Abstract
Intrusion detection system (IDS) is a type of security management system which analyzes information gathered from various areas within a computer or a network to identify possible security breaches. In the last decades an unprecedented increase in the volume and sophistication of network attacks are witnessed. As the quality of the training data greatly influences the quality of the learned models it is difficult to collect high quality training data. New attacks leveraging newly discovered security vulnerabilities emerge quickly and frequently, and also it is not possible to collect data related to these new attacks to train a detection model before the attacks are discovered and understood. The exponential growth of zero-day attacks emphasizes the need of defence mechanisms that can accurately detect previously unseen attacks in real-time. In this regard, a meta-heuristic assessment model called assessing degree of intrusion scope, which is aimed to estimate the degree of intrusion scope threshold from optimal features of given network transaction for training. In order to evaluate the proposed approach, widely used dataset for evaluation of IDS, NSL-KDD data set is used which reflects the network traffic and provides considerable and consistent accuracy improvements in detecting the new and existing attacks. The experimental results indicating that the feature correlation is having significant impact towards minimizing the computational and time complexity of measuring Intrusion Impact Scale.
Similar content being viewed by others
References
Sharifi AA, Noorollahi BA, Farokhmanesh F (2014) Intrusion detection and prevention systems (IDPS) and security issues. Int J Comput Sci Netw Secur (IJCSNS) 14(11):80–84
Kannathal SM (2014) Intrusion detection system based on enhanced PLS feature extraction with hybrid classification method. Int J Sci Eng Technol Res (IJSETR) 3(6):1655–1663
Ali MQ, Al-Shaer E, Khan H, Khayam SA (2013) Automated anomaly detector adaptation using adaptive threshold tuning. ACM Trans Inf Syst Secur 15(4), Article 17
Ali MQ, Khan H, Sajjad A, Khayam SA (2009) On achieving good operating points on an ROC plane using stochastic anomaly score prediction. In: Proceedings of the 16th ACM conference on computer and communications security (CCS’09). ACM, New York, pp 314–323
Ide T, Kashima H (2004) Eigenspace-based anomaly detection in computer systems. In: Proceedings of the 10th ACM SIGKDD international conference on knowledge discovery and data mining (KDD’04), ACM, New York, pp 440–449
Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of the IEEE symposium on security and privacy (SP’04). IEEE Computer Society, Los Alamitos, CA
Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. In: Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications (SIGCOMM’05). ACM, New York, pp 217–228
Yu Z, Tsai JP, Weigert T (2007) An automatically tuning intrusion detection system. IEEE Trans Syst Man Cybern, Part B (Cybern) 37:373–384
Yu Z, Sai T, Weigert T (2008) An adaptive automatically tuning intrusion detection system. ACM Trans Auton Adapt Syst 3(3):10:1–10:25
Gu G, Fogla P, Dagon D, Lee W, Skoric B (2006) Towards an information-theoretic framework for analyzing intrusion detection systems. In: Proceedings of the 11th European symposium on research in computer security (ESORICS’06)
Masud MM, Chen Q, Khan L, Aggarwal C, Gao J, Han J, Thuraisingham B (2010) Addressing concept-evolution in concept-drifting data streams. In: Proceedings of the IEEE international conference on data mining (ICDM’10), IEEE Computer Society, Los Alamitos, CA, pp 929–934
Masud MM, Gao J, Khan L, Han J, Thuraisingham BM (2011) Classification and novel class detection in concept-drifting data streams under time constraints. IEEE Trans Knowl Data Eng 23(6):859–874
Cretu-Ciocarlie GF, Stavrou A, Locasto ME, Stolfo SJ, Adaptive anomaly detection via self-calibration and dynamic updating. In: Proceedings of the 12th international symposium on recent advances in intrusion detection (RAID’09). Springer, Berlin, pp 41–60
Lee W, Stolfo S (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4):227–261
KDD data set (1999) http://kdd.ics.uci.edu/databases/-kddcup99/kddcup99.html
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD cup 99 data set. In Proceedings of IEEE symposium on computational intelligence in security and defence applications, CISDA 2009, pp 53–58
Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (IJERT) 2(12):1848–1853
Dhanabal L, Shantharajah SP (2015) A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int J Adv Res Comput Commun Eng 4(6):446–452
Aggarwala P, Sharmab SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. In: Proceedings of 3rd international conference on recent trends in computing 2015, ICRTC-2015. In Procedia Computer Science, vol 7, Elsevier, Amsterdam pp 842–851
Hardoon David R, Szedmak S, Shawe-Taylor J (2004) Canonical correlation analysis: an overview with application to learning methods. Neural Comput 16:2639–2664
Borga M (2001) Canonical correlation: a tutorial. Linkoping University, Linkoping. Available at http://www.imt.liu.se/magnus/cca/tutorial/
Akaho S (2001) A kernel method for canonical correlation analysis. International Meeting of Psychometric Society, IMPS2001
Hyvarinen A, Karhunen J, Oja E (2001) Independent component analysis. Wiley, New York
Akaho S (2001) A kernel method for canonical correlation analysis. International Meeting of Psychometric Society (IMPS2001)
http://www.statsoft.com/textbook/anova-manova. Accessed 16 Mar 2018
Jyothsna V, Rama Prasad VV (2015) Anomaly based Network Intrusion Detection through assessing Feature Association Impact Scale (FAIS). Indersci Int J Inf Comput Secur (IJICS) (in forthcoming article)
Jyothsna V, Rama Prasad VV (2016) FCAAIS: anomaly based network intrusion detection through feature correlation analysis and association impact scale, ICT Express, The Korean Institute of Communications Information Sciences, Elsevier, Amsterdam, August 2016 (in press)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jyothsna, V., Rama Prasad, V.V. Assessing degree of intrusion scope (DIS): a statistical strategy for anomaly based intrusion detection. CSIT 6, 99–127 (2018). https://doi.org/10.1007/s40012-018-0188-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40012-018-0188-x