaluated the proposed primary model on our testbed dataset and on KDD Cup'99 datasets.
The proposed model proved that it has the ability to detect abnormal network traffic with high detection rate and low false positive rate.
Our proposed model achieved 98.14% detection rate and 98.74% accuracy rate with 0.13% false positive rate on our testbed dataset.
While on KDD Cup'99 dataset our model achieved 99.88% detection rate and 99.6% accuracy rate with a false alarm rate reached 0.77% and false positive rate 0.028%.
التخصصات الرئيسية
تكنولوجيا المعلومات وعلم الحاسوب
الموضوعات
عدد الصفحات
122
قائمة المحتويات
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Theoretical background.
Chapter Three : Related works.
Chapter Four : Real dataset collection.
Chapter Five : Research proposal and methodology.
Chapter Six : Experimental results discussion and evaluation.
Chapter Seven : Conclusion and future work.
References.
نمط استشهاد جمعية علماء النفس الأمريكية (APA)
Matar, Ramzi Atif Muhammad. (2015). Network intrusion detection using one-class classification based on standard deviation of service's normal behavior. (Master's theses Theses and Dissertations Master). Islamic University, Palestine (Gaza Strip)
https://search.emarefa.net/detail/BIM-688548
نمط استشهاد الجمعية الأمريكية للغات الحديثة (MLA)
Matar, Ramzi Atif Muhammad. Network intrusion detection using one-class classification based on standard deviation of service's normal behavior. (Master's theses Theses and Dissertations Master). Islamic University. (2015).
https://search.emarefa.net/detail/BIM-688548
نمط استشهاد الجمعية الطبية الأمريكية (AMA)
Matar, Ramzi Atif Muhammad. (2015). Network intrusion detection using one-class classification based on standard deviation of service's normal behavior. (Master's theses Theses and Dissertations Master). Islamic University, Palestine (Gaza Strip)
https://search.emarefa.net/detail/BIM-688548
لغة النص
الإنجليزية
نوع البيانات
رسائل جامعية
رقم السجل
BIM-688548
قاعدة معامل التأثير والاستشهادات المرجعية العربي "ارسيف Arcif"
أضخم قاعدة بيانات عربية للاستشهادات المرجعية للمجلات العلمية المحكمة الصادرة في العالم العربي
![](/images/ebook-kashef.png)
تقوم هذه الخدمة بالتحقق من التشابه أو الانتحال في الأبحاث والمقالات العلمية والأطروحات الجامعية والكتب والأبحاث باللغة العربية، وتحديد درجة التشابه أو أصالة الأعمال البحثية وحماية ملكيتها الفكرية. تعرف اكثر
![](/images/kashef-image.png)