Detecção de Intrusos usando Conjunto de k-NN gerado por Subespaços Aleatórios
Abstract
Several studies have been proposed in the literature to deal with Internet anomaly detection by using machine learning techniques. Most of these works use individual classifiers such as k-NN (k-Nearest Neighbor), SVM (Support Vector Machines), Artificial Neural Networks, Decision Tree, Naive Bayes, k-means, among others. However, the literature has recently focused on applying classifier combination in order to increase detection rate. In this paper, a set of classifiers, more precisely, a set of k-NN generated through Random Subspaces Method is employed. Such an ensemble of classifiers method is compared to the hybrid technique TANN (Triangle Area based Nearest Neighbor), published recently in the literature. Results obtained using ensemble of k-NNs were superior to those obtained with TANN in terms of classification accuracy as well as false alarm reduction rate.
References
Anderson, J. (1995). An introduction to neural networks. Cambridge: MIT Press.
Breiman, L. (1996). Bagging Predictors. Machine Learning, 1996, volume 24 (2), 123-140.
Chen W., Hsu S., Shen H., (2005). Application of SVM and ANN for intrusion detection. In: Computer & Operations Research, Volume 32, Issue 10, October 2005, Pages 2617-2634
Chimphlee W., Abdullah A. H.,Sap M. N., Srinoy S., Chimphlee S., (2006). AnomalyBased Intrusion Detection using Fuzzy Rough Clustering. In: ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01
DARPA Intrusion Detection Data Sets 1999. Cyber Systems e Technology. [link]
Feitosa, E. L. ; Souto, E. ; Sadok, D. (2008) . Tráfego Internet não Desejado: Conceitos, Caracterização e Soluções. In: SBC. (Org.). Livro-Texto de Minicurso do VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. Porto Alegre: UFRGS, 2008, v. 1, p. 17-30.
Ho T. K., (1995). Random Decision Forests. Document Analysis and Recognition, 1995., Proceedings of the Third International Conference on Ho T. K., (1998). Nearest Neighbors in Random Subspaces. Advances in Pattern Recognition. Lecture Notes in Computer Science, 1998, volume 1451/1998, 640-648.
Issariyapat C., Fukuda K., (2009). Anomaly detection in IP networks with principal component analysis. Proceedings of the 9th international conference on Communications and information technologies 1229-1234.
KDD Cup 1999 Dataset, UCI KDD repository, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kleinberg, E.M., (1990). Stochastic discrimination. Annals of Mathematic and Artificial Intelligence, 1 (1990) 207-239.
Kleinberg, E.M., (1996). An overtraining-resistant stochastic modeling method for pattern recognition. Annals of Statistics, 4, 6 (1996) 2319-2349.
Kohavi R., (1995). A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. Appear in the International Joint Conference on Artificial Intelligence (IJCAI).
Kuncheva L.I., Combining Pattern Classifiers: Methods and Algorithms. John Wiley & Sons, LTD, USA, 2004.
Lee M. S., Kim S. D. e Park S. J. (2007), A Hybrid Approach for Real-Time Network Intrusion Detection Systems. International Conference on Computational Intelligence and Security.
Liao Y. and Vemuri V. R., (2002). Use of K-Nearest Neighbor classifier for intrusion detection. In: Computer & Security, Volume 21, Issue 5, 1 October 2002, Pages 439-448
Mafra M. P., Fraga S. J., Moll V., Santin O. A (2008), POLVO-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias. VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.
Nguyen T.T.T. e Armitage G. (2007), A Survey of Techniques for Internet Traffic Classification using Machine Learning. Centre for Advanced Internet Architectures.
Swinburne University of Technology, Melbourne, Australia. IEEE Communication Surveys and Tutorials.
Rhodes B., Mahaffey J. e Cannady J. (2000). Multiple self-organizing maps for intrusion detection. In Paper presented at the proceedings of the 23rd national information systems security conference. Baltimore, MD.
Souza E. P. e Monteiro J. A. S (2009), Estudo Sobre Sistema de Detecção de Intrusão por Anomalias, uma Abordagem Utilizando Redes Neurais. XIV Workshop de Gerência e Operação de Redes e Serviços - WGRS. Sociedade Brasileira de Redes de Computadores – SBRC.
Tian L. e Jianwen W., (2009). Research on Network Intrusion Detection System Based on Improved K-means Clustering Algorithm. Internacional Forum on Computer Science – Technology and Applications. IEEE Computer Science.
Tsai C., Hsu Y., Lin C., Lin W. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications 36 11004-12000.
Tsai C., Lin C. (2010). A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognition 43 222-229.
Xia, D. X., Yang, S. H. e Li, C. G., (2010). Intrusion detection system based on principal component analysis and grey neural networks. The 2nd International Conference on Networks Security Wireless Communications and Trusted Computing 142-145.
Xiao H., Hong F., Zhang Z. e Liao J., (2007). Intrusion Detection Using Ensemble of SVM Classifier. Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FKSD 2007). IEEE Computer Society.
Breiman, L. (1996). Bagging Predictors. Machine Learning, 1996, volume 24 (2), 123-140.
Chen W., Hsu S., Shen H., (2005). Application of SVM and ANN for intrusion detection. In: Computer & Operations Research, Volume 32, Issue 10, October 2005, Pages 2617-2634
Chimphlee W., Abdullah A. H.,Sap M. N., Srinoy S., Chimphlee S., (2006). AnomalyBased Intrusion Detection using Fuzzy Rough Clustering. In: ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01
DARPA Intrusion Detection Data Sets 1999. Cyber Systems e Technology. [link]
Feitosa, E. L. ; Souto, E. ; Sadok, D. (2008) . Tráfego Internet não Desejado: Conceitos, Caracterização e Soluções. In: SBC. (Org.). Livro-Texto de Minicurso do VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. Porto Alegre: UFRGS, 2008, v. 1, p. 17-30.
Ho T. K., (1995). Random Decision Forests. Document Analysis and Recognition, 1995., Proceedings of the Third International Conference on Ho T. K., (1998). Nearest Neighbors in Random Subspaces. Advances in Pattern Recognition. Lecture Notes in Computer Science, 1998, volume 1451/1998, 640-648.
Issariyapat C., Fukuda K., (2009). Anomaly detection in IP networks with principal component analysis. Proceedings of the 9th international conference on Communications and information technologies 1229-1234.
KDD Cup 1999 Dataset, UCI KDD repository, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kleinberg, E.M., (1990). Stochastic discrimination. Annals of Mathematic and Artificial Intelligence, 1 (1990) 207-239.
Kleinberg, E.M., (1996). An overtraining-resistant stochastic modeling method for pattern recognition. Annals of Statistics, 4, 6 (1996) 2319-2349.
Kohavi R., (1995). A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. Appear in the International Joint Conference on Artificial Intelligence (IJCAI).
Kuncheva L.I., Combining Pattern Classifiers: Methods and Algorithms. John Wiley & Sons, LTD, USA, 2004.
Lee M. S., Kim S. D. e Park S. J. (2007), A Hybrid Approach for Real-Time Network Intrusion Detection Systems. International Conference on Computational Intelligence and Security.
Liao Y. and Vemuri V. R., (2002). Use of K-Nearest Neighbor classifier for intrusion detection. In: Computer & Security, Volume 21, Issue 5, 1 October 2002, Pages 439-448
Mafra M. P., Fraga S. J., Moll V., Santin O. A (2008), POLVO-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias. VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.
Nguyen T.T.T. e Armitage G. (2007), A Survey of Techniques for Internet Traffic Classification using Machine Learning. Centre for Advanced Internet Architectures.
Swinburne University of Technology, Melbourne, Australia. IEEE Communication Surveys and Tutorials.
Rhodes B., Mahaffey J. e Cannady J. (2000). Multiple self-organizing maps for intrusion detection. In Paper presented at the proceedings of the 23rd national information systems security conference. Baltimore, MD.
Souza E. P. e Monteiro J. A. S (2009), Estudo Sobre Sistema de Detecção de Intrusão por Anomalias, uma Abordagem Utilizando Redes Neurais. XIV Workshop de Gerência e Operação de Redes e Serviços - WGRS. Sociedade Brasileira de Redes de Computadores – SBRC.
Tian L. e Jianwen W., (2009). Research on Network Intrusion Detection System Based on Improved K-means Clustering Algorithm. Internacional Forum on Computer Science – Technology and Applications. IEEE Computer Science.
Tsai C., Hsu Y., Lin C., Lin W. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications 36 11004-12000.
Tsai C., Lin C. (2010). A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognition 43 222-229.
Xia, D. X., Yang, S. H. e Li, C. G., (2010). Intrusion detection system based on principal component analysis and grey neural networks. The 2nd International Conference on Networks Security Wireless Communications and Trusted Computing 142-145.
Xiao H., Hong F., Zhang Z. e Liao J., (2007). Intrusion Detection Using Ensemble of SVM Classifier. Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FKSD 2007). IEEE Computer Society.
Published
2011-11-06
How to Cite
HENKE, Márcia; COSTA, Celso; SANTOS, Eulanda M. dos; SOUTO, Eduardo.
Detecção de Intrusos usando Conjunto de k-NN gerado por Subespaços Aleatórios. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 11. , 2011, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2011
.
p. 197-210.
DOI: https://doi.org/10.5753/sbseg.2011.20573.
