{"title":"复杂计算机网络中基于异常的入侵检测混合模型","authors":"D. Protić, M. Stankovic","doi":"10.1109/ACIT50332.2020.9299965","DOIUrl":null,"url":null,"abstract":"Anomaly-based intrusion detection classifiers detect the notion of normality and classify both intrusion and/or misuse as either 'normal' or 'anomaly'. In complex computer networks, the number of the training records is often large which makes the evaluation of the classifiers computationally expensive. In this paper we present a feature selection and instances normalization algorithm that reduces the dimensionality of the dataset size, decrease processing time and increase accuracy of two classifier models, namely weighted k-Nearest Neighbor (wk-NN) and Feedforward Neural Network (FNN). The experiments are conducted on three daily records of the real computer network traffic data derived from the Kyoto 2006+ dataset. The results show high accuracy of both wk-NN and FNN classifiers but variations in mutual decisions on detected anomalies. Variations are determined with the novel hybrid model by performing logical exclusive or operation to the predicted outcomes. Improvement in the anomaly detection ranges from 0.67% to 8.08%.","PeriodicalId":193891,"journal":{"name":"2020 21st International Arab Conference on Information Technology (ACIT)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Hybrid Model for Anomaly-Based Intrusion Detection in Complex Computer Networks\",\"authors\":\"D. Protić, M. Stankovic\",\"doi\":\"10.1109/ACIT50332.2020.9299965\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly-based intrusion detection classifiers detect the notion of normality and classify both intrusion and/or misuse as either 'normal' or 'anomaly'. In complex computer networks, the number of the training records is often large which makes the evaluation of the classifiers computationally expensive. In this paper we present a feature selection and instances normalization algorithm that reduces the dimensionality of the dataset size, decrease processing time and increase accuracy of two classifier models, namely weighted k-Nearest Neighbor (wk-NN) and Feedforward Neural Network (FNN). The experiments are conducted on three daily records of the real computer network traffic data derived from the Kyoto 2006+ dataset. The results show high accuracy of both wk-NN and FNN classifiers but variations in mutual decisions on detected anomalies. Variations are determined with the novel hybrid model by performing logical exclusive or operation to the predicted outcomes. Improvement in the anomaly detection ranges from 0.67% to 8.08%.\",\"PeriodicalId\":193891,\"journal\":{\"name\":\"2020 21st International Arab Conference on Information Technology (ACIT)\",\"volume\":\"86 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 21st International Arab Conference on Information Technology (ACIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACIT50332.2020.9299965\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 21st International Arab Conference on Information Technology (ACIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACIT50332.2020.9299965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Hybrid Model for Anomaly-Based Intrusion Detection in Complex Computer Networks
Anomaly-based intrusion detection classifiers detect the notion of normality and classify both intrusion and/or misuse as either 'normal' or 'anomaly'. In complex computer networks, the number of the training records is often large which makes the evaluation of the classifiers computationally expensive. In this paper we present a feature selection and instances normalization algorithm that reduces the dimensionality of the dataset size, decrease processing time and increase accuracy of two classifier models, namely weighted k-Nearest Neighbor (wk-NN) and Feedforward Neural Network (FNN). The experiments are conducted on three daily records of the real computer network traffic data derived from the Kyoto 2006+ dataset. The results show high accuracy of both wk-NN and FNN classifiers but variations in mutual decisions on detected anomalies. Variations are determined with the novel hybrid model by performing logical exclusive or operation to the predicted outcomes. Improvement in the anomaly detection ranges from 0.67% to 8.08%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
