Abstract
The fundamental objective behind any network intrusion detection system is to automate the detection process whenever intrusions occur in the network. The problem of the network anomaly detection is to determine, if the network incoming traffic is legitimate (or) anomalous. Automated detection systems designed to identify incoming anomalous traffic patterns usually apply widely used machine learning techniques. However, irrespective of any system model which is developed to identify anomalous traffic, all these models requires comparing anomalous and normal traffic patterns. Such comparisons implicitly depend on the ability of the underlying machine learning model to gauge the similarity between a known legitimate observation and the target. The efficiency of any network anomalous detection system depends on the use of distance (or) similarity measures and how they are actually applied. A novel distance function which can be applied to determine the similarity between two conditional feature pattern vectors is an important contribution of present research. Feature dimensionality is another important issue for any machine learning algorithm. In the present work, feature reduction is achieved using the proposed feature transformation technique. However, our approach for feature transformation uses the proposed gaussian distance function to achieve dimensionality reduction to represent the original input dataset in the new transformation space. We have also proposed new computation expressions for determining equivalent deviation and threshold in gaussian space. Experiments are performed on KDD and NSL-KDD datasets by considering widely applied classifier algorithms in various state-of-art research contributions. For performance validation of machine learning models, k-fold cross validation is applied by setting k to 10 through considering evaluation parameters such as accuracy, precision and recall. Experiment results have proved that our approach for anomaly detection that applies the proposed feature transformation technique proved comparatively better to detection methods CANN, GARUDA, and UTTAMA addressed in the recent research literature.
Highlights
The fundamental purpose of any network anomaly detection system is to precisely and methodically detect diverse types of malicious traffic patterns that may not be detected by conventional firewall systems
Dimensionality reduction is carried via feature transformation
The distance function proposed in this work is designed by considering the basic gaussian membership function
Summary
The fundamental purpose of any network anomaly detection system is to precisely and methodically detect diverse types of malicious traffic patterns that may not be detected by conventional firewall systems. Motivated from the text similarity function [8], similarity functions for measuring software component similarity (which are based on determining binary feature vectors) are proposed by Vangipuram et al [9]. Similarity measures to compute temporal similarity in Z-SPACE and gaussian space are proposed by Vangipuram et al [10]–[16] and these measures require equivalent deviation and equivalent threshold values to be determined to compute similarity in new transformation space Another contribution is the imputation measure MANTRA [17] suggested to find similarity between complete and incomplete medical records for medical data classification
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
