Network intrusion detection using one-class classification based on standard deviation of service's normal behavior

العناوين الأخرى

كشف التسلل للشبكة باستخدام التصنيف أحادي الفئة المعتمد على الانحراف المعياري للسلوك الطبيعي للخدمة

مقدم أطروحة جامعية

Matar, Ramzi Atif Muhammad

مشرف أطروحة جامعية

Barhum, Tawfiq Sulayman

أعضاء اللجنة

al-Halis, Ala Mustafa
al-Zaza, Naji Shukri

الجامعة

الجامعة الإسلامية

الكلية

كلية تكنولوجيا المعلومات

دولة الجامعة

فلسطين (قطاع غزة)

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2015

الملخص الإنجليزي

Computer networks and internet have been increasingly used in our daily life.

Due to the explosive growth of network attacks, network intrusion detection systems (NIDS) have become an essential network component which plays a vital role for computer networks' security.

The main purpose of NIDS is to protect network resources from any unauthorized access that may gather confidential data, affect its availability or violate its data integrity.

A lot of efforts have been given toward designing a perfect NIDS that has a high detection rate and low false alarm rate.

Some have used misuse detection technique which fails to detect zero-day attacks, such that there is a high demand for alternative detection techniques.

The problems of using supervised learning is the cost of producing labeled dataset, and also the model is trained on known attacks which may fail to detect new variant attacks.

On the other hand, unsupervised learning has the problem of labeling the generated clusters; which cluster is normal or abnormal.

Semi-supervised learning techniques suffers from the limitation that it cannot outperform supervised classification unless the analyst is absolutely certain that there is some nontrivial relationship between labeled and the unlabeled distribution.

Because of the limitations of previous learning techniques, and because of the increasing diversity and polymorphism of network attacks, a fourth learning technique called One-Class Classification (OCC) has been used to learn the behavior of single class, which is commonly normal traffic, to detect any deviation from it.

However when applying this technique on network as a whole it suffers from the high dimensional network feature spaces.

Also, problems may arise when large differences in density exist.

To overcome these problems, we proposed a primary OCC-NIDS model based on the standard deviation of service's normal behavior.

Through this model we dealt with each network service as single class instead of dealing with all network services as a single class.

By this way we use just the relevant features of each service, hence reducing the high dimensional network feature spaces and also ensure that each class has - a proximately - uniform distribution.

We evaluated the proposed primary model on our testbed dataset and on KDD Cup'99 datasets.

The proposed model proved that it has the ability to detect abnormal network traffic with high detection rate and low false positive rate.

Our proposed model achieved 98.14% detection rate and 98.74% accuracy rate with 0.13% false positive rate on our testbed dataset.

While on KDD Cup'99 dataset our model achieved 99.88% detection rate and 99.6% accuracy rate with a false alarm rate reached 0.77% and false positive rate 0.028%.

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

الموضوعات

• حماية البيانات
• الحواسيب
• شبكات الحاسوب
• الإجراءات الأمنية

عدد الصفحات

122

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-688548