Earticle

초록

영어

Hybrid intrusion detection systems that make use of data mining techniques, in order to improve effectiveness, have been actively pursued in the last decade. However, their complexity to build detection models has become very expensive when confronted with large-scale datasets, making them unviable for real-time retraining. In order to overcome the limitation of the conventional hybrid method, we propose a new lightweight hybrid intrusion detection method that consists of a combination of feature selection, clustering and classification. According to our hypothesis that there are different natures of attack events in each of network protocols, the proposed method examines each of network protocol data separately, but their processes are the same. First, the training dataset is divided into training subsets, depending on their type of network protocol. Next, each training subset is reduced dimensionally by eliminating the irrelevant and redundant features throughout the feature selection process; and then broken down into disjointed regions, depending on their similar feature values, by K -Means clustering. Lastly, the C4.5 decision tree is used to build multiple misuse detection models for suspicious regions, which deviate from the normal and anomaly regions. As a result, each detection model is built from high-quality data, which are less complex and consist of relevant data. For better understanding of the enhanced performance, the proposed method was evaluated through experiments using the NSL-KDD dataset. The experimental results indicate that the proposed method is better in terms of effectiveness (F-value: 0.9957, classification accuracy: 99.52%, false positive rate: 0.26%), and efficiency (the training and testing times of the proposed method are approximately 33% and 25%, respectively, of the time required for its comparison) than the conventional hybrid method using the same algorithm.

목차

Abstract
 1. Introduction
 2. Related Works
 3. Proposed Lightweight Hybrid Intrusion Detection Method
  3.1. PreprocessingModule
  3.2. Anomaly Detection Module
  3.3. Misuse Detection Module
 4. Experimental Results
  4.1. Dataset
  4.2. Performance Metrics
  4.3. Results and Discussion
 5. Conclusion
 References

키워드

저자

• Jatuphum Juanchaiyaphum [ Semantic Mining Information Integration Laboratory (SMIIL) ]
• Ngamnij Arch-int [ Semantic Mining Information Integration Laboratory (SMIIL) ]
• Somjit Arch-int [ Semantic Mining Information Integration Laboratory (SMIIL) ]
• Saiyan Saiyod [ Hardware-Human Interface and Communications Laboratory (H2I-Comm) Computer Science Department, Science Faculty, Khon Kaen University Khon Kaen, 40002, Thailand ]

참고문헌

발행기관

간행물

표지보기 관심저널 등록

• 간행물명

  International Journal of Security and Its Applications

• 간기

  격월간

• pISSN

  1738-9976

• 수록기간

  2008~2016

• 등재여부

  SCOPUS

• 십진분류

  KDC 505 DDC 605