• العربية
    • English
  • English 
    • العربية
    • English
  • Login
Home
Publisher PoliciesTerms of InterestHelp Videos
Submit Thesis
IntroductionIUGSpace Policies
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  •   Home
  • Faculty of Information Technology
  • PhD and MSc Theses- Faculty of Information Technology
  • View Item
  •   Home
  • Faculty of Information Technology
  • PhD and MSc Theses- Faculty of Information Technology
  • View Item

Please use this identifier to cite or link to this item:

http://hdl.handle.net/20.500.12358/20120
TitleNetwork Intrusion Detection Using One-Class Classification Based on Standard Deviation of Service's Normal Behavior
Title in Arabicكشف التسلل للشبكة باستخدام التصنيف احادي الفئة المعتمد على الانحراف المعياري للسلوك الطبيعي للخدمة
Abstract

Computer networks and internet have been increasingly used in our daily life. Due to the explosive growth of network attacks, network intrusion detection systems (NIDS) have become an essential network component which plays a vital role for computer networks' security. The main purpose of NIDS is to protect network resources from any unauthorized access that may gather confidential data, affect its availability or violate its data integrity. A lot of efforts have been given toward designing a perfect NIDS that has a high detection rate and low false alarm rate. Some have used misuse detection technique which fails to detect zero-day attacks, such that there is a high demand for alternative detection techniques. The problems of using supervised learning is the cost of producing labeled dataset, and also the model is trained on known attacks which may fail to detect new variant attacks. On the other hand, unsupervised learning has the problem of labeling the generated clusters; which cluster is normal or abnormal. Semi-supervised learning techniques suffers from the limitation that it cannot outperform supervised classification unless the analyst is absolutely certain that there is some nontrivial relationship between labeled and the unlabeled distribution. Because of the limitations of previous learning techniques, and because of the increasing diversity and polymorphism of network attacks, a fourth learning technique called One-Class Classification (OCC) has been used to learn the behavior of single class, which is commonly normal traffic, to detect any deviation from it. However when applying this technique on network as a whole it suffers from the high dimensional network feature spaces. Also, problems may arise when large differences in density exist. To overcome these problems, we proposed a primary OCC-NIDS model based on the standard deviation of service's normal behavior. Through this model we dealt with each network service as single class instead of dealing with all network services as a single class. By this way we use just the relevant features of each service, hence reducing the high dimensional network feature spaces and also ensure that each class has - a proximately - uniform distribution. We evaluated the proposed primary model on our testbed dataset and on KDD Cup'99 datasets. The proposed model proved that it has the ability to detect abnormal network traffic with high detection rate and low false positive rate. Our proposed model achieved 98.14% detection rate and 98.74% accuracy rate with 0.13% false positive rate on our testbed dataset. While on KDD Cup'99 dataset our model achieved 99.88% detection rate and 99.6% accuracy rate with a false alarm rate reached 0.77% and false positive rate 0.028%.

Authors
Mater, Ramzi A.M.
Supervisors
Barhoom, Tawfiq S.
Typeرسالة ماجستير
Date2015
LanguageEnglish
Publisherالجامعة الإسلامية - غزة
Citation
License
Collections
  • PhD and MSc Theses- Faculty of Information Technology [124]
Files in this item
file_1.pdf7.724Mb
Thumbnail

The institutional repository of the Islamic University of Gaza was established as part of the ROMOR project that has been co-funded with support from the European Commission under the ERASMUS + European programme. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Contact Us | Send Feedback
 

 

Browse

All of IUGSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsSupervisorsThis CollectionBy Issue DateAuthorsTitlesSubjectsSupervisors

My Account

LoginRegister

Statistics

View Usage Statistics

The institutional repository of the Islamic University of Gaza was established as part of the ROMOR project that has been co-funded with support from the European Commission under the ERASMUS + European programme. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Contact Us | Send Feedback