A new distributed learning based algorithm for network intrusion detection system

Aryan Mohammadi Pasikhani, Elankovan A Sundararajan

Research output: Contribution to journalArticle

Abstract

The significant increase in computer network usage and the huge amount of sensitive data being stored and transferred through them has escalated the attacks and invasions on these networks. Secure data communication over the internet and any other network is always under threat of intrusions and misuses. The system that monitors the events occurring in a computer system or a network and analyzes the events for signs of intrusion is known as an Intrusion Detection System (IDS). In information protection, the Intrusion Detection System (IDS) has become a crucial component in terms of computer and network security which monitors the network traffic to detect possible security threats. There are various approaches being utilized in intrusion detections but unfortunately any of the systems so far are not completely flawless and suffer from a number of drawbacks such as low accuracy to detect new types of intrusions and misclassification of normal and malicious traffic, in addition to long response time. It is necessary to develop an IDS that is accurate, adaptive and extensible to overcome these weaknesses. In this study, we proposed a learning-based method which improves IDS adaptability to new attacks and reduces false alarms. The method that has a distributed architecture to increase performance and scalability of the IDS and uses C4.5 decision trees with the feedback learning technique to adapt dynamic network behaviors. To evaluate the proposed method we used some well-known datasets in this context such as KDD Cup 99 and did several tests with approximately 97% detection accuracy on benchmarks. According to the promising results, the adaptable IDS approach is more accurate than traditional systems and it is more efficient against new complex network attacks.

Original languageEnglish
Pages (from-to)1523-1537
Number of pages15
JournalJournal of Engineering and Applied Sciences
Volume12
Issue number6
DOIs
Publication statusPublished - 2017

Fingerprint

Intrusion detection
Network security
Complex networks
Security of data
Decision trees
Computer networks
Scalability
Computer systems
Internet
Feedback
Communication

Keywords

  • Adaptive
  • Distributed multi-agent
  • Network-based signature based

ASJC Scopus subject areas

  • Engineering(all)

Cite this

A new distributed learning based algorithm for network intrusion detection system. / Pasikhani, Aryan Mohammadi; A Sundararajan, Elankovan.

In: Journal of Engineering and Applied Sciences, Vol. 12, No. 6, 2017, p. 1523-1537.

Research output: Contribution to journalArticle

@article{113a293725a747efa4958e0dcea34dcf,
title = "A new distributed learning based algorithm for network intrusion detection system",
abstract = "The significant increase in computer network usage and the huge amount of sensitive data being stored and transferred through them has escalated the attacks and invasions on these networks. Secure data communication over the internet and any other network is always under threat of intrusions and misuses. The system that monitors the events occurring in a computer system or a network and analyzes the events for signs of intrusion is known as an Intrusion Detection System (IDS). In information protection, the Intrusion Detection System (IDS) has become a crucial component in terms of computer and network security which monitors the network traffic to detect possible security threats. There are various approaches being utilized in intrusion detections but unfortunately any of the systems so far are not completely flawless and suffer from a number of drawbacks such as low accuracy to detect new types of intrusions and misclassification of normal and malicious traffic, in addition to long response time. It is necessary to develop an IDS that is accurate, adaptive and extensible to overcome these weaknesses. In this study, we proposed a learning-based method which improves IDS adaptability to new attacks and reduces false alarms. The method that has a distributed architecture to increase performance and scalability of the IDS and uses C4.5 decision trees with the feedback learning technique to adapt dynamic network behaviors. To evaluate the proposed method we used some well-known datasets in this context such as KDD Cup 99 and did several tests with approximately 97{\%} detection accuracy on benchmarks. According to the promising results, the adaptable IDS approach is more accurate than traditional systems and it is more efficient against new complex network attacks.",
keywords = "Adaptive, Distributed multi-agent, Network-based signature based",
author = "Pasikhani, {Aryan Mohammadi} and {A Sundararajan}, Elankovan",
year = "2017",
doi = "10.3923/jeasci.2017.1523.1537",
language = "English",
volume = "12",
pages = "1523--1537",
journal = "Journal of Engineering and Applied Sciences",
issn = "1816-949X",
publisher = "Medwell Journals",
number = "6",

}

TY - JOUR

T1 - A new distributed learning based algorithm for network intrusion detection system

AU - Pasikhani, Aryan Mohammadi

AU - A Sundararajan, Elankovan

PY - 2017

Y1 - 2017

N2 - The significant increase in computer network usage and the huge amount of sensitive data being stored and transferred through them has escalated the attacks and invasions on these networks. Secure data communication over the internet and any other network is always under threat of intrusions and misuses. The system that monitors the events occurring in a computer system or a network and analyzes the events for signs of intrusion is known as an Intrusion Detection System (IDS). In information protection, the Intrusion Detection System (IDS) has become a crucial component in terms of computer and network security which monitors the network traffic to detect possible security threats. There are various approaches being utilized in intrusion detections but unfortunately any of the systems so far are not completely flawless and suffer from a number of drawbacks such as low accuracy to detect new types of intrusions and misclassification of normal and malicious traffic, in addition to long response time. It is necessary to develop an IDS that is accurate, adaptive and extensible to overcome these weaknesses. In this study, we proposed a learning-based method which improves IDS adaptability to new attacks and reduces false alarms. The method that has a distributed architecture to increase performance and scalability of the IDS and uses C4.5 decision trees with the feedback learning technique to adapt dynamic network behaviors. To evaluate the proposed method we used some well-known datasets in this context such as KDD Cup 99 and did several tests with approximately 97% detection accuracy on benchmarks. According to the promising results, the adaptable IDS approach is more accurate than traditional systems and it is more efficient against new complex network attacks.

AB - The significant increase in computer network usage and the huge amount of sensitive data being stored and transferred through them has escalated the attacks and invasions on these networks. Secure data communication over the internet and any other network is always under threat of intrusions and misuses. The system that monitors the events occurring in a computer system or a network and analyzes the events for signs of intrusion is known as an Intrusion Detection System (IDS). In information protection, the Intrusion Detection System (IDS) has become a crucial component in terms of computer and network security which monitors the network traffic to detect possible security threats. There are various approaches being utilized in intrusion detections but unfortunately any of the systems so far are not completely flawless and suffer from a number of drawbacks such as low accuracy to detect new types of intrusions and misclassification of normal and malicious traffic, in addition to long response time. It is necessary to develop an IDS that is accurate, adaptive and extensible to overcome these weaknesses. In this study, we proposed a learning-based method which improves IDS adaptability to new attacks and reduces false alarms. The method that has a distributed architecture to increase performance and scalability of the IDS and uses C4.5 decision trees with the feedback learning technique to adapt dynamic network behaviors. To evaluate the proposed method we used some well-known datasets in this context such as KDD Cup 99 and did several tests with approximately 97% detection accuracy on benchmarks. According to the promising results, the adaptable IDS approach is more accurate than traditional systems and it is more efficient against new complex network attacks.

KW - Adaptive

KW - Distributed multi-agent

KW - Network-based signature based

UR - http://www.scopus.com/inward/record.url?scp=85019928491&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019928491&partnerID=8YFLogxK

U2 - 10.3923/jeasci.2017.1523.1537

DO - 10.3923/jeasci.2017.1523.1537

M3 - Article

VL - 12

SP - 1523

EP - 1537

JO - Journal of Engineering and Applied Sciences

JF - Journal of Engineering and Applied Sciences

SN - 1816-949X

IS - 6

ER -