Joseph Mbugua Chahira scite author profile

In order to safeguard their critical systems against network intrusions, organisations deploys multiple Network Intrusion Detection System (NIDS) to detect malicious packets embedded in network traffic based on anomaly and misuse detection approaches. The existing NIDS deal with a huge amount of data that contains null values, incomplete information, and irrelevant features that affect the detection rate of the IDS, consumes high amount of system resources, and slowdown the training and testing process of the IDS. In this paper, a new feature selection model is proposed based on hybrid feature selection techniques (information gain, correlation, chi squere and gain ratio) and Principal Component Analysis (PCA) for feature reduction. This study employed data mining and machine learning techniques on NSL KDD dataset in order to explore significant features in detecting network intrusions. The experimental results showed that the proposed model improves the detection rates and also speed up the detection process.

Framework for Monitoring Firewall Functionality Using Intrusion Detection Systems

Kemei¹,

Korir²,

Chahira³

2013

Abstract:In the last few years, the intranet and Internet has experienced explosive growth due to number of benefits. Internet is insecure which makes security of private networks system an imported limitation. Firewall is installed as the first step of securing private networks. Firewalls are implemented at the block point of private network to protect them from external attacks through restricted defined rules and policies reaching network interface. Regular complaints have been raised due to invasion, intrusions and attacks of private networks even with the presence of firewalls. For purpose of confirmation, real time framework needs to be implemented to observe, examine effectiveness and functionality of firewalls by installing Network Intrusion Detection Systems (NIDS) security software within network perimeter to examine firewall operation. NIDS detects, offensive, inaccurate, or irregular action on a network and they are proper for any types of institute for defending the networks and systems. By setting up framework according to defined rules and policies deviation are reported automatically where administrator can check the events examined or audit to check if the firewall complies according to configured rules or policies where some are complex and high-level to implement all rules setup. The reported events enable the administrator to enforce and implement the appropriate rule which make the network safer to use.

A Review of Intrusion Alerts Correlation Frameworks

Chahira¹,

Kiruki²,

Kemei³

2016

: The advancement of modern computers, networks and internet has led to the widespread adoption and application of Information Communication Technology in modern organizations. As a result, large amount of information is generated, processed and distributed through digital devices. On the other side, digital crimes have increased in number and sophistication and they compromise the organization's critical information infrastructure affecting the confidentiality, integrity and availability of its information resources. In order to detect these malicious activities, organizations deploys multiple Network Intrusion Detection Systems (NIDSs) in their corporate networks. They generate huge amount of low quality alerts and in different formats when an attack has already taken place. Thus Alert and event correlation is required to preprocess, analyze and correlate the alerts produced by one or more network intrusion detection systems and events generated from different systems and security tools to provide a more succinct and high-level view of occurring or attempted intrusions. This work will review current alert correlation systems in terms of approaches and propose design consideration for an efficient alert correlation technique. We conclude by highlighting the opportunity to include attack prediction component in a real time multiple sensors environment.

Model for Enhancing Performance of Network Intrusion Detection based on Hybrid Feature Selection and Unsupervised Learning Techniques

Chahira¹,

Kiruki²

2022

As security threats change and advance in a drastic way, relevant of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts as they require high levels of human involvement in creating the system and/or maintaining it. The main goal in this work is to enhances the structural based alert correlation model to improve the quality of alerts and detection capability of NIDS by grouping alerts with common attributes based on unsupervised learning techniques. This work compares four unsupervised learning algorithms namely Self-organizing maps (SOM), K-means, Expectation and Maximization (EM) and Fuzzy C-means (FCM) to select the best cluster algorithm based on Clustering Accuracy Rate (CAR), Clustering Error (CE) and processing time. The result inferred that the proposed model based on hybrid feature selection, PCA and EM is effective in terms of Clustering Accuracy Rate (CAR) and processing time for The NSL-KDD Dataset