An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset

  • Vikash Kumar
  • Ditipriya SinhaEmail author
  • Ayan Kumar Das
  • Subhash Chandra Pandey
  • Radha Tamal Goswami


Intrusion detection system (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse based intrusion detection system to detect five categories such as: Exploit, DOS, Probe, Generic and Normal in a network. Further, most of the related works on IDS are based on KDD99 or NSL-KDD 99 data set. These data sets are considered obsolete to detect recent types of attacks and have no significance. In this paper UNSW-NB15 data set is considered as the offline dataset to design own integrated classification based model for detecting malicious activities in the network. Performance of the proposed integrated classification based model is considerably high compared to other existing decision tree based models to detect these five categories. Moreover, this paper generates its own real time data set at NIT Patna CSE lab (RTNITP18) which acts as the working example of proposed intrusion detection model. This RTNITP18 dataset is considered as a test data set to evaluate the performance of the proposed intrusion detection model. The performance analysis of the proposed model with UNSW-NB15 (benchmark data set) and real time data set (RTNITP18) shows higher accuracy, attack detection rate, mean F-measure, average accuracy, attack accuracy, and false alarm rate in comparison to other existing approaches. Proposed IDS model acts as the dog watcher to detect different types of threat in the network.


Intrusion detection system Signature based Attack detection rate False alarm rate Integrated rule based model 



  1. 1.
    Agarwal, M., Pasumarthi, D., Biswas, S., Nandi, S.: Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization. Int. J. Mach. Learn. Cybern. (2016). CrossRefGoogle Scholar
  2. 2.
    Aghdam, M.H., Kabiri, P.: Feature selection for intrusion detection system using ant colony optimization. IJ Netw. Secur. 18(3), 420–432 (2016)Google Scholar
  3. 3.
    Akshaya, P.: Intrusion detection system using machine learning approach. Int. J. Eng. Comput. Sci. 5(10), 18249–18254 (2016)Google Scholar
  4. 4.
    Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S., Alfaris, R.: Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403 (2012)
  5. 5.
    Banerjee, U., Vashishtha, A., Saxena, M.: Evaluation of the capabilities of WireShark as a tool for intrusion detection. Int. J. Comput. Appl. 6(7), 1–5 (2010)Google Scholar
  6. 6.
    Chowdhury, M.N., Ferens, K., Ferens, M.: Network Intrusion Detection Using Machine Learning. In: Proceedings of the International Conference on Security and Management (SAM), p. 30 (2016)Google Scholar
  7. 7.
    Das, V., Pathak, V., Sharma, S., Srikanth, M.V.V.N.S., Kumar, G., Nadu, T.: Network intrusion detection system based on machine learning algorithms. Int. J. Comput. Sci. Inf. Technol. (2010). CrossRefGoogle Scholar
  8. 8.
    Fares, A.H., Sharawy, M.I., Zayed, H.H.: Intrusion detection: supervised machine learning. J. Comput. Sci. Eng. (2011). CrossRefGoogle Scholar
  9. 9.
    Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. (2009). CrossRefGoogle Scholar
  10. 10.
    Goutte, C., Gaussier, E.: A probabilistic interpretation of precision, recall and F-score, with implication for evaluation. European Conference on Information Retrieval, pp. 345–359. Springer, Berlin (2005)Google Scholar
  11. 11.
    Gou, Z., Ahmadon, M.A.B., Yamaguchi, S., Gupta, B.B.: A Petri net-based framework of intrusion detection systems. In: 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE) (pp. 579–583). IEEE (2015, October)Google Scholar
  12. 12.
    Gupta, B., Agrawal, D.P., Yamaguchi, S.: Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global, Pennsylvania (2016)CrossRefGoogle Scholar
  13. 13.
    Gupta, B.B., Misra, M., Joshi, R.C.: FVBA: a combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain. In: 2008 16th IEEE International Conference on Networks (pp. 1–4). IEEE (2008, December)Google Scholar
  14. 14.
    Hu, J., Yu, X., Qiu, D., Chen, H.H.: A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Netw. 23(1), 42–47 (2009)CrossRefGoogle Scholar
  15. 15.
    Ibrahim, H.E., Badr, S.M., Shaheen, M.A.: Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. Int. J. Comput. Appl. 56(7), 10–16 (2012)Google Scholar
  16. 16.
    Jha, J., Ragha, L.: Intrusion detection system using support vector machine. IJAIS. ICWAC(3), 25–30 (2013)Google Scholar
  17. 17.
    Kalekar, A., Kshatriya, N., Chakranarayan, S., Wadekar, S.: Real time intrusion detection system using machine learning. Int. J. Eng. Res. Technol. 3(2), 185–187 (2014)CrossRefGoogle Scholar
  18. 18.
    KDD 99 data set. Accessed Feb 14, 2018
  19. 19.
    Kułakowski, P., Vales-Alonso, J., Egea-López, E., Ludwin, W., García-Haro, J.: Angle-of-arrival localization based on antenna arrays for wireless sensor networks. Comput. Electr. Eng. (2010). CrossRefzbMATHGoogle Scholar
  20. 20.
    Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. C 41(1), 130–139 (2011)CrossRefGoogle Scholar
  21. 21.
    Mishra, A., Gupta, B.B., Joshi, R.C.: A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques. In: 2011 European Intelligence and Security Informatics Conference (pp. 286–289). IEEE (2011, September)Google Scholar
  22. 22.
    Modi, U., Jain, A.: An improved method to detect intrusion. Inf. Eng. (2016). CrossRefGoogle Scholar
  23. 23.
    Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015. IEEE, pp. 1–6, (2015)Google Scholar
  24. 24.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. (2016). CrossRefGoogle Scholar
  25. 25.
    Negi, P., Mishra, A., Gupta, B.B.: Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv:1304.7073 (2013)
  26. 26.
    Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Futur. Gener. Comput. Syst. 79, 558–574 (2018)CrossRefGoogle Scholar
  27. 27.
    Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)Google Scholar
  28. 28.
    Sangkatsanee, P., Wattanapongsakorn, N., Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. (2011). CrossRefGoogle Scholar
  29. 29.
    Sasan, H.P.S., Sharma, M.: Intrusion detection using feature selection and machine learning algorithm with misuse detection. Int. J. Comput. Sci. Inf. Technol. (2016). CrossRefGoogle Scholar
  30. 30.
    Sindhu, S.S.S., Geetha, S., Kannan, A.: Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst. Appl. (2012). CrossRefGoogle Scholar
  31. 31.
    Subhan, F., Hasbullah, H., Ashraf, K.: Kalman filter-based hybrid indoor position estimation technique in bluetooth networks. Int. J. Navig. Observ. (2013). CrossRefGoogle Scholar
  32. 32.
    Wang, C., He, Q., Shao, M., Hu, Q.: Feature selection based on maximal neighborhood discernibility. Int. J. Mach. Learn. Cybern. (2017). CrossRefGoogle Scholar
  33. 33.
    Wattanapongsakorn, N., Charnsripinyo, C.: Web-based monitoring approach for network-based intrusion detection and prevention. Multimed. Tools Appl. (2015). CrossRefGoogle Scholar
  34. 34.
    Weka 3.6.0 tools. Accessed 15 January 2017
  35. 35.
    Yasami, Y., Mozaffari, S.P.: A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods. J. Supercomput. (2010). CrossRefGoogle Scholar
  36. 36.
    Yin, C., Ma, L., Feng, L.: Towards accurate intrusion detection based on improved clonal selection algorithm. Multimed. Tools Appl. (2017). CrossRefGoogle Scholar
  37. 37.
    Zhan, J., Malik, H.M., Akram, M.: Novel decision-making algorithms based on intuitionistic fuzzy rough environment. Int. J. Mach. Learn. Cybern. (2018). CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Institute of Technology PatnaPatnaIndia
  2. 2.Department of Computer Science and EngineeringBirla Institute of TechnologyMesraIndia
  3. 3.Department of Computer Science and EngineeringTechno India College of TechnologyNewtown, KolkataIndia

Personalised recommendations