Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection

Prasad, Mahendra; Tripathi, Sachin; Dahal, Keshav

doi:10.1016/j.cose.2020.102062

Cited by 46 publications

(26 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 10 shows the results for DR, FAR, and accuracy obtained by the enhanced systems using keys only and keys and their positions when applied to the KDDCup 99 and NSL-KDD datasets. Table 11 presents the results of the comparison between the outcomes of the proposed methods (DEM3sel and DEMdif) and those of the various IDSs mentioned in the literature (Al-Ibaisi et al [15]; Eesa et al [26]; Al-Yaseen et al [27]; Rashid et al [17]; Yuan et al [28]; Rashid et al [20]; Prasad et al [29]; Lei et al [30]; and Nancy et al [31]) in terms of DR, FAR and accuracy, where all papers that we used for comparison depend on KDDCup dataset. From the table, it is clear that the DR, FAR, and accuracy obtained by the two methods of the proposed approach are good.…”

Section: Resultsmentioning

confidence: 99%

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

2021

View full text Add to dashboard Cite

and supported by the National University of Malaysia for conducting experiments and publishing papers.ABSTRACT Deoxyribonucleic acid (DNA) can be used to discover the presence of diseases in the human body. Similarly, its functionality can be leveraged in an intrusion detection system (IDS) to detect attacks against computer systems and network traffic. Various approaches have been proposed for using DNA sequences in IDSs. The most popular is the DNA sequence matching method, which is also used in biology. A technique that uses the DNA sequence in an IDS has previously been proposed to generate a normal signature sequence with an alignment threshold value. However, its detection rate is very low. Therefore, this paper considers the two main factors that affect the detection accuracy via the DNA sequence, DNA encoding and the short tandem repeat (STR) (i.e., the DNA keys and their positions). It then proposes two DNA encoding methods, named DEM3sel, and DEMdif, which differ in terms of the length of the DNA sequence and the network traffic representation. DEM3sel uses three characters to represent all 41 network attributes but uses a single fixed character to distinguish between nominal and numerical attributes. DEMdif uses different characters to represent all the network attributes based on the attribute values and uses a single fixed character to distinguish between nominal and numerical attributes. In all these methods, the Teiresias algorithm is used to extract the short tandem repeat (STR), which includes both the keys and their positions in the network traffic, while the Knuth-Morris-Pratt algorithm is used as a matching process to determine whether the network traffic is normal or an attack. An experiment is conducted to assess the proposed methods' performance on two standard datasets: KDDCup 99 and NSL-KDD. The experiment is run 30 times for each DNA encoding method. The results show that DEM3sel obtains the best result compared with DEMdif, where the detection rate, false alarm rate, and accuracy of detection are 99.58%, 35.53%, and 92.74% respectively. The results also show that using more keys and their positions improves the false alarm rate and the accuracy of DEM3sel by up to 26.48% and 1.75%, respectively. Moreover, the performance of the proposed method DEM3sel is comparable to or better than state-of-the-art algorithms. Thus, it can be concluded that the proposed DNA sequence method is suitable for use in an IDS.

show abstract

Section: Resultsmentioning

confidence: 99%

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

2021

View full text Add to dashboard Cite

show abstract

“…In order to prevent attacks, it is necessary to quickly classify large amounts of data with little cost. In [22], unsupervised feature selection method is proposed to avoid the cost of tagging network traffic. Thus, it is aimed to achieve better classification results while reducing computational complexity.…”

Section: Related Workmentioning

confidence: 99%

FastTrafficAnalyzer: An Efficient Method for Intrusion Detection Systems to Analyze Network Traffic

Arslan¹

2021

DÜMF Mühendislik Dergisi

View full text Add to dashboard Cite

Network intrusion detection systems are software or devices used to detect malignant attackers in modern internet networks. The success of these systems depends on the performance of the algorithm and method used to catch attacks and the time it takes for it. Due to the continuous internet traffic, these systems are expected to detect attacks in real time. In this study, using a proposed pre-processing, internet traffic data becomes more easily processable and traffic is classified by network analysis with machine learning techniques. In this way, the traffic analysis time was significantly shortened and a high level of success was achieved. The proposed model has been tested in the CSE-CIC-IDS2018 dataset and its advantaged verified. Experimental results i) 99.0% detection rate was achieved in the ExtraTree algorithm for binary classification, while a reduction of 82.96% was achieved in the processing time per sample; ii) For multiclass (15 class) detection, 98.5% detection rate was achieved with the Random Forest algorithm, while a 64.43% shortening was achieved in the processing time per sample. As a result, similar classification rate with the studies in the literature has been achieved with much shorter test time.

show abstract

“…With their instantiation called CINFO in [43], the authors further developed CUFS by using unsupervised discretization methods like equal-width and equal-frequency to adopt the methods to numeric data rather than categorical data. Another approach is given in [44] with Unsupervised Feature Selection and Cluster Center Initialization, denoted in this work as UFS_CCI. It derives feature scores as the difference of feature entropy from unlabeled data by computing the ratio of the maximum count of occurring values by the total amount of samples.…”

Section: Feature Selection For Outlier Detectionmentioning

confidence: 99%

“…Comparison of existing FS work for OD with the requirements defined in Section 3.1 ( and denote that the requirement is either fulfilled or not, ∅ denotes missing information to analyze the respective requirement, (++/+/−) for R-FS04 and R-FS08 are denoting, as objectively as possible, how well the requirement is fulfilled, R-FS02 and R-FS03 are combined since R-FS03 is a phenomenon associated with R-FS02 and none of the existing work in this table fulfills both). [44] ∅ ++ CBRW_FS [42] − + CUFS-DSFS [4] − + CINFO [43] + ++ ODEFS [45] + ++ IBFS [46] ++ ++…”

Section: Feature Selection For Outlier Detectionmentioning

confidence: 99%

Unsupervised Feature Selection for Outlier Detection on Streaming Data to Enhance Network Security

et al. 2021

View full text Add to dashboard Cite

Over the past couple of years, machine learning methods—especially the outlier detection ones—have anchored in the cybersecurity field to detect network-based anomalies rooted in novel attack patterns. However, the ubiquity of massive continuously generated data streams poses an enormous challenge to efficient detection schemes and demands fast, memory-constrained online algorithms that are capable to deal with concept drifts. Feature selection plays an important role when it comes to improve outlier detection in terms of identifying noisy data that contain irrelevant or redundant features. State-of-the-art work either focuses on unsupervised feature selection for data streams or (offline) outlier detection. Substantial requirements to combine both fields are derived and compared with existing approaches. The comprehensive review reveals a research gap in unsupervised feature selection for the improvement of outlier detection methods in data streams. Thus, a novel algorithm for Unsupervised Feature Selection for Streaming Outlier Detection, denoted as UFSSOD, will be proposed, which is able to perform unsupervised feature selection for the purpose of outlier detection on streaming data. Furthermore, it is able to determine the amount of top-performing features by clustering their score values. A generic concept that shows two application scenarios of UFSSOD in conjunction with off-the-shell online outlier detection algorithms has been derived. Extensive experiments have shown that a promising feature selection mechanism for streaming data is not applicable in the field of outlier detection. Moreover, UFSSOD, as an online capable algorithm, yields comparable results to a state-of-the-art offline method trimmed for outlier detection.

show abstract

Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection

Cited by 46 publications

References 34 publications

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

FastTrafficAnalyzer: An Efficient Method for Intrusion Detection Systems to Analyze Network Traffic

Unsupervised Feature Selection for Outlier Detection on Streaming Data to Enhance Network Security

Contact Info

Product

Resources

About