Abstract
Intrusion detection system (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse based intrusion detection system to detect five categories such as: Exploit, DOS, Probe, Generic and Normal in a network. Further, most of the related works on IDS are based on KDD99 or NSL-KDD 99 data set. These data sets are considered obsolete to detect recent types of attacks and have no significance. In this paper UNSW-NB15 data set is considered as the offline dataset to design own integrated classification based model for detecting malicious activities in the network. Performance of the proposed integrated classification based model is considerably high compared to other existing decision tree based models to detect these five categories. Moreover, this paper generates its own real time data set at NIT Patna CSE lab (RTNITP18) which acts as the working example of proposed intrusion detection model. This RTNITP18 dataset is considered as a test data set to evaluate the performance of the proposed intrusion detection model. The performance analysis of the proposed model with UNSW-NB15 (benchmark data set) and real time data set (RTNITP18) shows higher accuracy, attack detection rate, mean F-measure, average accuracy, attack accuracy, and false alarm rate in comparison to other existing approaches. Proposed IDS model acts as the dog watcher to detect different types of threat in the network.
Similar content being viewed by others
References
Agarwal, M., Pasumarthi, D., Biswas, S., Nandi, S.: Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization. Int. J. Mach. Learn. Cybern. (2016). https://doi.org/10.1007/s13042-014-0309-2
Aghdam, M.H., Kabiri, P.: Feature selection for intrusion detection system using ant colony optimization. IJ Netw. Secur. 18(3), 420–432 (2016)
Akshaya, P.: Intrusion detection system using machine learning approach. Int. J. Eng. Comput. Sci. 5(10), 18249–18254 (2016)
Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S., Alfaris, R.: Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403 (2012)
Banerjee, U., Vashishtha, A., Saxena, M.: Evaluation of the capabilities of WireShark as a tool for intrusion detection. Int. J. Comput. Appl. 6(7), 1–5 (2010)
Chowdhury, M.N., Ferens, K., Ferens, M.: Network Intrusion Detection Using Machine Learning. In: Proceedings of the International Conference on Security and Management (SAM), p. 30 (2016)
Das, V., Pathak, V., Sharma, S., Srikanth, M.V.V.N.S., Kumar, G., Nadu, T.: Network intrusion detection system based on machine learning algorithms. Int. J. Comput. Sci. Inf. Technol. (2010). https://doi.org/10.5121/ijcsit.2010.2613
Fares, A.H., Sharawy, M.I., Zayed, H.H.: Intrusion detection: supervised machine learning. J. Comput. Sci. Eng. (2011). https://doi.org/10.5626/JCSE.2011.5.4.305
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. (2009). https://doi.org/10.1016/j.cose.2008.08.003
Goutte, C., Gaussier, E.: A probabilistic interpretation of precision, recall and F-score, with implication for evaluation. European Conference on Information Retrieval, pp. 345–359. Springer, Berlin (2005)
Gou, Z., Ahmadon, M.A.B., Yamaguchi, S., Gupta, B.B.: A Petri net-based framework of intrusion detection systems. In: 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE) (pp. 579–583). IEEE (2015, October)
Gupta, B., Agrawal, D.P., Yamaguchi, S.: Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global, Pennsylvania (2016)
Gupta, B.B., Misra, M., Joshi, R.C.: FVBA: a combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain. In: 2008 16th IEEE International Conference on Networks (pp. 1–4). IEEE (2008, December)
Hu, J., Yu, X., Qiu, D., Chen, H.H.: A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Netw. 23(1), 42–47 (2009)
Ibrahim, H.E., Badr, S.M., Shaheen, M.A.: Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. Int. J. Comput. Appl. 56(7), 10–16 (2012)
Jha, J., Ragha, L.: Intrusion detection system using support vector machine. IJAIS. ICWAC(3), 25–30 (2013)
Kalekar, A., Kshatriya, N., Chakranarayan, S., Wadekar, S.: Real time intrusion detection system using machine learning. Int. J. Eng. Res. Technol. 3(2), 185–187 (2014)
KDD 99 data set. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed Feb 14, 2018
Kułakowski, P., Vales-Alonso, J., Egea-López, E., Ludwin, W., García-Haro, J.: Angle-of-arrival localization based on antenna arrays for wireless sensor networks. Comput. Electr. Eng. (2010). https://doi.org/10.1016/j.compeleceng.2010.03.007
Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. C 41(1), 130–139 (2011)
Mishra, A., Gupta, B.B., Joshi, R.C.: A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques. In: 2011 European Intelligence and Security Informatics Conference (pp. 286–289). IEEE (2011, September)
Modi, U., Jain, A.: An improved method to detect intrusion. Inf. Eng. (2016). https://doi.org/10.5121/ieij.2016.4203
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015. IEEE, pp. 1–6, (2015)
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. (2016). https://doi.org/10.1080/19393555.2015.1125974
Negi, P., Mishra, A., Gupta, B.B.: Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv:1304.7073 (2013)
Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Futur. Gener. Comput. Syst. 79, 558–574 (2018)
Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)
Sangkatsanee, P., Wattanapongsakorn, N., Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. (2011). https://doi.org/10.1016/j.comcom.2011.07.001
Sasan, H.P.S., Sharma, M.: Intrusion detection using feature selection and machine learning algorithm with misuse detection. Int. J. Comput. Sci. Inf. Technol. (2016). https://doi.org/10.5121/ijcsit.2016.8102
Sindhu, S.S.S., Geetha, S., Kannan, A.: Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst. Appl. (2012). https://doi.org/10.1016/j.eswa.2011.06.013
Subhan, F., Hasbullah, H., Ashraf, K.: Kalman filter-based hybrid indoor position estimation technique in bluetooth networks. Int. J. Navig. Observ. (2013). https://doi.org/10.1155/2013/570964
Wang, C., He, Q., Shao, M., Hu, Q.: Feature selection based on maximal neighborhood discernibility. Int. J. Mach. Learn. Cybern. (2017). https://doi.org/10.1007/s13042-017-0712-6
Wattanapongsakorn, N., Charnsripinyo, C.: Web-based monitoring approach for network-based intrusion detection and prevention. Multimed. Tools Appl. (2015). https://doi.org/10.1007/s11042-014-2097-9
Weka 3.6.0 tools. http://www.cs.waikato.ac.nz/ml/weka/. Accessed 15 January 2017
Yasami, Y., Mozaffari, S.P.: A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods. J. Supercomput. (2010). https://doi.org/10.1007/s11227-009-0338-x
Yin, C., Ma, L., Feng, L.: Towards accurate intrusion detection based on improved clonal selection algorithm. Multimed. Tools Appl. (2017). https://doi.org/10.1007/s11042-015-3117-0
Zhan, J., Malik, H.M., Akram, M.: Novel decision-making algorithms based on intuitionistic fuzzy rough environment. Int. J. Mach. Learn. Cybern. (2018). https://doi.org/10.1007/s13042-018-0827-4
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kumar, V., Sinha, D., Das, A.K. et al. An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Comput 23, 1397–1418 (2020). https://doi.org/10.1007/s10586-019-03008-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-019-03008-x