Comparative study between (SVM)‎ and (KNN)‎ classifiers after adding (PCA)‎ to improve of intrusion detection system

Other Title(s)

دراسة مقارنه بين مصنفات آلة دعم المتجهات (SVM)‎ و الجار الأقرب (KNN)‎ بعد إضافة تحليل المكونات الرئيسية (PCA)‎ لتحسين نظام كشف التسلل

Dissertant

al-Hammadi, Nafi Ali Majid

Thesis advisor

al-Hammuz, Sadiq

Comitee Members

Abu Shurayhah, Ahmad
al-Kasasibah, Muhammad

University

Middle East University

Faculty

Faculty of Information Technology

Department

Department of Computer Information Systems

University Country

Jordan

Degree

Master

Degree Date

2016

English Abstract

Intrusion Detection Systems (IDSs) are efficient applications that monitor activities of specific network or system to detect any abnormal activity and then send alarms for a defined management station.

However, the current IDSs generate a high number of false alarms; False Positives (FP) and False Negatives (FN), which decreases the accuracy of distinguishing attacks from normal activities.

Thus, this thesis introduced the implementation of a binary classifier based IDS.

The used classifiers within the system were Principal Component Analysis-Support Vector Machine(PCA-SVM) and Principal Component Analysis-K-Nearest Neighbor(PCA-KNN).

The performance of the system with using these classifiers was compared using the National Security Letter-Knowledge Discovery and Data Mining(NSL-KDD) dataset to determine the optimal classifier in terms of detection rate and the number of generated false alarms.

This was performed based on dividing the dataset into training and testing sets, where the Control Chart was then applied on the training set to improve the results, where it filtered the data to remove the out-bound data and keep the data in the range from Mean-3sigma to Mean+3sigma.

Six evaluation metrics; FP, FN, True Positive (TP), True Negative (TN), Detection Rate (DR) and Classification Rate (CR)were computed for both classifiers for three sets of features; F1: [4,5,10,11,23,24,29,31,33,38,41], F2: [4,5,10,11,23,24,29,31,33] and F3: [4,5,10,11,23,24,29] with and without applying a control chart.

The obtained results demonstrated that the PCA-KNN based IDS with control chart offered the best detection rate with minimum number of generated false alarms for sets F2 and F3, while the PCA-SVM based IDS with control chart offered the best detection rate with minimum number of generated false alarms for F1.

The average achieved detection rate for the PCA-KNN based IDSwas 98.17% with control chart and 88.7738% without control chart.

On the other hand, the average achieved XIV detection rate for the PCA-SVM based IDS was 97.62% with control chart and 96.63587% without control chart.

Based on these outcomes, the application of control chart enhancedthe detection rate and decreased the number of false alarms for both classifiers.In addition, the PCA-KNNwas the best classifier to be applied on the IDS with minimum number of false alarms and highest security and detection rate.

Main Subjects

Information Technology and Computer Science

No. of Pages

87

Table of Contents

• APA
• MLA
• AMA

Language

English

Data Type

Arab Theses

Record ID

BIM-721232