Towards practical anomaly-based intrusion detection by outlier mining on TCP packets

Prajowal Manandhar, Zeyar Aung

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Intrusion detection System (IDS) is an important part of the security of large networks like the Internet. With increasing number of data being transmitted day by day from one subnetwork to another, the system needs to identify intrusion in such large datasets in an effectively and timely manner. So the application of knowledge discovery comes handy to identify unusual accesses or attacks. Improving an IDS's performance and accuracy is one of the major challenges network security research today. In this paper, we propose a practical anomaly-based IDS using outlier mining of the readily available basic Transmission Control Protocol (TCP) header information as well as other easily derivable attributes. We use a two-step approach of k-means clustering and one-class support vector machine (SVM) to model the normal sessions presented in MIT DARPA '99 dataset. We then feed the testing set to the resultant model to predict the attacks sessions.

Original languageBritish English
Title of host publicationDatabase and Expert Systems Applications - 25th International Conference, DEXA 2014, Proceedings
PublisherSpringer Verlag
Pages164-173
Number of pages10
EditionPART 2
ISBN (Print)9783319100845
DOIs
StatePublished - 2014
Event25th International Conference on Database and Expert Systems Applications, DEXA 2014 - Munich, Germany
Duration: 1 Sep 20144 Sep 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8645 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th International Conference on Database and Expert Systems Applications, DEXA 2014
Country/TerritoryGermany
CityMunich
Period1/09/144/09/14

Keywords

  • IDS
  • k-means clustering
  • one-class SVM
  • outlier mining
  • TCP

Fingerprint

Dive into the research topics of 'Towards practical anomaly-based intrusion detection by outlier mining on TCP packets'. Together they form a unique fingerprint.

Cite this