Skip to main content
SpringerLink
Log in

An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Intrusion detection system (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse based intrusion detection system to detect five categories such as: Exploit, DOS, Probe, Generic and Normal in a network. Further, most of the related works on IDS are based on KDD99 or NSL-KDD 99 data set. These data sets are considered obsolete to detect recent types of attacks and have no significance. In this paper UNSW-NB15 data set is considered as the offline dataset to design own integrated classification based model for detecting malicious activities in the network. Performance of the proposed integrated classification based model is considerably high compared to other existing decision tree based models to detect these five categories. Moreover, this paper generates its own real time data set at NIT Patna CSE lab (RTNITP18) which acts as the working example of proposed intrusion detection model. This RTNITP18 dataset is considered as a test data set to evaluate the performance of the proposed intrusion detection model. The performance analysis of the proposed model with UNSW-NB15 (benchmark data set) and real time data set (RTNITP18) shows higher accuracy, attack detection rate, mean F-measure, average accuracy, attack accuracy, and false alarm rate in comparison to other existing approaches. Proposed IDS model acts as the dog watcher to detect different types of threat in the network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Agarwal, M., Pasumarthi, D., Biswas, S., Nandi, S.: Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization. Int. J. Mach. Learn. Cybern. (2016). https://doi.org/10.1007/s13042-014-0309-2

    Article  Google Scholar 

  2. Aghdam, M.H., Kabiri, P.: Feature selection for intrusion detection system using ant colony optimization. IJ Netw. Secur. 18(3), 420–432 (2016)

    Google Scholar 

  3. Akshaya, P.: Intrusion detection system using machine learning approach. Int. J. Eng. Comput. Sci. 5(10), 18249–18254 (2016)

    Google Scholar 

  4. Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S., Alfaris, R.: Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403 (2012)

  5. Banerjee, U., Vashishtha, A., Saxena, M.: Evaluation of the capabilities of WireShark as a tool for intrusion detection. Int. J. Comput. Appl. 6(7), 1–5 (2010)

    Google Scholar 

  6. Chowdhury, M.N., Ferens, K., Ferens, M.: Network Intrusion Detection Using Machine Learning. In: Proceedings of the International Conference on Security and Management (SAM), p. 30 (2016)

  7. Das, V., Pathak, V., Sharma, S., Srikanth, M.V.V.N.S., Kumar, G., Nadu, T.: Network intrusion detection system based on machine learning algorithms. Int. J. Comput. Sci. Inf. Technol. (2010). https://doi.org/10.5121/ijcsit.2010.2613

    Article  Google Scholar 

  8. Fares, A.H., Sharawy, M.I., Zayed, H.H.: Intrusion detection: supervised machine learning. J. Comput. Sci. Eng. (2011). https://doi.org/10.5626/JCSE.2011.5.4.305

    Article  Google Scholar 

  9. Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. (2009). https://doi.org/10.1016/j.cose.2008.08.003

    Article  Google Scholar 

  10. Goutte, C., Gaussier, E.: A probabilistic interpretation of precision, recall and F-score, with implication for evaluation. European Conference on Information Retrieval, pp. 345–359. Springer, Berlin (2005)

    Google Scholar 

  11. Gou, Z., Ahmadon, M.A.B., Yamaguchi, S., Gupta, B.B.: A Petri net-based framework of intrusion detection systems. In: 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE) (pp. 579–583). IEEE (2015, October)

  12. Gupta, B., Agrawal, D.P., Yamaguchi, S.: Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global, Pennsylvania (2016)

    Book  Google Scholar 

  13. Gupta, B.B., Misra, M., Joshi, R.C.: FVBA: a combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain. In: 2008 16th IEEE International Conference on Networks (pp. 1–4). IEEE (2008, December)

  14. Hu, J., Yu, X., Qiu, D., Chen, H.H.: A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Netw. 23(1), 42–47 (2009)

    Article  Google Scholar 

  15. Ibrahim, H.E., Badr, S.M., Shaheen, M.A.: Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. Int. J. Comput. Appl. 56(7), 10–16 (2012)

    Google Scholar 

  16. Jha, J., Ragha, L.: Intrusion detection system using support vector machine. IJAIS. ICWAC(3), 25–30 (2013)

    Google Scholar 

  17. Kalekar, A., Kshatriya, N., Chakranarayan, S., Wadekar, S.: Real time intrusion detection system using machine learning. Int. J. Eng. Res. Technol. 3(2), 185–187 (2014)

    Article  Google Scholar 

  18. KDD 99 data set. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed Feb 14, 2018

  19. Kułakowski, P., Vales-Alonso, J., Egea-López, E., Ludwin, W., García-Haro, J.: Angle-of-arrival localization based on antenna arrays for wireless sensor networks. Comput. Electr. Eng. (2010). https://doi.org/10.1016/j.compeleceng.2010.03.007

    Article  MATH  Google Scholar 

  20. Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. C 41(1), 130–139 (2011)

    Article  Google Scholar 

  21. Mishra, A., Gupta, B.B., Joshi, R.C.: A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques. In: 2011 European Intelligence and Security Informatics Conference (pp. 286–289). IEEE (2011, September)

  22. Modi, U., Jain, A.: An improved method to detect intrusion. Inf. Eng. (2016). https://doi.org/10.5121/ieij.2016.4203

    Article  Google Scholar 

  23. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015. IEEE, pp. 1–6, (2015)

  24. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. (2016). https://doi.org/10.1080/19393555.2015.1125974

    Article  Google Scholar 

  25. Negi, P., Mishra, A., Gupta, B.B.: Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv:1304.7073 (2013)

  26. Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Futur. Gener. Comput. Syst. 79, 558–574 (2018)

    Article  Google Scholar 

  27. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)

    Google Scholar 

  28. Sangkatsanee, P., Wattanapongsakorn, N., Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. (2011). https://doi.org/10.1016/j.comcom.2011.07.001

    Article  Google Scholar 

  29. Sasan, H.P.S., Sharma, M.: Intrusion detection using feature selection and machine learning algorithm with misuse detection. Int. J. Comput. Sci. Inf. Technol. (2016). https://doi.org/10.5121/ijcsit.2016.8102

    Article  Google Scholar 

  30. Sindhu, S.S.S., Geetha, S., Kannan, A.: Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst. Appl. (2012). https://doi.org/10.1016/j.eswa.2011.06.013

    Article  Google Scholar 

  31. Subhan, F., Hasbullah, H., Ashraf, K.: Kalman filter-based hybrid indoor position estimation technique in bluetooth networks. Int. J. Navig. Observ. (2013). https://doi.org/10.1155/2013/570964

    Article  Google Scholar 

  32. Wang, C., He, Q., Shao, M., Hu, Q.: Feature selection based on maximal neighborhood discernibility. Int. J. Mach. Learn. Cybern. (2017). https://doi.org/10.1007/s13042-017-0712-6

    Article  Google Scholar 

  33. Wattanapongsakorn, N., Charnsripinyo, C.: Web-based monitoring approach for network-based intrusion detection and prevention. Multimed. Tools Appl. (2015). https://doi.org/10.1007/s11042-014-2097-9

    Article  Google Scholar 

  34. Weka 3.6.0 tools. http://www.cs.waikato.ac.nz/ml/weka/. Accessed 15 January 2017

  35. Yasami, Y., Mozaffari, S.P.: A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods. J. Supercomput. (2010). https://doi.org/10.1007/s11227-009-0338-x

    Article  Google Scholar 

  36. Yin, C., Ma, L., Feng, L.: Towards accurate intrusion detection based on improved clonal selection algorithm. Multimed. Tools Appl. (2017). https://doi.org/10.1007/s11042-015-3117-0

    Article  Google Scholar 

  37. Zhan, J., Malik, H.M., Akram, M.: Novel decision-making algorithms based on intuitionistic fuzzy rough environment. Int. J. Mach. Learn. Cybern. (2018). https://doi.org/10.1007/s13042-018-0827-4

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Patna, Patna, 800005, India

    Vikash Kumar & Ditipriya Sinha

  2. Department of Computer Science and Engineering, Birla Institute of Technology, Mesra, 800014, India

    Ayan Kumar Das & Subhash Chandra Pandey

  3. Department of Computer Science and Engineering, Techno India College of Technology, Newtown, Kolkata, 700156, India

    Radha Tamal Goswami

Authors
  1. Vikash Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ditipriya Sinha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ayan Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Subhash Chandra Pandey
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Radha Tamal Goswami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ditipriya Sinha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, V., Sinha, D., Das, A.K. et al. An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Comput 23, 1397–1418 (2020). https://doi.org/10.1007/s10586-019-03008-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-019-03008-x

Keywords

Search

Navigation