Universiti Teknologi Malaysia Institutional Repository

Anomaly intrusion detection system using immune network with reduced network traffic features

Qasem, Murad Abdo Rassam (2010) Anomaly intrusion detection system using immune network with reduced network traffic features. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems.

[img] PDF - Submitted Version
Restricted to Repository staff only

837Kb
[img] PDF
837Kb
[img] PDF
108Kb
[img] PDF
22Kb

Abstract

Intrusion Detection Systems (IDS) are developed to be the defense against these security threats. Current signature based IDS like firewalls and anti viruses, which rely on labeled training data, generally can not detect novel attacks. A method that offers a promise to solve this problem is the anomaly based IDS. Literature has shown that direction towards reducing false positive rate and thus enhancing the detection rate and speed have shifted from accurate machine learning classifiers to the adaptive models like bio-inspired models. Consequently, this study has been introduced to enhance the detection rate and speed up the detection process by reducing the network traffic features. Moreover, it aimed to investigate the implementation of the bio-inspired Immune Network approach for clustering different kinds of attacks. This approach aimed at enhancing the detection rate of novel attacks and thus decreasing the high false positive rate in IDS. Rough Set method was applied to reduce the dimension of KDD CUP ’99 dataset which used by this study and select only the features that best represent all kinds of attacks. Immune Network clustering was then applied using aiNet algorithm in order to cluster normal data from attacks in the testing dataset. The results revealed that detection rate and speed were enhanced by using only the most significant features. Furthermore, it was found that Immune Network clustering method is robust in detecting novel attacks in the test dataset. The principal conclusion was that IDS is enhanced by the use of significant network traffic features besides the implementation of the Immune Network clustering to detect novel attacks.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains (Sains Komputer)) - Universiti Teknologi Malaysia, 2010; Supervisor : Prof.Dr. Mohd. Aizaini Maarof
Uncontrolled Keywords:intrusion detection systems (IDS), immune network, network traffic
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:11367
Deposited By: Ms Zalinda Shuratman
Deposited On:13 Dec 2010 05:53
Last Modified:04 Jul 2012 08:17

Repository Staff Only: item control page