Abstract
Network anomaly detection has been focused on by more people with the fast development of computer network. Some researchers utilized fusion method and DS evidence theory to do network anomaly detection but with low performance, and they did not consider features of network—complicated and varied. To achieve high detection rate, we present a novel network anomaly detection system with optimized Dempster-Shafer evidence theory (ODS) and regression basic probability assignment (RBPA) function. In this model, we add weights for each senor to optimize DS evidence theory according to its previous predict accuracy. And RBPA employs sensor's regression ability to address complex network. By four kinds of experiments, we find that our novel network anomaly detection model has a better detection rate, and RBPA as well as ODS optimization methods can improve system performance significantly.
Highlights
With the development of computer network technology and the increasing of the networks scale, computer networks are under the threat of attack from hackers and other technologies, so the security status of the computer networks is becoming the focus of people’s attention
We would verify the effectiveness of combining optimized Dempster-Shafer evidence theory (ODS) evidence theory with support vector machine classifier (SVM), biased minimax probability machine classifier (BMPM), and back propagation network classifier (BP) sensors and prove that this novel ODS network anomaly detection model can get higher detection rate (DR) and lower false positive rate (FR) for traditional attacks and new attacks
The second experiment is that we choose these 7 network anomaly detection methods to do detection in R2L data set which has 4000 network connections. The former 2000 network connections are normal connections and the later 2000 network connections are abnormal connections. This experiment is utilized to prove that the method with regression basic probability assignment function (BPA) (RBPA) outperforms the method with ODS, and two optimization methods we presented can be used in network anomaly detection simultaneously with better performance
Summary
With the development of computer network technology and the increasing of the networks scale, computer networks are under the threat of attack from hackers and other technologies, so the security status of the computer networks is becoming the focus of people’s attention. As the emphasis and difficulty of the network intrusion detection technology [1], network anomaly detection technology has the deficiency of the low detection rate, high false positive rate, and high false negative rate at present. In this domain, many researchers proposed lots of useful algorithms [2,3,4,5,6,7,8], but these methods are so simple and single that they cannot be fully adapted to complicated and changeable network. Conflicts between network data are inevitable, so those researches will lead to unreasonable fusion result, high false alarm rate and miss alarm rate
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
