Practical real-time intrusion detection using machine learning approaches
Journal article
Authors/Editors
Strategic Research Themes
No matching items found.
Publication Details
Author list: Sangkatsanee P., Wattanapongsakorn N., Charnsripinyo C.
Publisher: Elsevier
Publication year: 2011
Journal: Computer Communications (0140-3664)
Volume number: 34
Issue number: 18
Start page: 2227
End page: 2235
Number of pages: 9
ISSN: 0140-3664
eISSN: 1873-703X
Languages: English-Great Britain (EN-GB)
View in Web of Science | View on publisher site | View citing articles in Web of Science
Abstract
The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system. ฉ 2011 Elsevier B.V. All rights reserved.
Keywords
Denial of Service, Network intrusion detection, Probe
Contact Information