CSI Transactions on ICT

, Volume 6, Issue 2, pp 99–127 | Cite as

Assessing degree of intrusion scope (DIS): a statistical strategy for anomaly based intrusion detection

  • V. Jyothsna
  • V. V. Rama Prasad
Original Research


Intrusion detection system (IDS) is a type of security management system which analyzes information gathered from various areas within a computer or a network to identify possible security breaches. In the last decades an unprecedented increase in the volume and sophistication of network attacks are witnessed. As the quality of the training data greatly influences the quality of the learned models it is difficult to collect high quality training data. New attacks leveraging newly discovered security vulnerabilities emerge quickly and frequently, and also it is not possible to collect data related to these new attacks to train a detection model before the attacks are discovered and understood. The exponential growth of zero-day attacks emphasizes the need of defence mechanisms that can accurately detect previously unseen attacks in real-time. In this regard, a meta-heuristic assessment model called assessing degree of intrusion scope, which is aimed to estimate the degree of intrusion scope threshold from optimal features of given network transaction for training. In order to evaluate the proposed approach, widely used dataset for evaluation of IDS, NSL-KDD data set is used which reflects the network traffic and provides considerable and consistent accuracy improvements in detecting the new and existing attacks. The experimental results indicating that the feature correlation is having significant impact towards minimizing the computational and time complexity of measuring Intrusion Impact Scale.


Intrusion Threshold Intrusion detection system Zero-day attack Intrusion scope Optimization Correlation 


  1. 1.
    Sharifi AA, Noorollahi BA, Farokhmanesh F (2014) Intrusion detection and prevention systems (IDPS) and security issues. Int J Comput Sci Netw Secur (IJCSNS) 14(11):80–84Google Scholar
  2. 2.
    Kannathal SM (2014) Intrusion detection system based on enhanced PLS feature extraction with hybrid classification method. Int J Sci Eng Technol Res (IJSETR) 3(6):1655–1663Google Scholar
  3. 3.
    Ali MQ, Al-Shaer E, Khan H, Khayam SA (2013) Automated anomaly detector adaptation using adaptive threshold tuning. ACM Trans Inf Syst Secur 15(4), Article 17Google Scholar
  4. 4.
    Ali MQ, Khan H, Sajjad A, Khayam SA (2009) On achieving good operating points on an ROC plane using stochastic anomaly score prediction. In: Proceedings of the 16th ACM conference on computer and communications security (CCS’09). ACM, New York, pp 314–323Google Scholar
  5. 5.
    Ide T, Kashima H (2004) Eigenspace-based anomaly detection in computer systems. In: Proceedings of the 10th ACM SIGKDD international conference on knowledge discovery and data mining (KDD’04), ACM, New York, pp 440–449Google Scholar
  6. 6.
    Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of the IEEE symposium on security and privacy (SP’04). IEEE Computer Society, Los Alamitos, CAGoogle Scholar
  7. 7.
    Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. In: Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications (SIGCOMM’05). ACM, New York, pp 217–228Google Scholar
  8. 8.
    Yu Z, Tsai JP, Weigert T (2007) An automatically tuning intrusion detection system. IEEE Trans Syst Man Cybern, Part B (Cybern) 37:373–384CrossRefGoogle Scholar
  9. 9.
    Yu Z, Sai T, Weigert T (2008) An adaptive automatically tuning intrusion detection system. ACM Trans Auton Adapt Syst 3(3):10:1–10:25Google Scholar
  10. 10.
    Gu G, Fogla P, Dagon D, Lee W, Skoric B (2006) Towards an information-theoretic framework for analyzing intrusion detection systems. In: Proceedings of the 11th European symposium on research in computer security (ESORICS’06)Google Scholar
  11. 11.
    Masud MM, Chen Q, Khan L, Aggarwal C, Gao J, Han J, Thuraisingham B (2010) Addressing concept-evolution in concept-drifting data streams. In: Proceedings of the IEEE international conference on data mining (ICDM’10), IEEE Computer Society, Los Alamitos, CA, pp 929–934Google Scholar
  12. 12.
    Masud MM, Gao J, Khan L, Han J, Thuraisingham BM (2011) Classification and novel class detection in concept-drifting data streams under time constraints. IEEE Trans Knowl Data Eng 23(6):859–874CrossRefGoogle Scholar
  13. 13.
    Cretu-Ciocarlie GF, Stavrou A, Locasto ME, Stolfo SJ, Adaptive anomaly detection via self-calibration and dynamic updating. In: Proceedings of the 12th international symposium on recent advances in intrusion detection (RAID’09). Springer, Berlin, pp 41–60Google Scholar
  14. 14.
    Lee W, Stolfo S (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4):227–261CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD cup 99 data set. In Proceedings of IEEE symposium on computational intelligence in security and defence applications, CISDA 2009, pp 53–58Google Scholar
  17. 17.
    Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (IJERT) 2(12):1848–1853Google Scholar
  18. 18.
    Dhanabal L, Shantharajah SP (2015) A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int J Adv Res Comput Commun Eng 4(6):446–452Google Scholar
  19. 19.
    Aggarwala P, Sharmab SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. In: Proceedings of 3rd international conference on recent trends in computing 2015, ICRTC-2015. In Procedia Computer Science, vol 7, Elsevier, Amsterdam pp 842–851Google Scholar
  20. 20.
    Hardoon David R, Szedmak S, Shawe-Taylor J (2004) Canonical correlation analysis: an overview with application to learning methods. Neural Comput 16:2639–2664CrossRefzbMATHGoogle Scholar
  21. 21.
    Borga M (2001) Canonical correlation: a tutorial. Linkoping University, Linkoping. Available at
  22. 22.
    Akaho S (2001) A kernel method for canonical correlation analysis. International Meeting of Psychometric Society, IMPS2001Google Scholar
  23. 23.
    Hyvarinen A, Karhunen J, Oja E (2001) Independent component analysis. Wiley, New YorkCrossRefGoogle Scholar
  24. 24.
    Akaho S (2001) A kernel method for canonical correlation analysis. International Meeting of Psychometric Society (IMPS2001)Google Scholar
  25. 25.
  26. 26.
    Jyothsna V, Rama Prasad VV (2015) Anomaly based Network Intrusion Detection through assessing Feature Association Impact Scale (FAIS). Indersci Int J Inf Comput Secur (IJICS) (in forthcoming article)Google Scholar
  27. 27.
    Jyothsna V, Rama Prasad VV (2016) FCAAIS: anomaly based network intrusion detection through feature correlation analysis and association impact scale, ICT Express, The Korean Institute of Communications Information Sciences, Elsevier, Amsterdam, August 2016 (in press) Google Scholar

Copyright information

© CSI Publications 2018

Authors and Affiliations

  1. 1.JNTUHHyderabadIndia
  2. 2.Sree Vidyanikethan Engineering CollegeTirupatiIndia

Personalised recommendations