We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 November 2024
Reseach Article

Adaptive Intrusion Detection based on Boosting and NaÔve Bayesian Classifier

by Dewan Md. Farid, Mohammad Zahidur Rahman, Chowdhury Mofizur Rahman
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 24 - Number 3
Year of Publication: 2011
Authors: Dewan Md. Farid, Mohammad Zahidur Rahman, Chowdhury Mofizur Rahman
10.5120/2932-3883

Dewan Md. Farid, Mohammad Zahidur Rahman, Chowdhury Mofizur Rahman . Adaptive Intrusion Detection based on Boosting and NaÔve Bayesian Classifier. International Journal of Computer Applications. 24, 3 ( June 2011), 12-19. DOI=10.5120/2932-3883

@article{ 10.5120/2932-3883,
author = { Dewan Md. Farid, Mohammad Zahidur Rahman, Chowdhury Mofizur Rahman },
title = { Adaptive Intrusion Detection based on Boosting and NaÔve Bayesian Classifier },
journal = { International Journal of Computer Applications },
issue_date = { June 2011 },
volume = { 24 },
number = { 3 },
month = { June },
year = { 2011 },
issn = { 0975-8887 },
pages = { 12-19 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume24/number3/2932-3883/ },
doi = { 10.5120/2932-3883 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:10:01.147545+05:30
%A Dewan Md. Farid
%A Mohammad Zahidur Rahman
%A Chowdhury Mofizur Rahman
%T Adaptive Intrusion Detection based on Boosting and NaÔve Bayesian Classifier
%J International Journal of Computer Applications
%@ 0975-8887
%V 24
%N 3
%P 12-19
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this paper, we introduce a new learning algorithm for adaptive intrusion detection using boosting and naïve Bayesian classifier, which considers a series of classifiers and combines the votes of each individual classifier for classifying an unknown or known example. The proposed algorithm generates the probability set for each round using naïve Bayesian classifier and updates the weights of training examples based on the misclassification error rate that produced by the training examples in each round. This algorithm addresses the problem of classifying the large intrusion detection dataset, which improves the detection rates (DR) and reduces the false positives (FP) at acceptable level in intrusion detection. We tested the performance of the proposed algorithm with existing data mining algorithms by employing on the KDD99 benchmark intrusion detection dataset, and the experimental results proved that the proposed algorithm achieved high detection rates and significantly reduced the number of false positives for different types of network intrusions.

References
  1. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computer & Security, Vol. 28, 2009, pp. 18-28.
  2. Animesh Patcha, and Jugn-Min Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends,” Computer Networks, Vol. 51, 2007, pp. 3448-3470.
  3. Dan Zhu, G. Premkumar, Xiaoning Zhang, Chao-Hsien Chu, “Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods,” Decision Sciences, Vol. 32, No. 4, Fall 2001, pp. 635-660.
  4. Su-Yun Wu, and Ester Yen, “Data mining-based intrusion detectors,” Expert Systems with Application`s, Vol. 36, Issue 3, Part 1, April 2009, pp. 5605-5612.
  5. Barbara, Daniel, Couto, Julia, Jajodia, Sushil, Popyack, Leonard, Wu, and Ningning, “ADAM: Detecting intrusion by data mining,” IEEE Workshop on Information Assurance and Security, West Point, New York, June 5-6, 2001.
  6. Lee W., “A data mining and CIDF based approach for detecting novel and distributed intrusions,” Recent Advances in Intrusion Detection, 3rd International Workshop, RAID 2000, Toulouse, France, October 2-4, 2000, Proc. Lecture Notes in Computer Science 1907 Springer, 2000, pp. 49-65.
  7. Lee W., Stolfo S., and Mok K., “Adaptive Intrusion Detection: A Data Mining Approach,” Artificial Intelligence Review, 14(6), December 2000, pp. 533-567.
  8. Dewan Md. Farid, Nouria Harbi, and Mohammad Zahidur Rahman, “Combining Naïve Bayes and Decision Tree for Adaptive Intrusion Detection,” International Journal of Network Security & Its Applications, Vol. 2, No. 2, April 2010, pp. 12-25.
  9. Dewan Md. Farid, Jerome Darmont, and Mohammad Zahidur Rahman, “Attribute Weighting with Adaptive NBTree for Reducing False Positives in Intrusion Detection,” International Journal of Computer Science and Information Security, Vol. 8, No. 1, April 2010, pp. 19-26.
  10. Dewan Md. Farid, and Mohammad Zahidur Rahman, “Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm,” Journal of Computers, Academy Publisher, Vol. 5, No. 1, January 2010, pp. 23-31.
  11. Dewan Md. Farid, Nouria Harbi, Suman Ahmmed, Mohammad Zahidur Rahman, and Chowdhury Mofizur Rahman, “Mining Network Data for Intrusion Detection through Naïve Bayesian with Clustering,” In Proc. of the International Conference on Computer, Electrical, System Science, and Engineering (ICCESSE 2010), June 28-30, 2010, Paris, France, pp. 836-840.
  12. Dewan Md. Farid, Nguyen Huu Hoa, Jerome Darmont, Nouria Harbi, and Mohammad Zahidur Rahman, “Scaling up Detection Rates and Reducing False Positives in Intrusion Detection using NBTree,” In Proc. of the International Conference on Data Mining and Knowledge Engineering (ICDMKE 2010), April 28-30, 2010, Rome, Italy, pp. 186-190.
  13. Dewan Md. Farid, Nouria Harbi, Emna Bahri, Mohammad Zahidur Rahman and Chowdhury Mofizur Rahman, “Attacks Classification in Adaptive Intrusion Detection using Decision Tree,” In Proc. of the International Conference on Computer Science (ICCS 2010), 29-31 March, 2010, Rio De Janeiro, Brazil, pp. 86-90.
  14. Dewan Md. Farid, Jerome Darmont, Nouria Harbi, Nguyen Huu Hoa, and Mohammad Zahidur Rahman, “Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification,” In Proc. of the International Conference on Computer Systems Engineering (ICCSE 2009), December 25-27, 2009, Bangkok, Thailand, pp. 82-86.
  15. Dewan Md. Farid, and Mohammad Zahidur Rahman, “Anomaly Detection Model for Network Intrusion Detection using Conditional Probabilities,” In Proc. of the 6th International Conference on Information Technology in Asia 2009 (CITA’09), 6th – 9th July 2009, Kuching, Sarawak, Malaysia, pp. 104-110.
  16. Dewan Md. Farid, and Mohammad Zahidur Rahman, “Learning Intrusion Detection Based on Adaptive Bayesian Algorithm,” In Proc. of the 11th International Conference on Computer and Information Technology (ICCIT 2008), 25-27 December 2008, Khulna, Bangladesh, pp. 652-656, and IEEE Xplore Digital Archive.
  17. D.Y. Yeung, and Y.X. Ding, “Host-based intrusion detection using dynamic and static behavioral model”, Pattern Recognition, 36, 2003, pp. 229-243.
  18. T. Pietraszek, and C. V. Berghe, “Defending against injection attacks through context-sensitive string evaluation,” In Recent Advances in Intrusion Detection (RAID2005), Seattle, WA, Springer-Verlag, vol. 3858 of Lecture Notes in Computer Science, 2005, pp. 124–145.
  19. “The php group, php hypertext preprocessor,” 2001-2004, web page at http://www.php.net
  20. “The phpbb group, phpbb.com,” 2001-2004, web page at http://www.phpbb,com
  21. X. Xu, and X.N. Wang, “Adaptive network intrusion detection method based on PCA and support vector machines,” Lecture Notes in Artificial Intelligence (ADMA 2005), LNAI 3584, 2005, pp. 696-703.
  22. Martin Roesch, “SNORT: The open source network intrusion system,” Official web page of Snort at http://www.snort.org/
  23. L. C. Wuu, C. H. Hung, and S. F. Chen, “Building intrusion pattern miner for sonrt network intrusion detection system,” Journal of Systems and Software, vol. 80, Issue 10, 2007, pp. 1699-1715.
  24. James P. Anderson, “Computer security threat monitoring and surveillance,” Technical Report 98-17, James P. Anderson Co., Fort Washington, Pennsylvania, USA, April 1980.
  25. Dorothy E. Denning, “An intrusion detection model,” IEEE Transaction on Software Engineering, SE-13(2), 1987, pp. 222-232.
  26. S.E. Smaha, and Haystack, “An intrusion detection system,” in Proc. of the IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL, 1988, pp. 37-44.
  27. W. Fan, W. Lee, M. Miller, S. J. Stolfo, and P. K. Chan, “Using artificial anomalies to detect unknown and known network intrusions,” Knowledge and Information Systems, 2005, pp. 507-527.
  28. Y. Bouzida, and F. Cuppens, “Detecting known and novel network intrusions,” Security and Privacy in Dynamic Environments, 2006, pp. 258-270.
  29. S. Peddabachigari, A. Abraham, and J. Thomas, “Intrusion detection systems using decision tress and support vector machines,” International Journal of Applied Science and Computations, 2004.
  30. D. Barbara, N. Wu, and Suchil Jajodia, “Detecting novel network intrusions using Bayes estimators,” In Proc. of the 1st SIAM Conference on Data Mining, April 2001.
  31. D. Barbara, J. Couto, S. Jajodia, and N. Wu, “ADAM: A tested for exploring the use of data mining in intrusion detection,” Special Interest Group on Management of Data (SIGMOD), Vol. 30 (4), 2001.
  32. N. B. Amor, S. Benferhat, and Z. Elouedi, “Naïve Bayes vs. decision trees in intrusion detection systems,” In Proc. of the 2004 ACM Symposium on Applied Computing, New York, 2004, pp. 420-424.
  33. M. Panda, and M. R. Patra, “Network intrusion deteciton using naïve Bayes,” International Journal of Computer Science and Network Security (IJCSNS), Vol. 7, No. 12, December 2007, pp. 258-263.
  34. M. Panda, and M. R. Patra, “Semi-naïve Bayesian method for network intrusion detection system,” In Proc. of the 16th International Conference on Neural Information Processing, December 2009.
  35. Y. Freund, and R. E. Schapire, “A decision-theoretic generalization of on-line learning and an application to boosting,” Journal of Computer and System Sciences, Vol. 55, 1997, pp. 119-139.
  36. The KDD Archive. KDD99 cup dataset, 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  37. Mukkamala S, Sung AH, and Abraham A, “Intrusion detection using an ensemble of intelligent paradigms,” Journal of Network and Computer Applications, 2005, Vol. 2, No. 8, pp. 167-182.
  38. Chebrolu S, Abraham A, and Thomas JP, “Feature deduction and ensemble design of intrusion detection systems.” Computer & Security, 2004, Vol. 24, No. 4, pp. 295-307.
  39. C. Elkan, 2007, Result of the KDD’99 Knowledge Discovery Contest
  40. Online, Available: http://www-cse.ucsd.edu/users/elkan/clresults.html
  41. A. D. Joshi, “Applying the wrapper approach for auto discovery of under-sampling and over-sampling percentages on skewed datasets,” M.Sc. Thesis, University South Florida, Tampa, 2004, pp. 1-77
  42. Online, Available: http://etd.fcla.edu/SF/SFE0000491/Thesis-AjayJoshi.pdf
Index Terms

Computer Science
Information Sciences

Keywords

Boosting Naïve Bayesian Classifier Intrusion Detection Detection Rate False Positive