CFP last date
20 January 2025
Reseach Article

Data Preprocessing for Reducing False Positive Rate in Intrusion Detection

by Dharmendra G. Bhatti, P. V. Virparia
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 57 - Number 5
Year of Publication: 2012
Authors: Dharmendra G. Bhatti, P. V. Virparia
10.5120/9110-3264

Dharmendra G. Bhatti, P. V. Virparia . Data Preprocessing for Reducing False Positive Rate in Intrusion Detection. International Journal of Computer Applications. 57, 5 ( November 2012), 15-19. DOI=10.5120/9110-3264

@article{ 10.5120/9110-3264,
author = { Dharmendra G. Bhatti, P. V. Virparia },
title = { Data Preprocessing for Reducing False Positive Rate in Intrusion Detection },
journal = { International Journal of Computer Applications },
issue_date = { November 2012 },
volume = { 57 },
number = { 5 },
month = { November },
year = { 2012 },
issn = { 0975-8887 },
pages = { 15-19 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume57/number5/9110-3264/ },
doi = { 10.5120/9110-3264 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:59:39.283754+05:30
%A Dharmendra G. Bhatti
%A P. V. Virparia
%T Data Preprocessing for Reducing False Positive Rate in Intrusion Detection
%J International Journal of Computer Applications
%@ 0975-8887
%V 57
%N 5
%P 15-19
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion detection plays vital role in computer network security since long. Experience has shown that most IDS struggle for curbing false positive rate. As part of our proposed model with the objective of reducing false positive rate here we have focused on preprocessing functionality. The main objective of our preprocessing module is to reduce ambiguity and provide accurate information to detection engine. So here we have presented preprocessing module which cleans network data and handles missing or incomplete data. Preprocessing module is highly configurable. Based on the result of vulnerability assessment and network topology, hosts exists, services running, intrusion detection analyst need to configure preprocessing module. Effectiveness of preprocessing module depends on such configuration parameters and in turn knowledge of intrusion detection analyst. Preliminary analysis of our approach has shown reduction in false positive rate.

References
  1. A. A Abimbola, J. M Munoz and W. J Buchanan, Investigating False Positive Reduction in HTTP via Procedure Analysis, Proceedings of the International conference on Networking and Services, ISBN:0-7695-2622-5, Page 87, IEEE Computer Society Washington, DC, USA, July 2006
  2. Adelina Josephine D, Anushiadevi R, Lakshminarayanan T R, An Efficient Algorithm for Clustering Intrusion Alert, Journal of Theoretical and Applied Information Technology, Vol. 37 No. 2, Pages 234-240, March 2012.
  3. Ala' Yaseen Ibrahim Shakhatreh, Kamalrulnizam Abu Bakar, A Review of Clustering Techniques Based on Machine learning Approach in Intrusion Detection Systems, IJCSI International Journal of Computer Science Issues, ISSN (Online): 1694-0814, Vol. 8, Issue 5, No 3, September 2011
  4. Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh & Ali Ebrahimi, A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps, International Journal of Computer Science and Security, (IJCSS), Volume (4): Issue (6)
  5. Aneetha. A. S. , Revathi. S. and Bose. S, Dynamic Network Anomaly Intrusion Detection Using Modified SOM, Second International Conference on Computer Science, Engineering and Applications (CCSEA-2012), May 2012
  6. Ashley Thomas, RAPID: Reputation based approach for improving intrusion detection effectiveness, Sixth International Conference on Information Assurance and Security (IAS), Atlanta, GA, 2010
  7. B. Abdullah, I. Abd-alghafar, Gouda I. Salama and A. Abd-alhafez, Performance Evaluation of a Genetic Algorithm Based Approach to Network Intrusion Detection System, 13th International Conference on AEROSPACE SCIENCES & AVIATION TECHNOLOGY, ASAT- 13, May 26 – 28, 2009
  8. Bhawana Pillai, Uday Pratap Singh, NIDS for Unsupervised Authentication Records of KDD Dataset in MATLAB, (IJACSA) International Journal of Advanced Computer Science and Applications, Special Issue on Wireless & Mobile Networks, Page 57 – 61, ISSN 2156-5570 (Online), 2011
  9. Brian Eugene Lavender, Implementation of Genetic Algorithms into a Network Intrusion Detection System (netGA), and Integration into nProbe, M. S. Project, CALIFORNIA STATE UNIVERSITY, SACRAMENTO, 2010
  10. D. A. Karras, V. Zorkadis, Neural Network Techniques for Improved Intrusion Detection in Communication Systems, Proceedings of the 5th WSES International Conference on Circuits, Systems, Communications and Computers (CSCC 2001) ISBN: 960-8052-33-5, 2001
  11. Damiano Bolzoni, Sandro Etalle, APHRODITE: an Anomaly-based Architecture for False Positive Reduction, Cornell University Library, Subjects: Cryptography and Security (cs. CR), Report number: TR-CTIT-06-13, arXiv:cs/0604026v1 [cs. CR], 2006
  12. Deris tiawan, Abdul Hanan Abdullah, Mohd. Yazid dris, Characterizing Network Intrusion Prevention System, International Journal of Computer Applications (0975 – 8887), Volume 14– No. 1, January 2011
  13. Dewan Md. Farid, Mohammad Zahidur Rahman, Chowdhury Mofizur Rahman, Adaptive Intrusion Detection based on Boosting and Naïve Bayesian Classifier, International Journal of Computer Applications (0975 – 8887), Volume 24– No. 3, June 2011
  14. Dharmendra G. Bhatti, P. V. Virparia, Bankim Patel, Conceptual Framework for Soft Computing based Intrusion Detection to Reduce False Positive Rate, International Journal of Computer Applications (0975 – 8887), Volume 44– No13, April 2012
  15. Farhan Abdel-Fattah, Zulkhairi Md. Dahalin, Shaidah Jusoh, Distributed and Cooperative Hierarchical Intrusion Detection on MANETs, International Journal of Computer Applications (0975 – 8887) Volume 12– No. 5, December 2010
  16. Fernando God´?nez and Dieter Hutter and Ra´ul Monroy, Service Discrimination and Audit File Reduction for Effective Intrusion Detection, Proceedings of the 5th international conference on Information Security Applications, Pages 99-113, Springer-Verlag Berlin, 2005
  17. G. Sunil Kumar, C. V. K Sirisha, Kanaka Durga. R, A. Devi, Robust Preprocessing and Random Forests Technique for Network Probe Anomaly Detection, International Journal of Soft Computing and Engineering (IJSCE), ISSN: 2231-2307, Volume-1, Issue-6, January 2012
  18. Gaurang Panchal, Parth Shah, Amit Ganatra , Y P Kosta, Unleashing Power of Artificial Intelligence for Network Intrusion Detection Problem, International Journal of Engineering Science and Technology, Vol. 2(10) , 5221-5230, 2010
  19. Gopi K. Kuchimanchi, Vir V. Phoha, Kiran S. Balagani, Shekhar R. Gaddam, Dimension Reduction Using Feature Extraction Methods for Real-time Misuse Detection Systems, Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, 10{11 June 2004
  20. Jing Xiao-Pei, Wang Hou-Xiang, A new Immunity Intrusion Detection Model Based on Genetic Algorithm and Vaccine Mechanism, I. J. Computer Network and Information Security, 2010, 2, 33-39
  21. Jintae Oh, Byoungkoo Kim, Seungyong Yoon, Jong-Soo Jang, Yong-Hee Jeon, and Jaecheol Ryou, A Novel Architecture and Mechanism for High-Performance Real-Time Intrusion Detection and Response System, International Journal of Computer Science and Network Security, VOL. 8 No. 3, March 2008
  22. Jiong Zhang and Mohammad Zulkernine, Anomaly based network intrusion detection with unsupervised outlier detection. In Symposium on network security and information assurance – proceedings of the IEEE international conference on communications (ICC), Istanbul, Turkey; June 2006
  23. Kai Hwang, Min Cai, Ying Chen, Min Qin, Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 4, NO. 1, JANUARY-MARCH 2007
  24. KDDCUP 99 dataset, available at: http://kdd. ics. uci. edu/dataset/kddcup99/kddcup99. html
  25. M. Ali Aydin, A. Halim Zaim, K. Gökhan Ceylan, A hybrid intrusion detection system design for computer network security, Computers and Electrical Engineering, vol. 35, pp. 517-526, 2009.
  26. Mrutyunjaya Panda, Manas Ranjan Patra, Network Intrusion Detection Using Naive Bayes, IJCSNS International Journal of Computer Science and Network Security, Vol. 7 No. 12, December 2007
  27. Obbo Aggrey, An Intrusion Detection System For Academic Institutions, Master of Science Thesis, Makerere University, July 2007
  28. Priyanka Patil and Ujwala Patil, Preprocessing of web server log file for web mining, Proceedings of "National Conference on Emerging Trends in Computer Technology (NCETCT-2012), India, World Journal of Science and Technology, 2(3):14-18, ISSN: 2231 – 2587, 2012
  29. Rung-Ching Chen, Kai-Fan Cheng and Chia-Fen Hsieh, Using Rough Set and Support Vector Machine for Network Intrusion Detection, International Journal of Network Security & Its Applications (IJNSA),Vol 1, No 1, April 2009
  30. Salem Benferhat, Karima Sedki, Karim Tabia, PREPROCESSING ROUGH NETWORK TRAFFIC FOR INTRUSION DETECTION PURPOSES, IADIS International Telecommunications, Networks and Systems 2007
  31. Sanjay Rawat, Arun K. Pujari, V. P. Gulati, On the Use of Singular Value Decomposition for a Fast Intrusion Detection System, Electronic Notes in Theoretical Computer Science 142 (2006) 215–228, Elsevier, 2006
  32. Shaimaa Ezzat Salama, Mohamed I. Marie, Laila M. El-Fangary & Yehia K. Helmy, Web Server Logs Preprocessing for Web Intrusion Detection, Computer and Information Science Vol. 4, No. 4; July 2011
  33. Shelly Xiaonan Wu, Wolfgang Banzhaf, The Use of Computational Intelligence in Intrusion Detection Systems: A Review, Technical Report #2008-05, Memorial University of Newfoundland, November 2008
  34. Sung-Bae Cho and Sang-Jun Han, Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems, Lecture Notes in Computer Science, Volume 2820/2003, SpringerLink, 2003
  35. Surat Srinoy, Werasak Kurutach, Witcha Chimphlee, and Siriporn Chimphlee, Network Anomaly Detection using Soft Computing, PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOLUME 9, ISSN 1307-6884, NOVEMBER 2005
  36. Tadeusz Pietraszek and Axel Tanner, Data Mining and Machine Learning - Towards Reducing False Positives in Intrusion Detection, Information Security Tech. Report (Elsevier Advanced Technology Publications Oxford, UK), Volume 10 Issue 3, Pages 169-183, January, 2005
  37. Witcha Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, Siriporn Chimphlee, and Surat Srinoy, Unsupervised Clustering methods for Identifying Rare Events in Anomaly Detection, 6th Internation Enformatika Conference (IEC2005), October 26-28, Budapest, Hungary, 2005.
  38. Zheng Zhang, Jun Li, C. N. Manikopoulos, Jay Jorgenson, Jose Ucles, HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 5-6 June, 2001
  39. Zorana Bankovic, Jose M. Moya, Alvaro Araujo, Slobodan Bojanic and Octavio Nieto-Taladriz, A Genetic Algorithm-based Solution for Intrusion Detection, Journal of Information Assurance and Security 4 (2009) 192-199, 2009
Index Terms

Computer Science
Information Sciences

Keywords

Preprocessing Intrusion Detection false positive reduction