A Practical Approach to Anomaly Based Intrusion Detection System by Outlier Mining in Network Traffic

  • Prajowal Manandhar

Student thesis: Master's Thesis

Abstract

Intrusion detection is an effective approach of dealing with problems in the area of network security. Rapid development in technology has raised the need for an effective intrusion detection system as the traditional intrusion detection method cannot compete against newly advanced intrusions. As most IDS try to perform their task in real time but their performance hinders as they undergo different level of analysis or their reaction to limit the damage of some intrusions by terminating the network connection, a real time is not always achieved. With increasing number of data being transmitted day by day from one network to another, the system needs to identify intrusion in such large datasets effectively and in a timely manner. Thus, the application of data mining and machine learning approaches would be effective to identify such unusual access or attacks. Also, improving its performance and accuracy has been one of the major endeavors in the research of network security today. In this research, we have implemented a intrusion detection system (IDS) based on outlier identification dealing with TCP header information. We use a two-step technique of clustering and a one-class support vector machine (SVM) to model the normal sessions derived from the MIT Darpa ‘99 dataset. We then feed the test set to the resultant model to predict the attacks. For evaluation purposes, we have also applied our model to KDD ‘99 dataset.
Date of AwardMay 2014
Original languageAmerican English
SupervisorU Zeyar Aung (Supervisor)

Keywords

  • Outlier Mining; Network Traffic Data; Intrusion Detection System (IDS); Support Vector Machine (SVM); Routers (Computer networks).

Cite this

'