期刊名称:International Journal on Electrical Engineering and Informatics
印刷版ISSN:2085-6830
出版年度:2018
卷号:10
期号:2
页码:369-383
DOI:10.15676/ijeei.2018.10.2.12
出版社:School of Electrical Engineering and Informatics
摘要:An Intrusion Detection System (IDS) which implement a group-basedclassification algorithm, theoretically has the benefit of higher accuracy. Unfortunately,higher accuracy only achieved if the observed group is homogeneous from a certaindistribution. Recently, a distributed denial of service (DDoS) attack consists of multiplebotnets which produce multi types of traffic in one attack session. It makes the IDS suffersfrom decreasing accuracy as the increasing heterogeneity within the observed group. Toaddress the problem, we propose homogeneous grouping algorithm based on triangle areaMahalanobis distance to support IDS which implement group-based data analysis. First, theMahalanobis distance measurement was used to construct homogeneous groups. Then, thecovariance matrix of each homogeneous group was classified using a decision tree classifier.Classification performance was evaluated using known KDDCup 99 dataset. The resultspointed out that the used of homogeneous grouping algorithm improve the classificationperformance for natural and mixed random DDoS traffic.
关键词:Intrusion detection system; classification; distributed denial of service;Mahalanobis distance; covariance; decision tree