Modelling of Intrusion Detection System Using Artificial Intelligence—Evaluation of Performance Measures - Complex System Modelling and Control Through Intelligent Soft Computations - page 315

Information Technology Reference

In-Depth Information

y = 4.4429x + 8.3905

100

92

88

90

80

69

70

59

59

58

60

47

50

41

41

39

40

24

30

17

20

11

8

6

10

0

2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

Year of Publication

Fig. 7 Number of articles on neural network applied intrusion detection system development

published during the year 2000 - 2014 and the research trend

articles followed by 273 articles in engineering (26 %) and 108 articles in mathe-

matics (10 %).

In Fig. 7 the research trend based on the number of articles published between

the years 2000

2013 has been shown to be increasing with R-squared value equals

0.9433 which is a good

-

2014 is also increasing

where the search on articles has been performed in February, 2014.

The next section has discussed the description of the data set applied in the

development of the model for intrusion detection system.

fit. The trend line in Fig. 7 for 2000

-

3 KDD-99 Dataset

Mostly all the experiments on intrusion detection are done on KDDCUP

99 dataset,

which is a subset of the 1998 DARPA Intrusion Detection Evaluation data set, and

is processed, extracting 41 features from the raw data of DARPA 98 data set Stolfo

et al. ( 2000 )de

'

ned higher-level features that help in distinguishing between good

normal connections from bad connections (attacks). This data can be used to test

both host based and network based systems, and both signature and anomaly

detection systems. A connection is a sequence of Transmission Control Protocol

(TCP) packets starting and ending with well de

ned times, between which data

flows from a source IP address to a target IP address under some well defined

protocol. Each connection is labeled as normal, or as an attack, with exactly one

speci

c attack type. Each connection record consists of about 100 bytes ( https://

kdd.ics.uci.edu/databases/kddcup99/kddcup99.html ) .

The data to be used in the model is organized and prepared to be used in the form

of binary classi

cation model needs to be

evaluated based on certain metrics from their output results and discussed in the

next section.

cation model. However the classi

Next Page

Complex System Modelling and Control Through Intelligent Soft Computations

Search WWH ::

Custom Search

Home