Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning

Verma, Abhishek; Ranga, Virender

doi:10.1016/j.procs.2017.12.091

Cited by 108 publications

(53 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here, two ROC curves derived from the results reported in [11] are used to represent two intrusion detection systems, denoted as IDS 1 and IDS 2 , respectively. As in [7], IDS 1 ROC curve can be approximated as given in Equations (17) and (18…”

Section: Results Of Analysismentioning

confidence: 99%

“…Authors in [16] In a related study, Verma and Ranga [17] reported a statistical description of labelled flow-based CIDDS 001 dataset suitable for the evaluation of Anomaly-based network IDSs. The k-nearest neighbor classification and k-means clustering techniques were employed to measure the robustness of metrics in IDSs.…”

Section: Related Workmentioning

confidence: 99%

“…Their technique was able to identify 16 features capable of classifying connections in NSL-KDD data-set with high accuracy. They used standard metrics used in the literature similar to [17]. They also did not consider cost of implementing their technique.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Imoize¹,

Oyedare²,

Otuokere³

et al. 2018

View full text Add to dashboard Cite

In this paper, we consider a cost-based extension of intrusion detection capability (C ID ). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.

show abstract

Section: Results Of Analysismentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Imoize¹,

Oyedare²,

Otuokere³

et al. 2018

View full text Add to dashboard Cite

show abstract

“…In case of dynamic network, it is very complicated to detect the numbers of clusters because of the absence of training data. A.Verma and V. Ranga performed statistical analysis of NID dataset for network intrusion detection system [4]. An efficient distance-based machine learning approach is implemented here.…”

Section: Related Workmentioning

confidence: 99%

A Real-time LAN/WAN and Web Attack Prediction Framework Using Hybrid Machine Learning Model

Arshad¹,

Hussain²

2018

IJET

View full text Add to dashboard Cite

Real-time network attacks have become an increasingly serious issue to LAN/WAN security in recent years. As the size of the network flow increases, it becomes difficult to pre-process and analyze the network packets using the traditional network intrusion detection tools and techniques. Traditional NID tools and techniques require high computational memory and time to process large number of packets in incremental manner due to limited buffer size. Web intrusion detection is also one of the major threat to real-time web applications due to unauthorized user’s request to web server and online databases. In this paper, a hybrid real-time LAN/WAN and Web IDS model is designed and implemented using the machine learning classifier. In this model, different types of attacks are detected and labelled prior to train the machine learning model. Future network packets are predicted using the trained machine learning classifier for attack prediction. Experimental results are simulated on real-time LAN/WAN network and client-server web application for performance analysis. Simulated results show that the proposed machine learning based attack detection model is better than the traditional statistical and rule based learning models in terms of time, detection rate are concerned.

show abstract

“…Features of the CIDDS-001 dataset[13]. All flows which belong to the same attack carry the same attack id.…”

mentioning

confidence: 99%

Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

Idhammad

Afdel

Belouch

2018

Security and Communication Networks

View full text Add to dashboard Cite

Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

show abstract

Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning

Cited by 108 publications

References 12 publications

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

A Real-time LAN/WAN and Web Attack Prediction Framework Using Hybrid Machine Learning Model

Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

Contact Info

Product

Resources

About