期刊名称:International Journal of Computer Networks and Applications (IJCNA)
电子版ISSN:2395-0455
出版年度:2021
卷号:8
期号:1
页码:28-43
语种:English
出版社:EverScience Publications
摘要:The modern society is greatly benefited by the advancement of the Internet. The quick surge in the number of connections and the ease of access to the Internet have given rise to tremendous security threat to individuals and organizations. In addition to intrusion prevention techniques like firewalls, intrusion detection systems (IDS) are an obligatory level of safety for establishments to identify insiders and outsiders with malicious intentions. Anomaly-based IDS is in the literature for the last few decades, but still the existing methods lack in three main aspects – difficulty in handling mixed attribute types, more dependence on input parameters and incompetence in maintaining a good balance between detection rate (DR) and false alarm rate (FAR). The research work proposed in this paper proposes a semi supervised IDS based on outlier detection which first selects the important features that help in identifying intrusive events and then applies a constraint-based clustering algorithm to closely learn the properties of normal connections. The proposed method can handle data with mixed attribute types efficiently, requires less number of parameters and maintains a good balance between DR and FAR. The standard NSL-KDD benchmark dataset is used for performance evaluation and the experimental results yielded an overall DR of 99.52% and FAR of 1.15%. It is successful in identifying 99.81% of DoS attacks, 99.71% of Probe attacks, 98.73% of R2L attacks and 96.50% of U2R attacks.
