A IDS Model Based on HGA and Data Mining

A IDS Model Based on HGA and Data Mining

Lina Lin Dezhi Wei Fuji Chen

Jimei University Chengyi College, Xiamen 361021, China

School of Economics and Management, Fuzhou University, Fuzhou 350116, China

Corresponding Author Email: 
linda_839@126.com, weidezhi@163.com, chenfuji@fzu.edu.cn
Page: 
318-330
|
DOI: 
https://doi.org/10.18280/ama_b.600204
Received: 
17 May 2017
| |
Accepted: 
12 June 2017
| | Citation

OPEN ACCESS

Abstract: 

The paper proposes a IDS that is based on HGA and Data mining. In this model, an improved clustering algorithm is introduced to classify the normal/abnormal behaviour library from behaviour records on the network and in the system. Then it takes the HGA and data mining as a basis to dig out the the invasion rules and put them into the rule base. Finally, Hybrid Detection Module is proposed to detect the intrusion system. The experiment shows that with a high adaptability, the model has enabled to detect unknown intrusion, improve the detection rate and reduce the false detection rate, thus to protect the computer systems from exotic intrusion.

Keywords: 

Data mining, Intrusion detection, HGA, Clustering algorithm, Information gain

1. Introduction
2. Related Work
3. Adaptive IDS Model
4. Experimental Results
5. Conclusions
  References

[1] E. Eskin, M. Miller, Z.D. Zhong, G. Yi, W.A. Lee, S. Stolfo, A daptive model generation for intrusion detection systems, 2000, In Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security.

[2] W. Lee, S.J. Stolfo, P.K. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, J.X. Zhang, Real time data mining-based intrusion detection, 2001, DARPA Information Survivability Conference& Exposition, pp. 85-100.

[3] B. Thuraisingham, Data mining for malicious code detection and security applications, 2009, Web Intelligence and Intelligent Agent Technologies, vol. 31, no. 2, pp. 88-100.

[4] P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, Anomaly-based network intrusion detection: Techniques, systems and challenges, 2009, Computers & Security, vol. 28, no. 1, pp. 18-28.

[5] V. Chandola, A. Banerjee, V. Kumar, Anomaly detection: A survey, 2009, ACM computing surveys (CSUR), vol. 41, no. 3, pp. 15.

[6] S.X. Wu, W. Banzhaf, The use of computational intelligence in intrusion detection systems: A review, 2010, Applied Soft Computing, vol. 10, no. 1, pp. 1-35.

[7] G. Wang, J. Hao, J. Ma, A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering, 2010, Expert Systems with Applications, vol. 37, no. 9, pp. 6225-6232.

[8] T. Ma, F. Wang, J. Cheng, A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks, 2016, Sensors, vol. 16, no. 10, pp. 1701.

[9] S. Forrest, C. Beauchemin, Computer immunology, 2007, Immunological reviews, vol. 216, no. 1, pp. 176-197.

[10] W. Hu, W. Hu, S. Maybank, Adaboost-based algorithm for network intrusion detection[J]. IEEE Transactions on Systems, 2008, Man, and Cybernetics, Part B (Cybernetics), vol. 38, no. 2, pp. 577-583.

[11] J. Zhang, M. Zulkernine, A. Haque, Random-forests-based network intrusion detection systems, 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 38, no. 5, pp. 649-659.

[12] F. Hachmi, K. Boujenfa, M. Limam, An optimization process to identify outliers generated by intrusion detection systems, 2015, Security and Communication Networks, vol. 8, no. 18, pp. 3469-3480.

[13] Y. Li, J.L. Wang, Z.H. Tian, Building lightweight intrusion detection system using wrapper-based feature selection mechanisms, 2009, Computers & Security, vol. 28, no. 6, pp. 466-475.

[14] S.J. Horng, M.Y. Su, Y.H. Chen, A novel intrusion detection system based on hierarchical clustering and support vector machines, 2011, Expert systems with Applications, vol. 38, no. 1, pp. 306-313.

[15] W. Feng, Q. Zhang, G. Hu, Mining network data for intrusion detection through combining SVMs with ant colony networks, 2014, Future Generation Computer Systems, vol. 37, pp. 127-140.

[16] W.L. Al-Yaseen, Z.A. Othman, M.Z.A. Nazri, Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system, 2017, Expert Systems with Applications, vol. 67, pp. 296-303.

[17] G. Giacinto, R. Perdisci, M. Del Rio, Intrusion detection in computer networks by a modular ensemble of one-class classifiers, 2008, Information Fusion, vol. 9, no. 1, pp. 69-82.

[18] A. Sperotto, G. Schaffrath, R. Sadre, An overview of IP flow-based intrusion detection, 2010, IEEE communications surveys & tutorials, vol. 12, no. 3, pp. 343-356.

[19] N. Paulauskas, Ą.F. Bagdonas. Local outlier factor use for the network flow anomaly detection, 2015, Security and Communication Networks, vol. 8, no. 18, pp. 4203-4212.

[20] B.M. Aslahi-Shahri, R. Rahmani, M. Chizari, A hybrid method consisting of GA and SVM for intrusion detection system, 2015, Neural Computing and Applications, vol. 7, no. 27, pp. 1669–1676.