Abstract
A lot of efforts have been given toward designing a perfect NIDS that has a high detection rate and low false alarm rate. Some have used misuse detection technique which fails to detect zero-day attacks, while the problem of using supervised learning is the cost of producing labeled dataset which is essential for training the model and also the model is trained on known attacks which may fail to detect new variant attacks. On the other hand, unsupervised learning has the problem of labeling the generated clusters. Once-Class Classification learning technique (OCC) suffers from the high dimensional network feature spaces, Also, problems may arise when large differences in density exist. To overcome these problems, we proposed OCC-NIDS model based on the standard deviation of service’s normal behaviour. Through this model we dealt with each network service as single class instead of dealing with all network services as a single class. By this way we use just the relevant features of each service, hence reducing the high dimensional network feature spaces and also ensure that each class has – a proximately – uniform distribution. The proposed model proved that it is able to detect abnormal network traffic with high detection rate and low false positive rate. It achieved 99.72% detection rate and 99.65% accuracy rate with a false alarm rate reached 0.7% and false positive rate 0.005% on KDD Cup’99 dataset.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Computer Trends and Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.