Building A Fast Intrusion Detection System For High-Speed-Networks: Probe and DoS Attacks Detection

Abstract

Using computers and other intelligent devices associated with internet has become vital in the modern life. Banking transactions, education, trade marketing, social networking, etc. are all examples of those daily and important operations that rely on such technologies, which have generated a large amount of data transiting with high velocity in the last decade. This was accompanied by an extraordinary growth in number and sophistication of cyber threats, going from opportunistic and unstructured to targeted and highly structured. Thus, detecting intrusions in such circumstances requires high levels of accuracy and efficiency, so that heavy losses are prevented. Many intrusion detection models in the literature do not propose real-time solutions to deal with the aforementioned obstacles. This motivates us to propose a lightweight intrusion detection system, for probe and DoS attacks detection. We select the most important set of features using Information Gain (IG), and Correlation-based Feature (CFS) selection filters, applied on a resampled version of KDD’99. Furthermore, we employ four machine learning methods, namely C4.5, Naïve Bayes (NB), Random Forest (RF) and REPTree, as wrappers. Results show good detection and false positive rates, of around 99.6%, and 0.3% for DoS attacks, and 99.8% and 2.7% for Probe attacks. Processing time is also optimized when evaluated using the best selected feature subset.