A Naive Bayesian Network Intrusion Detection Algorithm Based on Principal Component Analysis

Han, Xiaoyan; Xu, Liancheng; Ren, Min; Gu, Wei

doi:10.1109/itme.2015.29

Cited by 22 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Swarnkar et al [31] proposed a naive Bayesian class classifier based on packet payload analysis to detect HTTP attacks. Han et al [32] developed a naive Bayesian model for network intrusion detection based on principal component analysis (PCA). Nie et al [33] designed a Bayesian network to model the causal relationships between network entries.…”

Section: Related Workmentioning

confidence: 99%

Behavior Pattern Mining from Traffic and Its Application to Network Anomaly Detection

Meng

Qin

Cang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Accurately detecting and identifying abnormal behaviors on the Internet are a challenging task. In this work, an anomaly detection scheme is proposed that employs the behavior attribute matrix and adjacency matrix to characterize user behavior patterns. Then, anomaly detection is conducted by analyzing the residual matrix. By analyzing network traffic and anomaly characteristics, we construct the behavior attribute matrix, which incorporates seven features that characterize user behavior patterns. To include the effects of network environment, we employ the similarity between IP addresses to form the adjacency matrix. Further, we employ CUR matrix decomposition to mine the changing trends of the matrices and obtain the residual pattern characteristics that are used to detect anomalies. To validate the effectiveness and accuracy of the proposed scheme, two datasets are used: (1) the public MAWI dataset, collected from the WIDE backbone network, which is used to validate accuracy; (2) the campus network dataset, collected from the northwest center of Chinese Education and Research Network (CERNET), which is used to verify practicability. The experimental results demonstrate that the proposed scheme can not only accurately detect and identify abnormal behaviors but also trace the source of anomalies.

show abstract

Section: Related Workmentioning

confidence: 99%

Behavior Pattern Mining from Traffic and Its Application to Network Anomaly Detection

Meng

Qin

Cang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In order to acquire these principal directions, one needs to create the co-variance matrix of data and calculate its conquered eigenvectors [ 72 ]. Han et al [ 73 ] developed a naïve Bayesian NADS based on PCA. The system calculates the attribute value of the original network dataset, then extracts the essential properties using PCA.…”

Section: Machine Learning Techniques For Network Malicious Behavior Detection and Recognitionmentioning

confidence: 99%

“…Han et al [ 73 ] developed a naïve Bayesian NADS based on PCA. The system calculates the attribute value of the original network dataset, then extracts the essential properties using PCA.…”

Section: Machine Learning Techniques For Network Malicious Behavior Detection and Recognitionmentioning

confidence: 99%

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Rabbani

Wang

Khoshkangini

et al. 2021

Entropy

View full text Add to dashboard Cite

Network anomaly detection systems (NADSs) play a significant role in every network defense system as they detect and prevent malicious activities. Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs). Additionally, contemporary malicious activities in network systems and the important properties of intrusion detection systems are discussed as well. The present survey explains important phases of NADSs, such as pre-processing, feature extraction and malicious behavior detection and recognition. In addition, with regard to the detection and recognition phase, recent machine learning approaches including supervised, unsupervised, new deep and ensemble learning techniques have been comprehensively discussed; moreover, some details about currently available benchmark datasets for training and evaluating machine learning techniques are provided by the researchers. In the end, potential challenges together with some future directions for machine learning-based NADSs are specified.

show abstract

“…PCA can also be used for feature reduction [31] and feature selection [32]. In addition, PCA can be combined with machine learning methods such as SVM [33], genetic algorithm [34] and naïve bayes [35]. Chen et al [36] using the Multi-Scale Principal Component Analysis (MSPCA) to identify the Denial of Service (DoS) attacks.…”

Section: Introductionmentioning

confidence: 99%

Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Ahsan¹,

Mashuri²,

Kuswanto³

et al. 2018

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling's T 2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T 2 based on PCA for IDS. KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T 2 based PCA will be compared with conventional T 2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling's T 2 based on PCA has excellent performance to detect anomaly in network. Compared to conventional T 2 control chart, the T 2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time.

show abstract

A Naive Bayesian Network Intrusion Detection Algorithm Based on Principal Component Analysis

Cited by 22 publications

References 1 publication

Behavior Pattern Mining from Traffic and Its Application to Network Anomaly Detection

Behavior Pattern Mining from Traffic and Its Application to Network Anomaly Detection

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Contact Info

Product

Resources

About