CFP last date
20 January 2025
Reseach Article

A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification

by S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 121 - Number 19
Year of Publication: 2015
Authors: S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh
10.5120/21652-4983

S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh . A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification. International Journal of Computer Applications. 121, 19 ( July 2015), 47-50. DOI=10.5120/21652-4983

@article{ 10.5120/21652-4983,
author = { S. Vahid Farrahi, Mahsa Kamali Sarvestani, Marzieh Ahmadzadeh },
title = { A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification },
journal = { International Journal of Computer Applications },
issue_date = { July 2015 },
volume = { 121 },
number = { 19 },
month = { July },
year = { 2015 },
issn = { 0975-8887 },
pages = { 47-50 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume121/number19/21652-4983/ },
doi = { 10.5120/21652-4983 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:08:53.394925+05:30
%A S. Vahid Farrahi
%A Mahsa Kamali Sarvestani
%A Marzieh Ahmadzadeh
%T A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification
%J International Journal of Computer Applications
%@ 0975-8887
%V 121
%N 19
%P 47-50
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this paper, a new algorithm has been proposed for network intrusion detection. The proposed algorithm operates in a simple but efficient manner. It uses labeled data in the training phase, which means that our algorithm is a supervised algorithm. In the training phase of the algorithm, the data are categorized based on their class label values. Then, the algorithm compute a center point for each category of the class label. A center point is a mean of all samples that belong to the same category. Finally, in the testing phase, the algorithm uses Euclidean distance metric to label the test data based on their distances to the center points. In other words, each test data assigns to the nearest center point. However, a pre-defined threshold has been used in the testing phase in order to deal with zero-day attacks. If a test data point is closer to the normal center it will be assign to the normal class but in this case the algorithm checks the pre-defined threshold. If the distance to the normal center was greater than the pre-defined threshold the test data point will be classify as an attack, else it will be assign to the normal class. Experimental results show that the proposed algorithm is superior to single Naïve Bayes classifier. The detection rate of the proposed algorithm with 95% confidence is between 95. 88 ± 0. 11 and the detection rate of Naïve Bayes algorithm with the same confidence is between 90. 03 ± 0. 31.

References
  1. E. Biermann, E. Cloete, and L. M. Venter, "A comparison of intrusion detection systems," Computers & Security, vol. 20, pp. 676-683, 2001.
  2. B. Morin and L. Mé, "Intrusion detection and virology: an analysis of differences, similarities and complementariness," Journal in computer virology, vol. 3, pp. 39-49, 2007.
  3. P. Kabiri and A. A. Ghorbani, "Research on Intrusion Detection and Response: A Survey," IJ Network Security, vol. 1, pp. 84-102, 2005.
  4. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, pp. 18-28, 2009.
  5. A. Patcha and J. -M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Networks, vol. 51, pp. 3448-3470, 2007.
  6. S. Mukherjee and N. Sharma, "Intrusion detection using naive Bayes classifier with feature reduction," Procedia Technology, vol. 4, pp. 119-128, 2012.
  7. B. M. Bidgoli, M. Analoui, M. H. Rezvani, and H. S. Shahhoseini, "Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces," in Trends in Intelligent Systems and Computer Engineering, ed: Springer, 2008, pp. 273-284.
  8. N. B. Amor, S. Benferhat, and Z. Elouedi, "Naive bayes vs decision trees in intrusion detection systems," in Proceedings of the 2004 ACM symposium on Applied computing, 2004, pp. 420-424.
  9. M. Panda and M. R. Patra, "A comparative study of data mining algorithms for network intrusion detection," in Emerging Trends in Engineering and Technology, 2008. ICETET'08. First International Conference on, 2008, pp. 504-507.
  10. P. Laskov, P. Düssel, C. Schäfer, and K. Rieck, "Learning intrusion detection: supervised or unsupervised?," in Image Analysis and Processing–ICIAP 2005, ed: Springer, 2005, pp. 50-57.
  11. A. K. Jain, M. N. Murty, and P. J. Flynn, "Data clustering: a review," ACM computing surveys (CSUR), vol. 31, pp. 264-323, 1999.
  12. M. Jianliang, S. Haikun, and B. Ling, "The application on intrusion detection based on k-means cluster algorithm," in Information Technology and Applications, 2009. IFITA'09. International Forum on, 2009, pp. 150-152.
  13. M. Tavallaee, E. Bagheri, W. Lu, and A. -A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009, 2009.
  14. R. Jain, The art of computer systems performance analysis: John Wiley & Sons, 2008.
  15. G. W. Milligan and M. C. Cooper, "A study of standardization of variables in cluster analysis," Journal of classification, vol. 5, pp. 181-204, 1988.
Index Terms

Computer Science
Information Sciences

Keywords

Data Mining Network Intrusion Detection Zero-day Attacks Identifying Supervised Learning Anomaly Detection