Comparative study between (SVM)‎ and (KNN)‎ classifiers after adding (PCA)‎ to improve of intrusion detection system

العناوين الأخرى

دراسة مقارنه بين مصنفات آلة دعم المتجهات (SVM)‎ و الجار الأقرب (KNN)‎ بعد إضافة تحليل المكونات الرئيسية (PCA)‎ لتحسين نظام كشف التسلل

مقدم أطروحة جامعية

al-Hammadi, Nafi Ali Majid

مشرف أطروحة جامعية

al-Hammuz, Sadiq

أعضاء اللجنة

Abu Shurayhah, Ahmad
al-Kasasibah, Muhammad

الجامعة

جامعة الشرق الأوسط

الكلية

كلية تكنولوجيا المعلومات

القسم الأكاديمي

قسم نظم المعلومات الحاسوبية

دولة الجامعة

الأردن

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2016

الملخص الإنجليزي

Intrusion Detection Systems (IDSs) are efficient applications that monitor activities of specific network or system to detect any abnormal activity and then send alarms for a defined management station.

However, the current IDSs generate a high number of false alarms; False Positives (FP) and False Negatives (FN), which decreases the accuracy of distinguishing attacks from normal activities.

Thus, this thesis introduced the implementation of a binary classifier based IDS.

The used classifiers within the system were Principal Component Analysis-Support Vector Machine(PCA-SVM) and Principal Component Analysis-K-Nearest Neighbor(PCA-KNN).

The performance of the system with using these classifiers was compared using the National Security Letter-Knowledge Discovery and Data Mining(NSL-KDD) dataset to determine the optimal classifier in terms of detection rate and the number of generated false alarms.

This was performed based on dividing the dataset into training and testing sets, where the Control Chart was then applied on the training set to improve the results, where it filtered the data to remove the out-bound data and keep the data in the range from Mean-3sigma to Mean+3sigma.

Six evaluation metrics; FP, FN, True Positive (TP), True Negative (TN), Detection Rate (DR) and Classification Rate (CR)were computed for both classifiers for three sets of features; F1: [4,5,10,11,23,24,29,31,33,38,41], F2: [4,5,10,11,23,24,29,31,33] and F3: [4,5,10,11,23,24,29] with and without applying a control chart.

The obtained results demonstrated that the PCA-KNN based IDS with control chart offered the best detection rate with minimum number of generated false alarms for sets F2 and F3, while the PCA-SVM based IDS with control chart offered the best detection rate with minimum number of generated false alarms for F1.

The average achieved detection rate for the PCA-KNN based IDSwas 98.17% with control chart and 88.7738% without control chart.

On the other hand, the average achieved XIV detection rate for the PCA-SVM based IDS was 97.62% with control chart and 96.63587% without control chart.

Based on these outcomes, the application of control chart enhancedthe detection rate and decreased the number of false alarms for both classifiers.In addition, the PCA-KNNwas the best classifier to be applied on the IDS with minimum number of false alarms and highest security and detection rate.

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

عدد الصفحات

87

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-721232