Please use this identifier to cite or link to this item:
|Title||Enhancement Intrusion Detection System Using Improved Naive Bayes and One-Class Classification Algorithms|
|Title in Arabic||تحسين انظمة كشف الاختراقات باستخدام خوارزمية مطورة من البيز البسيطة وخوارزميات تصنيف القئة الواحدة|
The growing number of network intrusive activities poses a serious threat to the reliability of network services. Businesses and individuals are suffering from these malicious interceptions. All network and web services are threated by attacks, e-shopping, mail systems, bank services, governmental e-services, and so on. Intrusion Detection Systems (IDS) try to fill the vacuum in the security architecture since many intrusions are still undetected with other security techniques. Many studies try to find an optimal model for intrusion detection system with the best detection rate and lowest false alarm rate. Different machine learning techniques and algorithms employed in this field, Support Vector Machine, Neural Networks, Naïve Bayes, clustering algorithm, etc. Intrusion detection system is divided into anomaly detection and misuse detection. Misuse uses the known patterns to detect known attacks, and anomaly detection determines the outliers when they deviate from normal behavior. This study proposes three models for IDS, the first model employs one class classifier as anomaly detection system; the one class classifier algorithm based on the generation of artificial data from a reference distribution to form a two-class classification problem, and it combines the estimated reference density function with the class probability estimator to form an overall prediction; this algorithm can adapt any classification technique from the large number of classification algorithms for one class problems. The second model is hybrid model combines misuse and anomaly detection, where Hidden Naïve Bayes is used as for misuse detection and one class classifier for anomaly detection. One class support vector machine and one class classification algorithm applied in the first model are used for anomaly detection for our hybrid model. The last model decomposed the output of the misuse detection phase in hybrid model to smaller groups, using k-means clustering algorithm, in order to improve the performance of the hybrid model. KDDCup and NSL-KDD datasets are used to train and evaluate the proposed models. A comparison between the proposed models and conventional misuse and anomaly models shows that they are outperforms the conventional models; and the performance of the improved hybrid model is leading hybrid and conventional models.
|Publisher||الجامعة الإسلامية - غزة|
|Files in this item|