Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So, these result in model not able to efficiently learn the characteristics of rare categories and this will result in poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
A combined approach to search for evasion techniques in network intrusion det...eSAT Journals
Abstract Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
A combined approach to search for evasion techniques in network intrusion det...eSAT Journals
Abstract Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An intrusion detection system plays a major role in network security. We
propose a model “DB-OLS: An Approach for IDS” which is a Deviation Based-Outlier
approach for Intrusion detection using Self Organizing Maps. In this model “Self
Organizing Map” approach is to be used for behavior learning and “Outlier mining”
approach, for detecting an intruder by calculating deviation from known user profile.
This model aims to improve the capability of detecting intruders.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
New Fuzzy Logic Based Intrusion Detection Systemijsrd.com
In this paper, we present an efficient intrusion detection technique. The intrusion detection plays an important role in network security. However, many current intrusion detection systems (IDSs) are signature based systems. The signature based IDS also known as misuse detection looks for a specific signature to match, signaling an intrusion. Provided with the signatures or patterns, they can detect many or all known attack patterns, but they are of little use for as yet unknown attacks. The rate of false positives is close to nil but these types of systems are poor at detecting new attacks, variation of known attacks or attacks that can be masked as normal behavior. Our proposed solution, overcomes most of the limitations of the existing methods. The field of intrusion detection has received increasing attention in recent years. One reason is the explosive growth of the internet and the large number of networked systems that exist in all types of organizations. Intrusion detection techniques using data mining have attracted more and more interests in recent years. As an important application area of data mining, they aim to meliorate the great burden of analyzing huge volumes of audit data and realizing performance optimization of detection rules. The objective of this dissertation is to try out the intrusion detection on large dataset by classification algorithms binary class support vector machine and improved its learning time and detection rate in the field of Network based IDS.
A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBE...IJNSA Journal
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Articles - International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An intrusion detection system plays a major role in network security. We
propose a model “DB-OLS: An Approach for IDS” which is a Deviation Based-Outlier
approach for Intrusion detection using Self Organizing Maps. In this model “Self
Organizing Map” approach is to be used for behavior learning and “Outlier mining”
approach, for detecting an intruder by calculating deviation from known user profile.
This model aims to improve the capability of detecting intruders.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
New Fuzzy Logic Based Intrusion Detection Systemijsrd.com
In this paper, we present an efficient intrusion detection technique. The intrusion detection plays an important role in network security. However, many current intrusion detection systems (IDSs) are signature based systems. The signature based IDS also known as misuse detection looks for a specific signature to match, signaling an intrusion. Provided with the signatures or patterns, they can detect many or all known attack patterns, but they are of little use for as yet unknown attacks. The rate of false positives is close to nil but these types of systems are poor at detecting new attacks, variation of known attacks or attacks that can be masked as normal behavior. Our proposed solution, overcomes most of the limitations of the existing methods. The field of intrusion detection has received increasing attention in recent years. One reason is the explosive growth of the internet and the large number of networked systems that exist in all types of organizations. Intrusion detection techniques using data mining have attracted more and more interests in recent years. As an important application area of data mining, they aim to meliorate the great burden of analyzing huge volumes of audit data and realizing performance optimization of detection rules. The objective of this dissertation is to try out the intrusion detection on large dataset by classification algorithms binary class support vector machine and improved its learning time and detection rate in the field of Network based IDS.
A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBE...IJNSA Journal
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Articles - International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion. Our observations confirm the conjecture
that both the feature selection and stochastic based genetic operators improves the accuracy and the
effectiveness. The training time is shown to be reduced tremendously by 98.59% and accuracy improved to
98.75%.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
Comparative Study on Machine Learning Algorithms for Network Intrusion Detect...ijtsrd
Network has brought convenience to the earth by permitting versatile transformation of information, however it conjointly exposes a high range of vulnerabilities. A Network Intrusion Detection System helps network directors and system to view network security violation in their organizations. Characteristic unknown and new attacks are one of the leading challenges in Intrusion Detection System researches. Deep learning that a subfield of machine learning cares with algorithms that are supported the structure and performance of brain known as artificial neural networks. The improvement in such learning algorithms would increase the probability of IDS and the detection rate of unknown attacks. Throughout, we have a tendency to suggest a deep learning approach to implement increased IDS and associate degree economical. Priya N | Ishita Popli "Comparative Study on Machine Learning Algorithms for Network Intrusion Detection System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38175.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-network/38175/comparative-study-on-machine-learning-algorithms-for-network-intrusion-detection-system/priya-n
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal1
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Similar to A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ON KDD AND NSL-KDD DATASETS (20)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ON KDD AND NSL-KDD DATASETS
1. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
DOI : 10.5121/ijaia.2019.10301 1
A SURVEY ON DIFFERENT MACHINE LEARNING
ALGORITHMS AND WEAK CLASSIFIERS BASED ON
KDD AND NSL-KDD DATASETS
Rama Devi Ravipati1
and Munther Abualkibash2
1
Graduate student in the Department of Computer Science, Eastern Michigan University,
Ypsilanti, Michigan
2
School of Information Security and Applied Computing, Eastern Michigan University,
Ypsilanti, Michigan
ABSTRACT
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal
distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R)
attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,
these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of
KDD and NSL-KDD datasets using different classifiers in WEKA.
KEYWORDS
KDD, NSL-KDD, WEKA, AdaBoost, KNN, Detection rate, False alarm rate
1. INTRODUCTION
On a computing platform Intrusion is a set of actions that attempts to compromise the integrity,
confidentiality, or availability of any resource. An Intrusion Detection System (IDS) is a
combination of hardware and software that detect intrusions in the network. It is used to track,
identify and detect the intruders. IDS is a combination of either hardware or software or both
which is used to detect intrusions in the network. IDS is used to detect unauthorized intrusions
that occur in computer systems and networks. The objectives are Confidentiality, Integrity,
Availability and Accountability.
Intrusion Prevention System is classified into four types:
a. Network based intrusion prevention system – It analyses the protocol activity by
monitoring the entire network for suspicious traffic.
b. Wireless Intrusion prevention system – It analyses the wireless networking protocol by
monitoring the entire network for suspicious traffic.
c. Network behaviour analysis – Examines the network to identify the threats such as
distributed denial of service.
d. Host based Intrusion Prevention System – An installed software which monitors a host
for a suspicious activity by analysing the host.
The most used intrusion detection techniques are signature based and anomaly based.
2. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
2
a. Signature-based IDS refers to the attacks in the network traffic by looking for specific
patterns, such as byte sequences [1]. It only detects the known attacks but not new attacks
because no pattern is available for those new attacks [2].
b. Anomaly-based IDS is used to detect the unknown attacks. It uses machine learning to
create a model and then compare it with the new behaviour. This approach helps to detect
the new attacks, but it suffers from false positives. If we use efficient feature algorithms,
then classification process becomes reliable [3].
The algorithm that needs fully class labelled data is called a supervised learning algorithm, and
some algorithms that do not need class labelled data which are called unsupervised learning
algorithms. We also have some algorithms which use properties of both supervised and
unsupervised algorithms which are called Semi-supervised algorithms [4].Semi-supervised
algorithms do not need all records to be class labelled. An Unsupervised learning algorithm finds
the hidden pattern in the data, whereas a supervised learning algorithm finds the relationship
between data and its class.
2. RELATED WORK
Many researchers have used intrusion detection system based on supervised learning approach,
such as neural network (NN)-based approach and support vector machine (SVM)-based approach.
Bonifacio et al [5] proposed an NN for distinguishing between intrusions and normal behaviours.
Recently Several hybrid IDS have been proposed which deal with the complexity of the intrusion
detection problem by combining different machine learning algorithms. By incorporating a
Hierarchical Clustering and SVM yield to a hybrid intelligent IDS that was developed by Shi-Jinn
Horng et al[6]. The SVM theory was slightly modified in this research to be used with standard
network intrusions dataset that contains labels. Cheng Xiang et al [7] designed IDS to detect
intrusions by combining the supervised tree classifiers and unsupervised Bayesian clustering.
Supervised learning strategies for intrusion recognition can just distinguish known intrusions yet
unsupervised learning strategies recognize the intrusions that have not been recently learned. The
unsupervised learning for intrusion detection includes K-means-based approach and self-
organizing feature map (SOM)-based approach.
Deep learning is a part of machine learning that is classified based on the layers present in the
artificial neural network. This can be categorized into two types supervised and unsupervised
learning. This Deep learning methodology deals with several architectures like Deep Neural
Networks, Convolution neural networks, Recurrent Neural Networks etc. Based on the depth or
number of layers involved in the network generally tends to yield high accuracy when compared
to less number of layers [12]. The working of these structures is as follows: Input layer takes the
set of features and the output layer yields the specific set of features that are meant to be there in
the targeted output. In between these there are several hidden layers, each of which are fed with
the output of the previous layer and extracts the precise set of features i.e. dimensionality
reduction and are sent to next layer. We use functions for error minimization and activation
functions for the neural network to train and work effectively.
Neuro-fuzzy system is a combination of neural networks with fuzzy logic or fuzzy sets helps to
reduce the drawbacks in both the systems and would help to yield better productivity. It consists
of a fuzzy system which uses some kind of learning algorithm such as neural network algorithm
for deciding the parameters or input for the fuzzy system [13]. The main feature of this network is
transparency [14]. Neuro—fuzzy differ from normal neural networks in almost all the ways such
as activation functions, connection weights and propagation functions. These Neuro-fuzzy system
can be consider as 3 layer system, first layer is a input variables and middle layer consists of
3. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
3
fuzzy rules and final layer consists of output variables. This can also represented as 5 layer
system in which 2 and 4 are fuzzy system layers [15].
Decision trees are mostly used for classification and prediction. These decision trees consists of
nodes internal nodes represent a test and the branch denotes the outcomes of the test and each
external or leaf node consists of the class label to which a particular data or the object can be
classified. Decision trees are more popular and less computationally expensive when compared to
the other machine learning classifiers. These are good in several cases but when it comes to
estimation of a value based on the continuous attribute it fails as it couldn’t predict the possible
outcome value. They need lots of training data for each class label included, if we train It with
less number of examples for each class label then it could not make proper classification and is
prone to errors and for growth of the decision tree we need to split it to find the best fit which is
tedious and involves lots of effort and computation.
The KDD dataset is the most used one for training the algorithm. KDD dataset is a consistent and
widely used dataset in the field of network intrusion detection. It is the subset of DARPA-98
dataset. KDD dataset is a multi-variate dataset. The dataset contains 4.8 million instances. The
characteristics of the attributes used in the dataset are categorical and integer in nature. It has
forty-two attributes. The KDD dataset mainly consists of four types of attacks –
1. DOS (Denial of Service): DOS is a type of attack category in which it consumes the
victim’s resources so that it can unable to handle legitimate requests – e.g. SYN flooding.
2. R2L (Remote to Local): R2L is a unauthorized access from a remote machine, in which
the attacker intrudes enter into a remote machine and gains the local access of the victim
machine. E.g. password guessing.
3. U2R (User to Root): U2R is a unauthorized access to the root privileges, in which the
attacker uses a normal account to login into a victim system and tries to gain
rootprivileges by exploiting some vulnerability in the victim system. E.g. buffer overflow
attacks.
4. Probing: Probing attacks main objective is to gain information about the remote victim.
E.g. port scanning.
The training dataset consists of 21 different attacks. The known attack types are those present
in the training dataset while the novel attacks are the additional attacks in the test dataset i.e.
not available in the training datasets. The attack types are categorised into four: DOS, Probe,
U2R and R2L as in KDD dataset. Each class consists of a group of attacks.
4. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
4
Table 1. Classification of attack types in KDD Dataset.
Classes Attack types
Normal Normal: 97277
DOS Smurf: 280790
Neptune: 107201
Teardrop: 979
Pod: 264
Land: 21
R2L Warezclient: 1020
Guess_passwd: 53
Warezmaster: 20
Imap: 12
ftp_write: 8
Multihop: 7
Phf: 4
Spy: 2
U2R Buffer: 30
Rootkit: 10
Loadmodule: 9
Perl: 3
PROBE Satan: 1589
Ipssweep: 1247
Portsweep: 1040
Nmap: 231
In the KDD dataset the performance of evaluated systems is highly affected because of two
important issueswhich results in very poor evaluation of anomaly detection approaches. To
overcome with these issues and increase the performance, they proposed a new dataset called
NSL-KDD, which consists of only selected records from the complete KDD dataset.
The benefits of using the NSL-KDD dataset are:
1. No redundant records in the training set, so the classifier will not produce any biased
results.
2. There is no duplicate record in the test set.
3. The percentage of records in the original KDD dataset is directly proportional to the
number of selected records from each difficult level group.
3. OVERVIEW OF OUR ALGORITHM
According to the characteristics of Intrusion detection problem the framework consists of four
modules: feature extraction, data labelling, design of weak classifier, and construction of strong
classifiers.
Feature Extraction: According to Sung and Mukkamala [8], Kayacik, Zincir-Heywood et al [9].
and Lee, Shin et al., [10] most published results observing feature reduction on the KDD dataset
is trained and tested on the ‘10%’ training set only. The full training dataset contains 4,898,431
records. It contains 22 different attack types. The dataset is unlabelled where as 10% training set
5. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
5
is labelled. Neural networks require floating point numbers for the input neurons, in the range of
[−1, 1], and for target neurons floating point numbers should be in the range of [0, 1]. All features
were pre-processed to fulfil this requirement. For nominal features with distinct values like User
Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), Transmission Control
Protocol (TCP) we use UDP= [0,1], ICMP= [1,0] and UDP= [-1, -1]. For nominal features with
large number of distinct values we assign rank to them according to the number of occurrences in
the test set. For the numeric feature’s ‘duration’, ‘src bytes’ and ‘dst bytes’, were started with the
removal of outliers before scaling the values to the range [−1, 1]. The data may be either
continuous or categorical.
Data Labelling: Algorithm uses supervised learning in which sets of data should be labelled for
training. +1 is used for normal data and -1 is used for attacked data.
Design of weak classifier: As individual weak classifiers are simple and easy to implement but
its classification accuracy is low, the Adaboost algorithm requires a group of weak classifiers.
Decision stumps are used in designing of weak classifiers.
Construction of the Strong Classifier using Machine Learning Algorithm: A strong classifier
is obtained by combining weak classifiers. Its classification accuracy is high compared to weak
classifier. We can construct strong classifiers by using any of the machine learning algorithms.
Fig 1. Framework of our Algorithm
6. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
6
Training: After the construction of strong classifiers the data is classified into train and test
datasets. We train the data according to our use.
Analysis: On the trained data we perform analysis and finds out the False Alarm rate and the
Decision Rate.
Testing: The data which we use is unlabeled data. Now we train the test data according to our
use. Next we perform analysis on data and finds the False Alarm Rate and Decision Rate.
Initially started with the implementation of a paper “AdaBoost-Based Algorithm for Network
Intrusion Detection.”[7] When we implemented the AdaBoost algorithm for KDD dataset we got
the same accuracy and false alarm rate as specified in the paper. In this algorithm, we initially
extract features and specify data labelling. Later for AdaBoost algorithm we need a group of
weak classifiers. In this algorithm, we use decision stump as weak classifiers. Finally, we obtain a
strong classifier by combining all the weak classifiers and this will have the higher classification
accuracy when compared to weak classifiers.
AdaBoost Algorithm
1. Initialize weights for each data point as w(xi , yi ) =
1
𝑛
, I = 1,….,n.
2. For iterations m= 1,…..,M
a. Fit weak classifiers to the data set and select the one with the lowest weighted
classification error:
€ 𝑚= 𝐸 𝑤[1 𝑦≠𝑓(𝑥)] (1)
b. Calculate the weight of the m classifier:
𝜃 𝑚=
1
2
ln(
1−∈ 𝑚
∈ 𝑚
) (2)
3. Update the weight for each datapoint as:
𝑤 𝑚+1(xi , yi ) =
𝑤 𝑚(𝑥 𝑖 ,𝑦 𝑖)exp[−𝜃 𝑚 𝑦 𝑖 𝑓 𝑚(𝑥 𝑖)]
𝑧 𝑚
(3)
Where 𝑧 𝑚 is a normalization factor that ensures the sum of all instance weights is equal to 1.
After M iteration we can get the final prediction by summing up the weighted prediction of each
classifier.
Table 2: Number of samples in KDD dataset
Dataset Normal Attacks
Dos R2L U2R Probe
Training 97278 391458 1126 52 4107
Testing 60593 229853 16189 228 4166
7. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
7
The above table shows the number of attacks and normal data the both training and testing dataset
have.
Table 3: Results with uniform initial weights.
Training set Testing set
Detection Rate False Alarm Rate Detection Rate False Alarm Rate
99.25% 2.766% 90.738% 3.428%
The above table shows the Detection accuracy and false alarm rate of training and testing datasets
obtained after applying Adaboost algorithm. Basically in Adaboost we can update the weights to
find the better detection accuracy and false alarm rate.
Next, we applied a Decision tree algorithm for the KDD dataset. A decision tree is one of the
widely used supervised machine learning algorithms which performs both regression and
classification tasks. The intuition behind the Decision tree algorithm is simple, yet also very
powerful. It requires relatively less effort for training the algorithm and can be used to classify
non-linearly separable data. It is very fast and efficient compared to KNN and other classification
algorithms. Information Gain, Gain Ratio and Gini Index are the most commonly used Attribute
Selection Measures. A Decision tree works as follows:
a. First select the best attributesand then split the records.
b. Make the selected attribute as decision node and now break the dataset into smaller
subsets.
c. It starts building the tree by repeating this process recursively for each child node until
any one of the condition matches:
1. All the subsets belong to the same attribute value.
2. There are no more remaining attributes.
3. There are no more instances.
The Next algorithm we used was Multilayer Perceptron (MLP). An MLP can be viewed as a
logistic regression classifier. It consists of at least three layers of nodes: an input layer, a hidden
layer, and an output layer. Except for the input nodes, each node is a neuron that uses a activation
function. MLP utilizes a supervised learning technique called back propagation for training.
Multi-layer perceptron works as follows:
1. For all input neurons i do
2. Set 𝑎𝑖← 𝑥𝑖 (4)
3. End for
4. For all hidden and output neurons i in topological order do
5. Set 𝑛𝑒𝑡𝑖←𝑤𝑖0 + Σ𝑗𝜖𝑝𝑟𝑒𝑑(𝑖) 𝑤𝑖𝑗 𝑎𝑗 (5)
6. Set 𝑎𝑖←𝑓log (𝑛𝑒𝑡𝑖) (6)
7. End for
8. For all output neurons i do
9. assemble 𝑎𝑖 in output vector y
10. End for
11. Return y.
Finally, we used a KNN algorithm. KNN is a lazy learning algorithm. In KNN, K is the number
of nearest neighbours. The number of neighbours is the core deciding factor.
KNN algorithm works as follows:
8. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
8
1. Load the data.
2. Initialize the value of k.
3. To get the predicted class, iterate from 1 to total number of training data points.
1. Calculate the distance between test data and each row of training data using
Euclidean distance formula.
2. Sort the calculated distances in ascending order.
3. Get top k rows from the sorted array.
4. Get the most frequent class from these rows.
5. Return the predicted class.
Table 4. Comparison of Detection Accuracy and False Alarm Rate of various algorithms.
Algorithms Detection
Accuracy
False
Alarm Rate
AdaBoost 90.73 3.42
Decision
Tree
81.05% 2.85
Multilayer
perceptron
80.5% 1.94
KNN 94.17% 5.82
SVM 83.09% 16.90
The Detection Accuracy and False Alarm Rate are calculated for various algorithms by using KDD dataset.
The formula to calculate those are given below. They are calculated by using a confusion matrix which is
generated after testing the data.
3.1. Parameters used for classification
The confusion matrix consists of four values: True Positive, False Negative, False Positive, and
True Negative.
a. True Positive (TP): It is the test result which detects the condition if the condition is
present. The TP value in the confusion matrix is at cm [0][0].
b. False Negative (FN): It is the test result which does not detect the condition even if the
condition is not present. The FN value in the confusion matrix is at cm [1][0].
c. False Positive (FP): It is the test result which detects the condition when the condition is
absent. It is also called a False Alarm rate. The FP value in the confusion matrix is at cm
[0][1].
d. True Negative (TN): It is the test result which does not detect the condition even if the
condition is present. The TN value in the confusion matrix is at cm [1][1].
Performance can be measured using the
1. Accuracy: The accuracy (AC) is the proportion of the total number of predictions that
were correct. It is given by the relation
Accuracy=
𝑇𝑃+𝑇𝑁
𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁
(7)
2. False Alarm Rate: False Alarm rate is calculated as the number of all incorrect
predictions divided by the number of true positives. It is given by the relation
9. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
9
False Alarm rate =
𝐹𝑃+𝐹𝑁
𝑇𝑃
(8)
3. Error Rate: Error rate (ERR) is calculated as the number of all incorrect predictions
divided by the total number of the dataset. The best error rate is 0.0, whereas the worst is
1.0. It is given by the relation
Error rate =
𝐹𝑃+𝐹𝑁
𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁
(9)
4. Recall: Recall can be defined as the ratio of the total number of correctly classified
positive examples divide to the total number of positive examples.It is also called
Sensitivity, True Positive Rate or Detection Rate. It is given by the relation
Recall =
𝑇𝑃
𝑇𝑃+𝐹𝑁
(10)
5. Precision: Precision is defined as the number of true positives over the number of true
positives plus the number of false positives.
Precision =
𝑇𝑃
𝑇𝑃+𝐹𝑃
(11)
3.2. WEKA (Waikato Environment For Knowledge Analysis)
In this era of data science where R and Python are ruling the roost, we have another data science
tool called Weka.
Weka is a collection of machine learning algorithms for data mining tasks. The algorithms can
either be applied directly to a dataset or called from your own Java code. Weka contains tools for
data pre-processing, classification, regression, clustering, association rules, and visualization.
We have five different classifiers to classify the dataset which are J48, Naive Bayes, AdaBoost,
Bagging, and Nearest Neighbor.
1. J48: The J48 classification algorithm works by establishing a decision tree according to
values of features. Internal nodes are the attributes whereas leaf nodes are classes.
Features that have maximum information gain are used as root nodes which classify the
instances more clearly. Then the next attribute with the second highest information gain
is used until corresponding class is decided.
2. Naïve Bayes: This classifier is based on probabilistic Bayesian theorem. This technique is
capable of performing well with many complicated real-world applications. Naive Bayes
classifier assumes features to be independent. It is also suited for high dimensional data.
3. AdaBoost: AdaBoost is used for constructing a strong classifier by linear combination of
weak classifiers. It performs drastically well but sometimes suffers the problem of
overfitting. For the experimentation REPTree was used as its base classifier.
4. Bagging: It can do classification and regression based on a base classifier. The Base
classifier used is the Decision stump and the bag-size percentage is 100%.
5. Nearest Neighbour: Nearest Neighbour is a non-parametric lazy learning classifier that
assigns labels to a target sample on the basis of shortest distance with the training set.
This classifier is simple and accurate yet computationally intensive.
10. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
10
Table 5. Comparison between the correctly classified instances and time taken to build in KDD and NSL-
KDD test datasets using WEKA tool.
Classifier Correctly
classified
instances (%)
Time taken to
build (sec)
Kappa statistics (%)
KDD NSL-
KDD
KDD NSL-KDD KDD NSL-KDD
J48 99.9 98.2 38.77 0.55 99.9 96.4
Naïve Bayes 92.7 80.7 29.01 0.08 88 62.4
AdaBoost 97.8 89.3 37.35 0.78 96.3 78.5
Bagging 99.9 98.4 128.6 1.78 99.9 96.8
The above table shows the correctly classified instances and the time taken to build the models to
find the accuracy and false alarm rate in both KDD and NSL-KDD.
The First section consists of Introduction of what is intrusion detection. Second section is the
description of KDD dataset and how many types of attacks are present in the dataset and how
they are categorised. Third section consists of how to extract the features from dataset and how
does machine learning algorithms works on the dataset like what is the accuracy and false alarm
rate obtained on KDD dataset and results obtained while using WEKA tool for KDD and NSL-
KDD. Next section consists of Conclusion and future work. Last section is the references used to
understand the concepts.
4. CONCLUSION AND FUTURE WORK
In this survey we have introduced an overview of different machine learning algorithms for
Intrusion Detection System (IDS) and different detection methodologies, and classifiers used in
WEKA for KDD and NSL-KDD dataset. As per the studied of techniques suggested by various
authors, the ways it can detect the intruder are presented here. The experiment results show that
KNN is having high false rate and detection rate but AdaBoost algorithm has a very low false rate
with high detection rate and run speed of algorithm is faster when compared with other algorithms.
Our future work includes how we will find new types of weak classifiers to further improve the
error rates and to find out is there any algorithm better than AdaBoost which is having high
detection accuracy and false alarm rate.
REFERENCES
[1] Brandon Lokesak (December 4, 2008). "A Comparison Between Signature Based and Anomaly
Based Intrusion Detection Systems" (PPT). www.iup.edu. Douligeris, Christos; Serpanos, Dimitrios
N. (2007-02-09). Network Security: Current Status and Future Directions. John Wiley & Sons. ISBN
9780470099735.
[2] Rowayda, A. Sadek; M Sami, Soliman; Hagar, S Elsayed (November 2013). "Effective anomaly
intrusion detection system based on neural network with indicator variable and rough set reduction".
International Journal of Computer Science Issues (IJCSI). 10 (6).
[3] M. A. Maloof, Machine learning and data mining for computer security: Springer, 2006.
11. International Journal of Artificial Intelligence and Applications (IJAIA), Vol.10, No.3, May 2019
11
[4] J. M. Bonifacio, Jr., A. M. Cansian, A. C. P. L. F. De Carvalho, and E. S. Moreira, “Neural networks
applied in intrusion detection systems,” in Proc. IEEE Int. Joint Conf. Neural Netw., 1998, vol. 1, pp.
205–210.
[5] Shi-Jinn Horng, Ming-Yang Su, Yuan-Hsin Chen, TzongWann Kao, Rong-Jian Chen, Jui-Lin Lai,
Citra Dwi Perkasa, A novel intrusion detection system based on hierarchical clustering and support
vector machines, Journal of Expert systems with Applications, Vol. 38, 2011, 306-313
[6] Cheng Xiang, Png Chin Yong, Lim Swee Meng, Design of multiple-level hybrid classifier for
intrusion detection system using Bayesian clustering and decision trees, Journal of Pattern
Recognition Letters, Vol. 29, 2008, 918-924.
[7] Weiming Hu, Steve Maybank, “AdaBoost-Based Algorithm for Network Intrusion Detection”. In
IEEE transaction on systems, MAN, and CYBERNETICS, APRIL 2008.
[8] S. Sung, A.H. Mukkamala. “Identifying important features for intrusion detection using support
vector machines and neural networks”. In Proceedings of the Symposium on Applications and the
Internet (SAINT), pp. 209–216. IEEE .
[9] H. Kayacik, A. Zincir-Heywood and M. Heywood. “Selecting features for intrusion detection: A
feature relevance analysis on KDD 99 intrusion detection datasets”. In Proceedings of the Third
Annual Conference on Privacy, Security and Trust (PST). 2005.
[10] C. Lee, S. Shin and J. Chung. “Network intrusion detection through genetic feature selection”. In
Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking,
and Parallel/Distributed Computing (SNPD), pp. 109–114. IEEE Computer Society,2006.
[11] M. Panda, M.R. Patra, “Semi-Naïve Bayesian method for network intrusion detection system”,
Neural information processing, Lecture Notes in Computer Science (Springer Link) 5863 (2009) 614–
621.
[12] Sandeep Gurung, Mirnal Kanti Ghose, Aroj Subedi,"Deep Learning Approach on Network Intrusion
Detection System using NSL-KDD Dataset", International Journal of Computer Network and
Information Security(IJCNIS), Vol.11, No.3, pp.8-14, 2019.DOI: 10.5815/ijcnis.2019.03.02.
[13] Jawhar, M. M. T., & Mehrotra, M. (2010). Design network intrusion detection system using hybrid
fuzzy neural network. International JournalofComputerScience and Security, 4(3), 285-294.
[14] Souza, P. V. C. (2018). Regularized Fuzzy Neural Networks for Pattern Classification Problems.
International Journal of Applied Engineering Research, 13(5), 2985-2991.
.