Performance Analysis of Misuse Attack Data using Data Mining Classifiers
-
2018-12-09 
https://doi.org/10.14419/ijet.v7i4.36.23782
-
Intrusions, KDD Cup, Misuse, Neural Networks, Regression, Support vector Machines -
Data mining can be characterized as the extraction of certain, already un-known, and conceivably valuable data from information. Various analysts have been creating security innovation and investigating new techniques to recognize digital assaults with the DARPA 1998 dataset for Intrusion Detection and adjusted renditions of this dataset KDDCup99 and NSL-KDD, yet as of not long ago nobody have inspected the execution of Top information mining calculations chose by specialists in information mining. The execution of these calculations are contrasted and precision, blunder rate and normal cost on changed renditions of NSL-KDD prepare and test dataset where the occasions are ordered into typical and four digital assault classes: DoS, Probing, R2L and U2R. Furthermore, the most vital highlights to identify digital assaults in all classifications and in every classification are assessed with Weka's Attribute Evaluator and positioned by Information Gain. The goal of this paper is to estimate the performance of classification models like logistic regression, artificial neural networks and support vector machines for predicting intrusions and these techniques are examined to improve the accuracy and performance of these models on KDDCUP dataset. The predictive models are developed using 42 input variable and 23 output variables from the attack set. We examined these data mining models in terms of their accuracy, sensitivity, specificity and FAR. The regression model achieved an accuracy of 99.62%, sensitivity is 99.01%, and specificity is 92.18% with a FAR of 7.82. The Multilayer perceptron (ANN) model achieved an accuracy of 99.62%, sensitivity is 99.01%, and specificity is 91.03% with a FAR of 8.97. The last model Support vector machine model achieved an accuracy of 99.62%, sensitivity is 99.01%, and specificity is 88.00% with a FAR of 12.00. The logical regression model had the better false alarm, sensitivity and specificity, followed by the Multilayer perceptron model and the support vector machine model. The most imperative highlights to distinguish digital assaults are essential highlights, for example, the quantity of seconds of a system association, the convention utilized for the association, the system benefit utilized, ordinary or mistake status of the association and the quantity of information bytes sent. The most vital highlights to distinguish DoS, Probing and R2L assaults are essential highlights and the minimum critical highlights are content highlights. Dissimilar to U2R assaults, where the substance highlights are the most imperative highlights to identify assaults.
Â
Â
-
References
[1] J.Quinlan, “Programs for machine learning†.Morgan Kaufmann, (1993)
[2] G. John and P. Langley, “Estimating continuous distributions in Bayesian classifiers,†in proceedings of the 11th Conference on Uncertainty in Artificial Intelligence, pp 338-345 (1995)
[3] C. Chang and C. Lin.,â€LIBSVM : a Library for Support Vector Machinesâ€, (2001)
[4] Software at http://www.csie.ntu.edu.tw/ cjlin/libsvm
[5] NSL-KDD: available on
[6] http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html, (2009)
[7] KDD CUP 1999, available on:
[8] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[9] J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln Laboratoryâ€,ACM Transations on Information and system security, vol. 3, no. 4, pp. 262–294 (2000)
[10] C. E. Rasmussen, fmincg minimization function.
[11] http://learning.eng.cam.ac.uk/carl/code/minimize/
[12] “Waikato environment for Knowledge analysis (Weka) and Using Weka in Matlabâ€
[13] http://www.mathworks.com/matlabcentral/fileexchange/50120-using-weka-in-matlab
[14] M. A. Hall and L. A. Smith, “Feature Subset Selection: A Correlation Based Filter Approachâ€, University of Waikato, (1997)
[15] Denning DE, Edwards DL, Jagannathan R, Lunt TF, Neumann PG, “A prototype IDES: A real-time intrusion detection expert systemâ€. Technical report, Computer Science Laboratory, SRI International, Menlo Park
[16] M. Roesch, “Snort — lightweight intrusion detection for networksâ€. In Proceedings of the 13th Systems Administration Conference, pp 229 – 238, Seattle, WA, USA, Usenix Association, , (1999)
[17] Jagannathan R, Lunt TF, Anderson D, Dodd C, Gilham F, Jalali C, Javitz HS, Neumann PG, Tamaru A, Valdes A, “System Design Document: Next-generation intrusion-detection expert system (NIDES)â€. Technical report, Computer Science Laboratory, SRI International, Menlo Park, (1993)
[18] Darren Anstee, Denial of service attack data, Arbor Networks Inc.,2015.
[19] Andy Meek, DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions,2015.
[20] Joseph Steinberg, Denial of Service Attacks Are Growing Increasingly Problematic: Here’s What You Need To Know, 2015.
[21] Carl G, Kesidis G, Brooks RR, Rai S. Denial-of-service attack-detection techniques. Internet Computing, IEEE. 2006 Jan;10(1):82-9.
[22] Gavaskar S, Surendiran R, Ramaraj DE. Three Counter Defense Mechanism for TCP SYN Flooding Attacks. International Journal of Computer Applications. 2010 Sep;6(6):0975-8887.
[23] Kavisankar L, Chellappan C. A Mitigation model for TCP SYN flooding with IP Spoofing. Proceeding of IEEE International Conference on Recent Trends in Information Technology (ICRTIT), 2011, pp. 251-256.
Ng J, Joshi D, Banik SM. Applying Data Mining Techniques to Intrusion Detection. Proceeding of IEEE 12th International Conference Information Technology-New Generations, 2015, pp. 800-801.
-
Downloads
-
-
How to Cite
Anitha Patil, D., & Srikanth Yadav, M. (2018). Performance Analysis of Misuse Attack Data using Data Mining Classifiers. International Journal of Engineering & Technology, 7(4.36), 261-263. https://doi.org/10.14419/ijet.v7i4.36.23782
