Intrusion Detection System for Wireless Network based on Classifier Ensemble

IJCSEC Front Page

Abstract:
An intrusion detection system is used to detect several types of malevolent actions that can compromise the security and trust of a computer system. An IDS can be a piece of installed software or a physical appliance that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies. The intrusion detection system detects network attacks against vulnerable services, data drove attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files and malware. It operates either at the host level or at the network level using either misuse or signature-based detection or anomaly detection. Normally, attacks that cannot be detected by network-based intrusion detection system can be detected by a host-based intrusion detection system and vice versa. In each level, the attacks can be detected by intrusion detection technique namely, misuse detection or anomaly detection. Misuse detection can detect only known attacks with high detection accuracy whereas anomaly detection can detect both known and unknown attacks with the high false positive rate. To Resolve the shortcomings of these individual intrusion detection systems; this paper proposes a novel data mining based hybrid intrusion detection system.

Keywords: Intrusion Detection System; Anomaly Detection; Misuse Detection; Data mining; hybrid intrusion detection system..

References:

  1. A. Mukkamala, A. Sung, and A. Abraham, “Cybersecurity challenges: Designing efficient intrusion detection systems and antivirus tools,” in Enhancing Computer Security with Smart Technology, V. R. Vemuri, Ed. New York, NY, USA: Auerbach, 2005, pp. 125–163.
  2. M. Bhuyan, D. Bhattacharyya, and J. Kalita, “Network anomaly detection: Methods, systems and tools,” IEEE Commun. Surv. Tuts., vol. 16, no. 1, pp. 303–336, First Quart. 2014.
  3. T. T. T. Nguyen and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Commun. Surv. Tuts., vol. 10, no. 4, pp. 56–76, Fourth Quart. 2008.
  4. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Comput. Secur., vol. 28, no. 1, pp. 18–28, 2009.
  5. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, “An overview of IP flow-based intrusion detection,” IEEE Commun. Surv. Tuts., vol. 12, no. 3, pp. 343–356, Third Quart. 2010.
  6. S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: A review,” Appl. Soft Comput., vol. 10, no. 1, pp. 1–35, 2010.
  7. Y. Zhang, L. Wenke, and Y.-A. Huang, “Intrusion detection techniques for mobile wireless networks,”Wireless Netw., vol. 9, no. 5, pp. 545 – 556, 2003.
  8. U. Fayyad, G. Piatetsky-Shapiro, and P. Smyth, “The KDD process for extracting useful knowledge from volumes of data,” Commun. ACM, vol. 39, no. 11, pp. 27–34, 1996.
  9. C. Shearer, “The CRISP-DM model: The new blueprint for data mining,” J. Data Warehouse., vol. 5, pp. 13–22, 2000.
  10. A. Guazzelli, M. Zeller, W. Chen, and G. Williams, “PMML an open standard for sharing models,” R J., vol. 1, no. 1, pp. 60–65, May 2009.
  11. M. Hall, E. Frank, J. Holmes, B. Pfahringer, P. Reutemann, and I. Witten, “The WEKA data mining software: An update,” ACM SIGKDD Explor. Newslett., vol. 11, no. 1, pp. 10–18, 2009.
  12. M. Graczyk, T. Lasota, and B. Trawinski, “Comparative analysis of premises valuation models using KEEL, RapidMiner, and WEKA,”Computational Collective Intelligence. Semantic Web, Social Networks and Multiagent Systems. New York: Springer, 2009, pp. 800–812.