CFP last date
20 December 2024
Reseach Article

A Multi-Dimensional approach towards Intrusion Detection System

by Manoj Rameshchandra Thakur, Sugata Sanyal
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 48 - Number 5
Year of Publication: 2012
Authors: Manoj Rameshchandra Thakur, Sugata Sanyal
10.5120/7347-0236

Manoj Rameshchandra Thakur, Sugata Sanyal . A Multi-Dimensional approach towards Intrusion Detection System. International Journal of Computer Applications. 48, 5 ( June 2012), 34-41. DOI=10.5120/7347-0236

@article{ 10.5120/7347-0236,
author = { Manoj Rameshchandra Thakur, Sugata Sanyal },
title = { A Multi-Dimensional approach towards Intrusion Detection System },
journal = { International Journal of Computer Applications },
issue_date = { June 2012 },
volume = { 48 },
number = { 5 },
month = { June },
year = { 2012 },
issn = { 0975-8887 },
pages = { 34-41 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume48/number5/7347-0236/ },
doi = { 10.5120/7347-0236 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:43:20.290829+05:30
%A Manoj Rameshchandra Thakur
%A Sugata Sanyal
%T A Multi-Dimensional approach towards Intrusion Detection System
%J International Journal of Computer Applications
%@ 0975-8887
%V 48
%N 5
%P 34-41
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this paper, we suggest a multi-dimensional approach towards intrusion detection. Network and system usage parameters like source and destination IP addresses; source and destination ports; incoming and outgoing network traffic data rate and number of CPU cycles per request are divided into multiple dimensions. Rather than analyzing raw bytes of data corresponding to the values of the network parameters, a mature function is inferred during the training phase for each dimension. This mature function takes a dimension value as an input and returns a value that represents the level of abnormality in the system usage with respect to that dimension. This mature function is referred to as Individual Anomaly Indicator. Individual Anomaly Indicators recorded for each of the dimensions are then used to generate a Global Anomaly Indicator, a function with n variables (n is the number of dimensions) that provides the Global Anomaly Factor, an indicator of anomaly in the system usage based on all the dimensions considered together. The Global Anomaly Indicator inferred during the training phase is then used to detect anomaly in the network traffic during the detection phase. Network traffic data encountered during the detection phase is fed back to the system to improve the maturity of the Individual Anomaly Indicators and hence the Global Anomaly Indicator.

References
  1. Divyata Dal, Siby Abraham, Ajith Abraham, Sugata Sanyal and Mukund Sanglikar, Evolution induced Secondary Immunity: An Artificial Immune System based Intrusion Detection System, 7th International Conference on Computer Information Systems and Industrial Management Applications (CISIM'08), Ostrava, The Czech Republic, June 26-28, 2008. IEEE Computer Society press, USA, ISBN 978-0-7695-3184-7, pp. 61-66, 2008.
  2. Data Security Breach Statistics [Online]. Available: http://www. infosecurityanalysis. com
  3. Supervised learning [Online]. Available: http://en. wikipedia. org/wiki/Supervised_learning.
  4. Ajith Abraham, Ravi Jain, Sugata Sanyal, Sang Yong Han, SCIDS: A Soft Computing Intrusion Detection System, 6th International Workshop on Distributed Computing (IWDC 2004), A. Sen et al. (Eds. ) Springer Verlag, Germany, Lecture Notes in Computer Science, Vol. 3326, pp. 252-257, 2004.
  5. Empirical risk minimization [Online]. Available: http://en. wikipedia. org/wiki/Empirical_risk_minimization
  6. Animesh K Trivedi, Rajan Arora, Rishi Kapoor, Sudip Sanyal, Sugata Sanyal, A Semi-distributed Reputation-based Intrusion Detection System for Mobile Ad hoc Networks, Journal of Information Assurance and Security (JIAS), Volume 1,Issue 4, December, 2006, pp. 265-274.
  7. R. Vasudevan and Sugata Sanyal, A Novel Multipath Approach to Security in Mobile and Ad Hoc Networks (MANETs), Proceedings of International Conference on Computers and Devices for Communication (CODEC'04), Kolkata, India, 2004, pp. CAN_0412_CO_F_1 to CAN_0412_CO_F_4.
  8. Craig Labovitz , Scott Iekel-Johnson , Danny McPherson , Jon Oberheide , Farnam Jahanian, Internet inter-domain traffic, Proceedings of the ACM SIGCOMM 2010 conference on SIGCOMM, August 30-September 03, 2010, New Delhi, India [doi>10. 1145/1851182. 1851194]
  9. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2011–2016 [Online]. Available: http://www. cisco. com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862. pdf
  10. Dhaval Gada, Rajat Gogri, Punit Rathod, Zalak Dedhia, Nirali Mody, Sugata Sanyal and Ajith Abraham, A Distributed Security Scheme for Ad Hoc Networks, ACM Crossroads, Special Issue on Computer Security. Volume 11, No. 1, September, 2004, pp. 1-17.
  11. Soft Computing [Online]. Available: http://en. wikipedia. org/wiki/Soft_computing
  12. Chet Langin, Shahram Rahimi, Soft computing in intrusion detection: the state of the art, Journal of Ambient Intelligence and Humanized Computing 1(2): pp. 133-145, 2010.
  13. MA Jie, SHI Ying-chun, ZHONG Zi-fa, LIU Xiang, An Anomalistic Electromagnetism Signal Detection Model Based on Artificial Immune System, 2010 International Conference on Communications and Intelligence Information Security (ICCIIS),NanNing, China, Oct. 13-14, 2010, pp. 256-260.
  14. Introduction to Pattern Recognition, Center for Machine Perception Czech Technical University in Prague, [Online]. Available: http://cmp. felk. cvut. cz/~xfrancv/talks/franc-printro03. ppt
  15. Vegard Engen. Machine Learning for Network Based Intrusion Detection: An Investigation into Discrepancies in Findings with the KDD Cup '99 Data Set and Multi-Objective Evolution of Neural Network Classier Ensembles for Imbalanced Data, PhD thesis, School of Design, Engineering and Computing, Bournemouth University, 2010.
  16. UDP Flood attack, [Online]. Available: http://en. wikipedia. org/wiki/UDP_flood_attack
  17. Rangarajan A. Vasudevan, Sugata Sanyal, Ajith Abraham and Dharma P. Agrawal, Jigsaw-based Secure Data Transfer over Computer Networks, IEEE International Conference on Information Technology: Coding and Computing, 2004. (ITCC '04), Proceedings of ITCC 2004,Vol 1, pp. 2-6, April, 2004, Las Vegas, Nevada.
  18. Evgeniya Nikolova, Veselina Jecheva, Some similarity coefficients and application of data mining techniques to the anomaly-based IDS, Telecommunication Systems, December, 2010, Publisher: Springer Netherlands, pp. 1-9.
  19. Farhoud Hosseinpour, Kamalrulnizam Abu Bakar, Amir Hatami Hardoroudi, Nazaninsadat Kazazi, Survey on Artificial Immune System as a Bio-Inspired Technique for Anomaly Based Intrusion Detection Systems, 2010 International Conference on Intelligent Networking and Collaborative Systems, ISBN: 978-0-7695-4278-2 ,DOI 10. 1109/INCOS. 2010. 40.
  20. Steven A. Hofmeyr and S. Forrest, (2000), Architecture for an Artificial Immune System, Evolutionary Computation, vol. 7, No. 1, pp. 45-68.
  21. Uwe Aickelin, Peter Bentley, Steve Cayzer, Jungwon Kim,Julie McLeod. (2003), Danger theory: The link between AIS and IDS, In: 2nd International Conference in Artificial Immune Systems Edinburgh, UK: Springer. 147–155. 2003.
  22. Data Mining Algorithms in R/Classification/Decision Trees, [Online]. Available: http://en. wikibooks. org/wiki/Data_Mining_Algorithms_In_R/Classification/Decision_Trees
  23. Classification Trees using the Rpart function, [Online]. Available: http://www. r-bloggers. com/classification-trees-using-the-rpart-function/
  24. Terry. M. Therneau, and Elizabeth. J. Atkinson, (1997), An introduction to recursive partitioning using the RPART routines, Technical report, Mayo Foundation.
  25. Decision Tree, [Online]. Available: http://en. wikipedia. org/wiki/Decision_tree.
  26. Thomas G. Dietterich, Machine learning for sequential data: A review, In T. Caelli, editor, Structural, Syntactic,and Statistical Pattern Recognition, Volume 2396 of Lecture Notes in Computer Science, pages 15–30. Springer-Verlag, 2002.
  27. Dimensional Analysis of Data Architecture, [Online]. Available: http://www. tdan. com/view-articles/10569.
  28. Multidimensional Analysis, [Online]. Available: http://en. wikipedia. org/wiki/Multidimensional_analysis
  29. Learning Rules by Sequential Covering, [Online]. Available: http://www. cs. bc. edu/~alvarez/DataMining/Notes/covering. html
  30. Polly Matzinger, The danger model: a renewed sense of self, Science 296, 301–305, 2002.
  31. Ajith Abraham, Ravi Jain, Johnson Thomas, and Sang Yong Han, D-SCIDS: Distributed Soft Computing Intrusion Detection System, Journal of Network and Computer Applications. 30 (2007) 81-98.
  32. Dipankar Dasgupta, Senhua Yu, Fernando Nino, Recent Advances in Artificial Immune Systems: Models and Applications, Applied Soft Computing, Elsevier, Vol. 11, March, 2011, pp. 1574-1587.
  33. Ron Kohavi, and George H. John, (1997), Wrappers for feature subset selection. Artificial Intelligence, 97:12, 273–324.
  34. Lindsay I Smith, A Tutorial on Principal Components Analysis [EB/OL], 2003 [Online]. Available: http://www. snl. salk. edu/~shlens/pub/ notes/pca. pdf
  35. Yacine Bouzida, Fr´ed´eric Cuppens, Nora Cuppens-Boulahia and Sylvain Gombault, Efficient intrusion detection using principal component analysis, in 3éme Conférence sur la Sécurité et Architectures Réseaux (SAR), La Londe, France, Jun. 2004.
  36. Eigenvalues and eigenvectors, [Online]. Available: http://en. wikipedia. org/wiki/Eigenvalues_and_eigenvectors.
  37. Tarek Abbes, Adel Bouhoula and Michaël Rusinowitch, Protocol analysis in intrusion detection using decision tree, in Proc. Int. Conf. Inf. Technol. : Coding Comput. , 2004, vol. 1, pp. 404–408.
  38. Dipankar Dasgupta, and Fabio A. Gonzalez, An intelligent decision support system for intrusion detection and response, In Proc. Int'l Workshop on Mathematical Methods, Models and Arch. For Computer Networks Security, pp. 1-14, 2001.
Index Terms

Computer Science
Information Sciences

Keywords

Multi-dimensional Approach Principal Component Analysis Feature Global Anomaly Indicator Individual Anomaly Indicator Global Anomaly Factor Individual Anomaly Factor