Skip to main content

A design of a parallel network anomaly detection algorithm based on classification

International Journal of Information Technology volume 14pages 2079–2092 (2022)Cite this article

Abstract

In the present digital age and with the huge volume of data floating around, the information security has become utmost importance. Intrusion detection is the process of analysing various events in a system/network for possible presence of intrusion. The aim of an intrusion detection system is to protect the system from unauthorized access. Design of intrusion detection systems (IDS) has gained lots of importance in the recent years and has become the standard component of in network security. Intrusion detection systems operate either using anomaly based or signature based and in some cases IDS operate in a hybrid way. The data growth rate and the higher bandwidth and network speed makes it very difficult to process the data in real-time. Many researchers have focused in this area and have used data mining techniques for detecting the intrusions. Classification is a data mining technique used to predict group membership for each data instance. Classification is being used by various researchers for detection intrusions. Lot of classification algorithms have been developed for intrusion detection with respective strengths and weaknesses. This paper presents a novel classification algorithm based on distance measure and Relief-F feature weighting. The performance measures of intrusion detection are compared with the commonly used classification algorithms such as Naïve Bayes, Decision Tree and Support Vector Machine (SVM) and the proposed algorithm outperforms the above mentioned algorithms in terms of Detection Rate, Accuracy, False Alarm Rate, F-Score and Mathews Correlation Coefficient. The proposed algorithm is tested using a benchmark dataset (KDDcup99 dataset) and a real traces dataset (Kyoto 2006 + dataset). This study also intend to compare the execution time for various classifiers and the parallel performance of NADA since NADA outperforms all the other classifiers in terms of serial execution time. The algorithm is parallelized and the results are presented in terms of execution time with various data size, speed up and efficiency.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

USD 39.95

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

References

  1. Kumar DA, Venugopalan SR (2017) Intrusion detection by initial classification-based on protocol type. Int J Adv Intell Paradig 9(2–3):122–138

    Google Scholar 

  2. Anderson JP (1980) Computer security threat monitoring and surveillance (Vol. 17). Technical report. James P. Anderson Company, Fort Washington

    Google Scholar 

  3. Youssef A, Emam A (2011) Network intrusion detection using data mining and network behaviour analysis. Int J Comput Sci Inf Technol 3(6):87

    Google Scholar 

  4. Nadiammai GV, Hemalatha M (2014) Effective approach toward intrusion detection system using data mining techniques. Egypt Inform J 15(1):37–50

    Article  Google Scholar 

  5. Laskov P, Düssel P, Schäfer C, Rieck K (2005) Learning intrusion detection: supervised or unsupervised? In: Image analysis and processing. Springer, Heidelberg, pp 50–57

    Google Scholar 

  6. Sharma A, Pujari AK, Paliwal KK (2007) Intrusion detection using text processing techniques with a kernel based similarity measure. Comput Secur 26(7):488–495

    Article  Google Scholar 

  7. Siva Sathya S, Geetha Ramani R, Sivaselvi K (2011) Discriminant analysis based feature selection. Int J Comput Appl 31(11):0975–9887

    Google Scholar 

  8. Amudha P, Rauf HA (2011) Performance analysis of data mining approaches in intrusion detection. In: Process Automation, Control and Computing (PACC), 2011 International Conference on (pp 1–6). IEEE

  9. Kayacik HG, Zincir-Heywood AN, Heywood MI (2005) Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the third annual conference on privacy, security and trust

  10. Arya A, Kumar S (2014) Information theoretic feature extraction to reduce dimensionality of Genetic Network Programming based intrusion detection model. In: Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on (pp 34–37). IEEE

  11. Takkellapati VS, Prasad GVSNRV (2012) Network intrusion detection system based on feature selection and triangle area support vector machine. Int J Eng Trends Technol 3(4):466–470

    Google Scholar 

  12. Kira K, Rendell LA (1992) A practical approach to feature selection. In: Proceedings of the ninth international workshop on Machine learning (pp 249–256)

  13. Panda M, Patra MR (2007) Network intrusion detection using Naive Bayes. Int J Comput Sci Netw Secur 7(12):258–263

    Google Scholar 

  14. Jain MM, Richariya V (2012) An improved techniques based on Naive Bayesian for attack detection. Int J Emerg Technol Adv Eng 2(1):324–331

    Google Scholar 

  15. Amor NB, Benferhat S, Elouedi Z (2004) Naive bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM symposium on Applied computing (pp 420–424). ACM

  16. Dutt Inadyuti, Borah Samarjeet (2015) Some studies in intrusion detection using data mining techniques. Int J Innov Res Sci Eng Technol 4(7):5500–5511

    Google Scholar 

  17. Agarwal B, Mittal N (2012) Hybrid approach for detection of anomaly network traffic using data mining techniques. Procedia Technol 6:996–1003

    Article  Google Scholar 

  18. Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technology 4:119–128

    Article  Google Scholar 

  19. Thomas C, Balakrishnan N (2009) Performance enhancement of intrusion detection systems using advances in sensor fusion. Supercomputer Education and Research Centre Indian Institute of Science, Doctoral thesis, 304 pp Available at: http://www.serc.iisc.ernet.In/graduation-theses/CizaThomas-PhD-Thesis.pdf

  20. Gaffney JE, Ulvila JW (2001) Evaluation of intrusion detectors: a decision theory approach. In: Security and Privacy, 2001. S&P 2001, Proceedings 2001 IEEE Symposium on (pp. 50–61). IEEE

  21. https://www.sans.org/reading-room/whitepapers/detection/intrution-detection-systems-definition-chaallenges-343. Accessed 6 Jan 2016

  22. Mokarian A, Faraahi A, Delavar AG (2013) False positives reduction techniques in intrusion detection systems-a review. Int J Comput Sci Netw Secur 13(10):128

    Google Scholar 

  23. Wikipedia contributors, “Matthews correlation coefficient,” Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Matthews_correlation_coefficient&oldid = 757297687. Accessed 20 Feb 2017

  24. Song J, Takakura H, Okabe Y, Eto M, Inoue D, Nakao K (2011) Statistical analysis of honeypot data and building of Kyoto 2006 + dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (pp 29–36). ACM

  25. MIT Lincoln Lab., Information Systems Technology Group (1998) The 1998 Intrusion detection off-Line Evaluation Plan. http://www.ll.mit.edu/ideval/files/id98-eval-ll.txt. Accessed 2 Feb 2016

  26. The UCI KDD Archive: KDD Cup 1999 Data, Information and Computer Science University of California, Irvine, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 2 Feb 2014

  27. Ammar A (2015) Comparison of feature reduction techniques for the binominal classification of network traffic. J Data Anal Inf Process 3(02):11

    Google Scholar 

  28. Kumar DA, Venugopalan SR (2016) A novel algorithm for network anomaly detection using adaptive machine learning. In: Advanced Computing and Intelligent Technologies (ICACIE), 2016 First International Conference on. Springer

  29. Chavez A, Hamlet J, Lee E, Martin M, Stout W (2015) Network randomization and dynamic defense for critical infrastructure systems. Sandia Natl Lab Rep 277:13 (SAND2015-3324)

    Google Scholar 

  30. Ihsan Z, Idris MY, Abdullah AH (2013) Attribute normalization techniques and performance of intrusion classifiers: a comparative analysis. Life Sci J 10(4):2568

    Google Scholar 

  31. Wang W, Zhang X, Gombault S, Knapskog SJ (2009) Attribute normalization in network intrusion detection. In: Pervasive systems, algorithms, and networks (ISPAN), 2009 10th international symposium on (pp 448–453). IEEE

  32. Garner SR. WEKA: Waikato environment for knowledge analysis: software for machine learning. The University of Waikato, Hamilton, New-Zealand

  33. Fernando Silva, Ricardo Rocha. Parallel and distributed programming http://www.dcc.fc.up.pt/~fds/aulas/PPD/1112/metrics_en.pdf. Accessed 2 Feb 2016

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Applications, Government Arts College, Kulithalai, 639120, India

    D. Ashok Kumar

  2. Aeronautical Development Agency, Ministry of Defence, Government of India, P. B. No. 1718, Vimanpura Post, Bangalore, 560017, India

    S. R. Venugopalan

Authors
  1. D. Ashok Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. R. Venugopalan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. R. Venugopalan.

Appendix

Appendix

The following tables gives the details of the qualitative values and their codlings using the probability function described earlier in this study. See Tables 12, 13, 14, 15.

Table 12 FLAG attribute coding—KDDCUP 99 DATASET
Full size table
Table 13 SERVICE attribute coding—KDDCUP 99 dataset
Full size table
Table 14 FLAG attribute coding—KYOTO 2006 + dataset
Full size table
Table 15 SERVICE attribute coding—KYOTO 2006 + dataset
Full size table

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Ashok Kumar, D., Venugopalan, S.R. A design of a parallel network anomaly detection algorithm based on classification. Int. j. inf. tecnol. 14, 2079–2092 (2022). https://doi.org/10.1007/s41870-019-00356-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-019-00356-0

Keywords

  • Anomaly
  • Normalization
  • Classification
  • Parallel algorithm
  • Feature selection/weighting
  • Norm