Abstract
Cyber attack detection is based on assumption that intrusive activities are noticeably different from normal system activities and thus detectable. A cyber attack would cause loss of integrity, confidentiality, denial of resources. The fact is that no single classifier is able to give maximum accuracy for all the five classes (Normal, Probe, DOS, U2R and R2L). We have proposed a Cyber Attack Detection System (CADS) and its generic framework, which performs well for all the classes. This is based on Generalized Discriminant Analysis (GDA) algorithm for feature reduction of the cyber attack dataset and an ensemble approach of classifiers for classification of cyber attacks. The ensemble approach of classifiers classifies cyber attack based on the union of the subsets of features. Thus, it can detect a wider range of attacks. The C4.5 and improved Support Vector Machine (iSVM) classifiers are combined as a hierarchical hybrid classifier (C4.5-iSVM) and an ensemble approach combining the individual base classifiers and hybrid classifier for best classification of cyber attacks. The experimental results illustrate that the proposed Cyber Attack Detection System is having higher detection accuracy for the all classes of attacks with minimize training, testing times and false positive alarm.
Article PDF
Avoid common mistakes on your manuscript.
References
Cyber Attack: http://www.webopedia.com.
G.Baudt and F. Anouar Generalized Discriminant Aanlyis Using a Kernal Approach Neural Computation, 2000.
J.R. Quinlan, C4.5 Programs for machine learning Morgan Kaufmann 1993.
Anderson D, Lunt TF, Javitz H, Tamaru A„ Valdes A. Detecting unusual program behavior using the stastistical component of the next-generation intrusion detection expert system (NIDES). SRI-CSL-95-06, Menlo Park, CA: SRI International; 1995.
Mahoney M, Chan PK. An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. Sixth International Symposium on Recent Advances in Intrusion Detection; 2003. pp. 220–37.
Mukkamala S, Janowski G, Sung AH. Intrusion detection using neural networks and support vector machines. Proceedings of Hybrid Information Systems Advances in Soft Computing, Heidelberg: Springer; ISBN 3790814806, pp. 121–38. 2001.
Mukkamala S, Sung AH. Feature selection for intrusion detection using neural networks and support vector machines. J Transport Res Board Natl Acad, Transport Res Record No 1822; 33–9. 2003.
Xiong, Sheng-Wu, Liu Hong-bing, Niu Xiao-xiao, Fuzzy support vector machines based on FCM clustering. Proceddings of the fourth international conference on Machine Learning and Cybernetics, Guangzhou, China: IEEE, pp. 2608–2613. Aug 18–21, 2005.
Liu Yi-hung, Chen Yen-ting, face recognition using total margin based adaptive fuzzy support vector machines. IEEE Transactions on Neural Networks, 18(1): pp 178–192. 2007.
Wei Yu-xin, Wu Mu-qing. KFDA and clustering based multiclass SVM for intrusion detection. The Journal of china universities of posts and telecommunications volume 15, issue 1, pp. 123–128, March 2008.
V. Venkatachalam, S. Selvan. Performance comparison of intrusion detection system classifiers using various features reduction techniques International Journal of Simulation vol.9 no.1, pp.30–38, 2007.
Gopi K. Kuchimanchi,Vir V. Phoha, Kiran S.Balagani, Shekhar R. Gaddam, Dimension Reduction Using Feature Extraction Methods for Real-time Misuse Detection Systems, Proceedings of the IEEE on Information, 2004.
S. Snapp, J. Brentano, and G. Dias et al. DIDS (Distributed Intrusion Detection System) — motivation, architecture,and an early prototype. In Proceedings of the 14th National Computer Security Conference, October 1991.
Porras A, Neumann PG. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the National Information Systems Security Conference; 1997.pp. 353–65.
S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle. GrIDS-a graph based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference, September 1996.
Eugene H. Spafford and Diego Zamboni. Intrusion detection using autonomous agents. Computer Networks, 34 (4): 547–570, October 2000.
Staniford-Chen S, Tung SB, Schnackenberg D. the common intrusion detection framework (CIDF). Proceedings of the information survivability workshop, Orlando FL, October 1998.
Ning P, Jajodia S, Wang XS. Design and implementation of a decentralized prototype system for detecting distributed attacks. Comput Commun 25:pp. 1374–91, 2002.
Bernardes MC, dos Santos Moreira E. implementation of an intrusion detection system based on mobile agents. In: Proceedings of the international symposium on software engineering for parallel and distributed systems, 2000.pp. 158–64.
Helmer G, Wong J, Honavar V, Miller L. Intelligent agents for intrusion detection. Available from http://citeseer.nj.nec.com/helmer98intelligent.html. 1998.
KDDCUP2009dataset, August2003 http://kdd.ics.uci.edu/databases/KDDCUP2009/KDDCUP2009.html.
Kim HC et al. Face recognition using LDA mixture model. In: Proceedings int conf. on pattern recognition, 2002.
C.Burges. A Tutorial on Support Vector Machines for Pattern Recognition. Data Mining and Knowledge Discovery, 2(2):pp. 121–167, 1998.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/), which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
About this article
Cite this article
Singh, S., Silakari, S. An Ensemble Approach for Cyber Attack Detection System: A Generic Framework. Int J Netw Distrib Comput 2, 78–90 (2014). https://doi.org/10.2991/ijndc.2014.2.2.2
Published:
Issue Date:
DOI: https://doi.org/10.2991/ijndc.2014.2.2.2