Abstract
Malicious users are always trying to intrude the information systems, taking advantage of different system vulnerabilities. As the Internet grows, the security limitations are becoming more crucial, facing such threats. Intrusion Detection Systems (IDS) are a common protecting systems that is used to detect malicious activity from inside and outside users of a system. It is very important to increase detection accuracy rate as possible, and get more information about the detected attacks, as one of the drawbacks of an anomaly IDS is the lack of detected attacks information. In this paper, an IDS is built using Genetic Algorithms (GA) and Principal Component Analysis (PCA) for feature selection, then some classification techniques are applied on the detected anomalies to define their classes. The results show that J48 mostly give better results than other classifiers, but for certain attacks Naive Bayes give the best results.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Intrusion Detection System
- Network Intrusion Detection
- Decision Tree Learning
- Minkowski Distance
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Murali, A., Roa, M.: A survey on intrusion detection approaches. In: First International Conference on Information and Communication Technologies, ICICT, pp. 233–240 (2005)
Garcia-Teodora, P., Díaz-Verdejo, J., Maciá–Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28(1-2), 18–28 (2009)
Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafi, S.E.O.: Continuous Features Discretizaion for Anomaly Intrusion Detectors Generation. In: WSC17 2012 Online Conference on Soft Computing in Industrial Applications (2012)
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proceedings of the Third SIAM International Conference on Data Mining, vol. 3, pp. 25–36. SIAM (2003)
Brown, D.J., Suckow, B., Wang, T.: A Survey of Intrusion Detection Systems. TU Vienna, Austria (2000)
Jolliffe, I.T.: Principal component analysis, p. 487. Springer, New York (1986)
Lindsay, I.S.: A tutorial on principal components analysis. Cornell University, Ithaca (2002)
Tang, D.H., Cao, Z.: Machine Learning-based Intrusion Detection Algorithms. Journal of Computational Information Systems 5(6), 1825–1831 (2009)
Tran, T.P., Tsai, P., Jan, T., He, X.: Machine Learning Techniques for Network Intrusion Detection. Dynamic and Advanced Data Mining for Progressing Technological Development: Innovations and Systemic Approaches (2010)
Khoshgoftaar, T.M., Gao, K., Ibrahim, N.H.: Evaluating indirect and direct classification techniques for network intrusion detection. Intelligent Data Analysis 9(3), 309–326 (2005)
Kotsiantis, S.B.: Supervised Machine Learning: A Review of Classification Techniques. Informatica 31, 249–268 (2007)
Joshi, M.: Classification, Clustering, and Intrusion Detection Systems. International Journal of Engineering Research and Applications (IHERA) 2(2), 961–964 (2012)
Zhang, H.: The optimality of naive Bayes. In: Proceedings of the FLAIRS Conference, vol. 1(2), pp. 3–9 (2004)
Caruana, R., Niculescu-Mizil, A.: An empirical comparison of supervised learning algorithms. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 161–168. ACM (2006)
Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Mitchell, T.M.: Machine learning. McGraw Hill, Burr Ridge (1997)
Shi, H.: Best-first decision tree learning. PhD dissertation, The University of Waikato (2007)
Michie, D., Spiegelhalter, D.J., Taylor, C.C.: Machine learning, neural and statistical classification (1994)
NSL-KDD Intrusion Detection data set, http://iscx.ca/NSL-KDD/
Aziz, A.S.A., Salama, M.A., Hassanien, A.E., Hanafi, S.E.O.: Artificial Immune System Inspired Intrusion Detection System Using Genetic Algorithm. In: Chojnacki, A. (Guest ed.): Special Issue: Advances in Network Systems, vol. 36, pp. 347–357 (2012)
Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Genetic Algorithm with Different Feature Selection Techniques for Anomaly Detectors Generation. In: Federated Conference on Computer Science and Information Systems (FedCSIS 2013). IEEE (submitted, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdel-Aziz, A.S., Hassanien, A.E., Azar, A.T., Hanafi, S.EO. (2013). Machine Learning Techniques for Anomalies Detection and Classification. In: Awad, A.I., Hassanien, A.E., Baba, K. (eds) Advances in Security of Information and Communication Networks. SecNet 2013. Communications in Computer and Information Science, vol 381. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40597-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-40597-6_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40596-9
Online ISBN: 978-3-642-40597-6
eBook Packages: Computer ScienceComputer Science (R0)