Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

Analysis of Feature Selection and Ensemble Classifier Methods for Intrusion Detection

H.P. Vinutha, Poornima Basavaraju

Source Title: International Journal of Natural Computing Research (IJNCR) 7(1)

DOI: 10.4018/IJNCR.2018010104

OnDemand:

(Individual Articles)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Day by day network security is becoming more challenging task. Intrusion detection systems (IDSs) are one of the methods used to monitor the network activities. Data mining algorithms play a major role in the field of IDS. NSL-KDD'99 dataset is used to study the network traffic pattern which helps us to identify possible attacks takes place on the network. The dataset contains 41 attributes and one class attribute categorized as normal, DoS, Probe, R2L and U2R. In proposed methodology, it is necessary to reduce the false positive rate and improve the detection rate by reducing the dimensionality of the dataset, use of all 41 attributes in detection technology is not good practices. Four different feature selection methods like Chi-Square, SU, Gain Ratio and Information Gain feature are used to evaluate the attributes and unimportant features are removed to reduce the dimension of the data. Ensemble classification techniques like Boosting, Bagging, Stacking and Voting are used to observe the detection rate separately with three base algorithms called Decision stump, J48 and Random forest.

Article Preview

Top

Introduction

The antivirus software, message encryption, password protection, firewalls, secured network protocols, etc., are not enough to provide security in network. Intruders may attack the network using many unpredictable methods. Monitoring the activities and actions on network systems or a computer network using Intrusion Detection Systems (IDSs) helps to analyze the possible incidents. In 1980 the first IDS was launched by James P Anderson and later in 1987 D Denning enhanced it. IDS play a major role in data integrity, confidentiality and availability of the network. Some of the attacks included in the intrusion are confidential and sensitive information malign, available resources and functionalities may be hacked. Means and modality logs of various attacks are easily produced by IDS. This helps to prevent possible attacks in future. Current day’s organizations are provided with good source of security analysis by using IDS. IDS divided into two categories based on their architecture and functionality. The categories of IDS are host-based intrusion detection system (HIDS) and network-based intrusion detection system (NIDS). HIDS are running on individual host machine and NIDS are within the network to monitor to and from traffic on the network. This proposed work we have concentrated on NIDS in order to monitor the network traffic to identify the incoming traffic is normal or anomaly. We have two important modes and methods to operate IDS for packet analysis on the network they are anomaly detection and misuse detection methods.

Anomaly Detection

Anomaly detection is a method of scanning for the abnormal activities that encounter on the network. It maintains the log of activities that takes place on the network and such information can be used for the comparison of all the activity which takes place on the network. Using these information new rules can be defined for the kind of new activity, if any deviations takes place from the normal activity can be referred as an anomaly. Some of the common examples for rule-based methods are Minnesota Intrusion Detection System (MINDS), Intrusion Detection Expert System(IDES), Next Generation Intrusion Detection Expert System (NGIDES), etc.

Misuse Detection

Another method of IDS is misuse detection. In this method the network activities are compared with pre-defined signatures. Signatures are some set of characteristic features that gives specific patterns of attack. These set of characteristics features are stored to compare with the network activity, if any pattern is different from the pre-defined patterns can be considered as attacks. Some of the common signature-based tools used are Snort, Suricata, KISMAT, HONEYD, BRO Ids etc.

Current IDSs are encountered with many drawbacks some of the major drawbacks are identified as false positive and false negatives. False positive occurs when normal is considered as malicious attack. In false negative encounters when actual attack take place. Data mining is one of the field contributed many techniques for IDSs. Techniques like data summarization, visualization, clustering, classification etc helps to accomplish the task. Along with these drawbacks IDSs is facing major drawback in Big Data because in this huge volume of data has to be managed.

Detection Issues

There are four main type of detection issues in IDS and these issues rises depending on the type of alarm in the intrusion scenario. IDSs encounter the fallowing type of detection issues:

•
True Positive: IDS response to raise alarm when actual attack occurs.
•
True Negative: IDS does not response to raise an alarm when no attack occurs.
•
False Positive: IDS generate an alarm when no attack takes place.
•
False Negative: IDS does not generate an alarm when actual attack takes place.

Intrusion detection system is becoming very challenging task in current days. The dataset used for IDS will be huge in number and contains many irrelevant features and sometimes redundant relevant features. In stage of detection of intrusion if our system makes use of all the features in the dataset, analysis of intrusion becomes very difficult. Because if dataset contains large number of features then this makes it difficult to identify the suspicious behaviors. In such cases it is going to reduce the detection performance and efficiency of the model. So, it is necessary to reduce the dimension of the dataset before applying the data mining approaches such as classification, clustering, association rule and regression on the dataset. Feature selection methods are used as pre-processing step to reduce the dimensionality of dataset.

Complete Article List

Search this Journal:

Reset

Volume 12: 1 Issue (2024): Forthcoming, Available for Pre-Order

Volume 11: 4 Issues (2022): 1 Released, 3 Forthcoming

Volume 10: 4 Issues (2021)

Volume 9: 4 Issues (2020)

Volume 8: 4 Issues (2019)

Volume 7: 4 Issues (2018)

Volume 6: 2 Issues (2017)

Volume 5: 4 Issues (2015)

Volume 4: 4 Issues (2014)

Volume 3: 4 Issues (2012)

Volume 2: 4 Issues (2011)

Volume 1: 4 Issues (2010)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference