• PDF / 317,739 Bytes
• 12 Pages / 439.37 x 666.142 pts Page_size
• 11 Downloads / 259 Views

DOWNLOAD

REPORT

Abstract. This paper proposes an approach of data mining machine learning methods for reducing the false positive and false negative predictions in existing Intrusion Detection Systems (IDS). It describes our proposal for building a confidential strong intelligent intrusion detection system which can save data and networks from potential attacks, having recognized movement or infringement regularly reported ahead or gathered midway. We have addressed different data mining methodologies and presented some recommended approaches which can be built together to enhance security of the system. The approach will reduce the overhead of administrators, who can be less concerned about the alerts as they have been already classified and filtered with less false positive and false negative alerts. Here we have made use of KDD-99 IDS dataset for details analysis of the procedures and algorithms which can be implemented. Keywords: Intrusion Detection Systems
Data mining Anomaly detection
SVM
KNN
ANN


Intrusion detection

1 Introduction With rapid developments and innovations in computer technology and networks, the number of people using technology to commit cyber-attacks is also increasing. In order to prevent this, we must take preventive measures to stop these crimes and stay secure. A strong computer system can prevent potential attacks by having a good Intrusion Detection System (IDS) in place. Intrusion Detection Systems are used to preserve data availability over the network by detecting patterns of known attacks which are defined by experts. These patterns are usually defined by a set of rules which are validated with a set of common occurring events and probable intrusion sequences. There are many Intrusion Detection Systems available in the market, based on which environment and system they are used for. IDSs can be used in small home networks or in huge organizations which have large systems in multiple locations across the globe. Some of the well-known IDSs are Snort, NetSim, AIDE, Hybrid IDS, Samhain, etc. The Internet has become an indispensable tool for exchanging information among users and organizations, and security is an essential aspect in this type of © Springer Nature Switzerland AG 2019 K. Arai et al. (Eds.): FICC 2018, AISC 887, pp. 1–12, 2019. https://doi.org/10.1007/978-3-030-03405-4_1

2

B. Palanisamy et al.

communication. IDSs are often used to sniff network packets to provide a better understanding of what is happening in a particular network. Two mainstream preferences for IDSs are (1) host-based IDSs, and (2) network-based IDSs. Correspondingly, the detection methods used in IDS are anomaly based and misuse based (also called signature or knowledge based), each having their own advantages and restrictions. In misuse-based detection, data gathered from the system is compared to a set of rules or patterns, also known as signatures, to describe network attacks. The core difference between these two techniques is that anomaly-based IDS uses collections of data containing examples of normal beh

Recommend Documents

Sources of False Positive and False Negative Enlarged Parathyroid Glands

183 33 44MB

A Novel Approach to Reduce False-Negative Alarm Rate in Network-Based Intrusion Detection System Using Linear Discrimina

172 0 43MB

False Negative

172 84 35MB

False Positive

215 7 35MB

False-Negative Error

173 71 35MB

A hybrid matrix factorization technique to free the watermarking scheme from false positive and negative problems

152 91 5MB

False Negative Rate

152 88 47MB

False Negative Rate

177 36 2MB

False-Positive Error

165 52 35MB

False Positive Rate

179 113 47MB

Deep autoencoder for false positive reduction in handgun detection

192 113 1MB

False Positives/False Negatives

191 24 2MB