Information Technology Reference
In-Depth Information
3. Propose a suitable methodology for anomaly detection using KDD99Cup
Dataset. Speci
cally, the research work focuses on the followings:
(a) To extract the data, normalize it and categorization of the attack based on
numerical value
(b)
to develop an optimal neural network architecture of the anomaly detection
for increase rate of correct classi
cation of anomaly
(c)
to calculate the performance measure of the anomaly in IDSs result
obtained after applying proposed supervised learning approach
(d)
to assess the predictive ability of the proposed neural network architecture
In the present research the intrusion detection has been considered as a binary
classi
cation problem and thus it is necessitated to highlight the back ground on the
types of intrusion detection system in the next section.
1.1 Intrusion Detection
Intrusion detection mechanism can be divided into two broad categories (Anderson
1995
; Tiwari
2002
) (i) Misuse detection system (ii) Anomaly based detection.
The systems are described as below:
(i) Misuse detection system
It is perhaps the oldest and most frequent method and applies well-known
knowledge of identi
ed attack patterns to search for signatures, observe state
transitions or employed at a mining system to classify potential attacks (Faysel and
Haque
2010
). The familiar attacks can be identi
ciently with a very low false
alarm rate for which it is broadly applied in most of the commercial systems. As the
attacks are frequently polymorph, and changed regularly therefore, misuse detection
become unsuccessful due to unfamiliar attacks. This problem may be resolved by
regularly updated knowledge base either through time consuming and laborious
manual method or through automatic updating using supervised learning methods.
However this becomes too costly to set up to perform labeling of each occurrence in
the dataset as normal or a type of attack. Differently to deal with this problem is to
apply the anomaly detection method as proposed by Denning (
1987
).
ed ef
(ii) Anomaly based detection
Anomaly detection systems recognize difference from normal behaviour and
alert to possible unknown or novel attacks lacking any past knowledge of them. It
theorized that anomalous behavior is rare and dissimilar from normal behavior.
Thus it is orthogonal to misuse detection (Wu and Banzhaf
2010
). Anomaly
detection can be of two types (Chebrolu et al.
2005
): static and dynamic anomaly
detection. In the
first one it is assumed that the observed attack behavior is constant
and the second one extracts pattern occasionally known as pro
les from behavioral
routine of end users, or usage history of networks/hosts.
Search WWH ::
Custom Search