Machine Learning Based Intrusion Detection System for Denial of Service Attack

Machine Learning Based Intrusion Detection System for Denial of Service Attack

Ashish Pandey, Neelendra Badal
Copyright: © 2021 |Pages: 19
DOI: 10.4018/978-1-7998-3327-7.ch003
OnDemand:
(Individual Chapters)
Available
$37.50
Current Special Offers
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Machine learning-based intrusion detection system (IDS) is a research field of network security which depends on the effective and accurate training of models. The models of IDS must be trained with new attacks periodically; therefore, it can detect any security violations in the network. One of most frequent security violations that occurs in the network is denial of service (DoS) attack. Therefore, training of IDS models with latest DoS attack instances is required. The training of IDS models can be more effective when it is performed with the help of machine learning algorithms because the processing capabilities of machine learning algorithms are very fast. Therefore, the work presented in this chapter focuses on building a model of machine learning-based intrusion detection system for denial of service attack. Building a model of IDS requires sample dataset and tools. The sample dataset which is used in this research is NSL-KDD, while WEKA is used as a tool to perform all the experiments.
Chapter Preview
Top

Proposed Work

The work presented in this paper focuses to propose a model of IDS for Denial of Service attack which is based on machine learning. To achieve the goal, the proposed work is divided into two parts. These two parts are:

  • Class-wise model comparison of machine learning based IDS to identify the ‘best class model’ against Denial of Service attack using sample dataset; and

  • Proposing a model for machine learning based IDS for Denial of Service attack with the optimal attributes of ‘best class model’. These optimal attributes are selected from ‘best class model’ after performing the ‘Attribute Selection’.

The proposed model can detect Denial of Service attack better than or equal to the ‘best class model’. Overall, the proposed work is able to produce “Machine Learning based Intrusion Detection System for Denial of Service Attack”.The methodology of proposed work, experimental setup including tool and sample dataset, machine learning classifier used for training and testing of models and performance metrics which have been utilized to evaluate the performance of models are described in following sub-sections.

Methodology of Proposed Work

The steps pursued in achieving the goal of proposed work are as follows:

  • Step 1: NSL-KDD is selected as sample dataset.

  • Step 2: Weka tool is selected for experiments.

  • Step 3: Preprocessing of dataset files (training and test) to remove irrelevant attack classes from dataset files i.e. Probe, User to Root (U2R) and Remote to Local (R2L).

  • Step 4: Generation of 14 new dataset files (training and test) for each combination of attributes group.

  • Step 5: Training and testing of models with dataset files using Random tree (Aldous, 1991) (Breiman et al., 1984) which is used as a binary classifier. It classifies the instances as normal or attack.

  • Step 6: Comparing the experimental results of 15 models on the basis of performance metrics (Bramer, 2013).

  • Step 7: Choosing the ‘best class model’ for attribute selection which performs better than the others.

  • Step 8: Applying Correlation based Feature Selection (CFS), Information Gain (IG) and Gain Ratio (GR) algorithms in dataset files of ‘best class model’ to perform attribute selection.

  • Step 9: Training and testing of proposed model with the optimal attributes which have been selected after performing attribute selection.

  • Step 10: Comparing the performance result of proposed modelwith the‘best class model’ which has been obtained after class-wise model comparison of initial 15 models.

Complete Chapter List

Search this Book:
Reset