At present, network security needs to be concerned to provide secure information channels due to ... more At present, network security needs to be concerned to provide secure information channels due to increase in potential network attacks. Intrusion Detection System (IDS) is a valuable tool for the defense-in-depth of computer networks. However, building an efficient ID faces a number of challenges. One of the important challenges is dealing with data containing a high number of features. Current IDS examines all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little to the detection process; their usage can decrease the intrusion detection efficiency as well as taking more computational time for the effective response in real time environment. The purpose of this paper is to identify important input features in building IDS that is computationally efficient and effective. In this work we propose the feature selection method by ranking them using the various feature selection algorithms like InfoGain, GainRatio, OneR, RELIEF etc. Combining the features of the best algorithms whose performance is better by comparing the result with each other using J48 classifier. To evaluate the performance of the proposed technique several experiments are conducted on the KDDcup99 dataset for intrusion detection. The empirical results indicate that input features are important to detect the intrusions and reduces the dimensionality of the features, training time and increases overall accuracy.
Artificial intelligence based techniques capitulate better performance in identifying the intrusi... more Artificial intelligence based techniques capitulate better performance in identifying the intrusions than other conventional approaches used in this field, but no single classifier is capable of identifying intrusions with acceptable accuracy. So, there is a necessity of integrating more than one classifier. This paper mainly focuses on constructing an ensemble of classifiers for classification of network traffic. In ensemble approach numerous machine learning algorithms are pooled. The main inspiration behind combining these classifiers is to take advantage of the powers of each classifier of the ensemble to get an overall more accurate classification. The existing combination techniques do not perform well when base classifiers are used with low accuracy or low diversity. The idea of the paper is to find promising classifiers for each type of network traffic class and combine them by proposing an effective combination technique so as to increase the overall accuracy. This paper proposes a combination technique is based on weighted voting. It uses two weights, one weight is assigned to each traffic class and the second weight is assigned to each classifier for each class. Traffic classes are weighted in order of their error-rate of classification i.e. the class which is hard to classify is given more weight. Classifiers are weighted by their ability to classify the instance of the particular traffic class. The results indicate the superiority of the proposed combination technique over the other combination techniques. In all experiments, the ensemble was able to increase the overall accuracy over every individual classifier used.
Applied Computational Intelligence and Soft Computing, 2012
In supervised learning-based classification, ensembles have been successfully employed to differe... more In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI-) based techniques play prominent role in development of ensemble for intrusion detection (ID) and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular) during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1) architecture & approach followed; (2) different ...
Proceedings of the International Conference on Advances in Computing and Artificial Intelligence, 2011
Researchers investigated Artificial Intelligence (AI) based classifiers for intrusion detection t... more Researchers investigated Artificial Intelligence (AI) based classifiers for intrusion detection to cope the weaknesses of knowledge based systems. AI based classifiers can be utilized in supervised and unsupervised mode. Here, we perform a blind set of experiments to compare & evaluate performance of the supervised classifiers by their categories using variety of metrics. The performance of the classifiers is analyzed using subset of benchmarked KDD cup 1999 dataset as training & Test dataset. This work has significant aspect of using variety of performance metrics to evaluate the supervised classifiers because some classifiers are designed to optimize some specific metric. This empirical analysis is not only a comparison of various classifiers to identify best classifier on the whole and best classifiers for individual attack classes, but also reveals guidelines for researchers to apply AI based classifiers to field of intrusion detection and directions for further research in this field.
Feature selection methods play a significant role during classification of data having high dimen... more Feature selection methods play a significant role during classification of data having high dimensions of features. The methods select most relevant subset of features that describe data appropriately. Mutual information (MI) based upon information theory is one of the metrics used for measuring relevance of features. This paper analyses various feature selection methods for (1) reduction in number of features; (2) performance of Naïve Bayes classification model trained on reduced set of features. Research gaps identified are: (1) computation of MI from the whole sample space instead of unclassified sample subspace; (2) consideration of relevance of features only or tradeoff between relevance and redundancy, but class conditional interaction of features is ignored.In this paper, we propose a general evaluation function using MI for feature selection. The proposed evaluation function is implemented which use dynamically computed MI values from unclassified instances. Effectiveness of...
2011 24th Canadian Conference on Electrical and Computer Engineering(CCECE), 2011
Abstract Feature selection methods play a significance role during classification of data having ... more Abstract Feature selection methods play a significance role during classification of data having high dimensions of features. The feature selection methods select most relevant subset of features that describe data appropriately. Mutual Information (MI) based upon ...
A novel evolutionary approach is proposed for effective intrusion detection based on benchmark da... more A novel evolutionary approach is proposed for effective intrusion detection based on benchmark datasets. The proposed approach can generate a pool of noninferior individual solutions and ensemble solutions thereof. The generated ensembles can be used to detect the intrusions accurately. For intrusion detection problem, the proposed approach could consider conflicting objectives simultaneously like detection rate of each attack class, error rate, accuracy, diversity, and so forth. The proposed approach can generate a pool of noninferior solutions and ensembles thereof having optimized trade-offs values of multiple conflicting objectives. In this paper, a three-phase, approach is proposed to generate solutions to a simple chromosome design in the first phase. In the first phase, a Pareto front of noninferior individual solutions is approximated. In the second phase of the proposed approach, the entire solution set is further refined to determine effective ensemble solutions considerin...
The Internet connects hundreds of millions of computers across the world running on multiple hard... more The Internet connects hundreds of millions of computers across the world running on multiple hardware and software platforms providing communication and commercial services. However, this interconnectivity among computers also enables malicious users to misuse resources and mount Internet attacks. The continuously growing Internet attacks pose severe challenges to develop a flexible, adaptive security oriented methods. Intrusion detection system (IDS) is
The State of the Art in Intrusion Prevention and Detection, 2013
Our increasing dependence on different types of networks leads us to make them more secure. Intru... more Our increasing dependence on different types of networks leads us to make them more secure. Intrusion detection is very challenging in all of those networks. An Intrusion detection system (IDS) attempts to discover malicious activities in a network. More sophisticated and increasing number of attacks are targeted against computer networks. Several methods have been proposed to provide accurate intrusion detection. Use of Artificial Intelligence (AI) in intrusion detection systems is wellknown. AI-based IDSs may detect even unknown attacks. On the other hand, network throughput is increasing and IDSs should be able to handle the high volume of traffic in real-time. Different models have been proposed to improve the processing speed of these systems. Most studies consider IDSs in IP version 4 (IPv4). However, the migration to IP version 6 (IPv6) has already started and is inevitable. There are several security challenges in this migration process and hence, IDS becomes an essential tool for these networks. Evolution from conventional wired networks to other types of networks introduce another set of security threats. For example, cloud environment, grid computing and wireless networks open up several vulnerabilities which are easily exploited by attackers. Thus, the ability to protect such networks by IDS become increasingly challenging. This chapter discusses the applications of AI-based IDS in different environments.
At present, network security needs to be concerned to provide secure information channels due to ... more At present, network security needs to be concerned to provide secure information channels due to increase in potential network attacks. Intrusion Detection System (IDS) is a valuable tool for the defense-in-depth of computer networks. However, building an efficient ID faces a number of challenges. One of the important challenges is dealing with data containing a high number of features. Current IDS examines all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little to the detection process; their usage can decrease the intrusion detection efficiency as well as taking more computational time for the effective response in real time environment. The purpose of this paper is to identify important input features in building IDS that is computationally efficient and effective. In this work we propose the feature selection method by ranking them using the various feature selection algorithms like InfoGain, GainRatio, OneR, RELIEF etc. Combining the features of the best algorithms whose performance is better by comparing the result with each other using J48 classifier. To evaluate the performance of the proposed technique several experiments are conducted on the KDDcup99 dataset for intrusion detection. The empirical results indicate that input features are important to detect the intrusions and reduces the dimensionality of the features, training time and increases overall accuracy.
Artificial intelligence based techniques capitulate better performance in identifying the intrusi... more Artificial intelligence based techniques capitulate better performance in identifying the intrusions than other conventional approaches used in this field, but no single classifier is capable of identifying intrusions with acceptable accuracy. So, there is a necessity of integrating more than one classifier. This paper mainly focuses on constructing an ensemble of classifiers for classification of network traffic. In ensemble approach numerous machine learning algorithms are pooled. The main inspiration behind combining these classifiers is to take advantage of the powers of each classifier of the ensemble to get an overall more accurate classification. The existing combination techniques do not perform well when base classifiers are used with low accuracy or low diversity. The idea of the paper is to find promising classifiers for each type of network traffic class and combine them by proposing an effective combination technique so as to increase the overall accuracy. This paper proposes a combination technique is based on weighted voting. It uses two weights, one weight is assigned to each traffic class and the second weight is assigned to each classifier for each class. Traffic classes are weighted in order of their error-rate of classification i.e. the class which is hard to classify is given more weight. Classifiers are weighted by their ability to classify the instance of the particular traffic class. The results indicate the superiority of the proposed combination technique over the other combination techniques. In all experiments, the ensemble was able to increase the overall accuracy over every individual classifier used.
Applied Computational Intelligence and Soft Computing, 2012
In supervised learning-based classification, ensembles have been successfully employed to differe... more In supervised learning-based classification, ensembles have been successfully employed to different application domains. In the literature, many researchers have proposed different ensembles by considering different combination methods, training datasets, base classifiers, and many other factors. Artificial-intelligence-(AI-) based techniques play prominent role in development of ensemble for intrusion detection (ID) and have many benefits over other techniques. However, there is no comprehensive review of ensembles in general and AI-based ensembles for ID to examine and understand their current research status to solve the ID problem. Here, an updated review of ensembles and their taxonomies has been presented in general. The paper also presents the updated review of various AI-based ensembles for ID (in particular) during last decade. The related studies of AI-based ensembles are compared by set of evaluation metrics driven from (1) architecture & approach followed; (2) different ...
Proceedings of the International Conference on Advances in Computing and Artificial Intelligence, 2011
Researchers investigated Artificial Intelligence (AI) based classifiers for intrusion detection t... more Researchers investigated Artificial Intelligence (AI) based classifiers for intrusion detection to cope the weaknesses of knowledge based systems. AI based classifiers can be utilized in supervised and unsupervised mode. Here, we perform a blind set of experiments to compare & evaluate performance of the supervised classifiers by their categories using variety of metrics. The performance of the classifiers is analyzed using subset of benchmarked KDD cup 1999 dataset as training & Test dataset. This work has significant aspect of using variety of performance metrics to evaluate the supervised classifiers because some classifiers are designed to optimize some specific metric. This empirical analysis is not only a comparison of various classifiers to identify best classifier on the whole and best classifiers for individual attack classes, but also reveals guidelines for researchers to apply AI based classifiers to field of intrusion detection and directions for further research in this field.
Feature selection methods play a significant role during classification of data having high dimen... more Feature selection methods play a significant role during classification of data having high dimensions of features. The methods select most relevant subset of features that describe data appropriately. Mutual information (MI) based upon information theory is one of the metrics used for measuring relevance of features. This paper analyses various feature selection methods for (1) reduction in number of features; (2) performance of Naïve Bayes classification model trained on reduced set of features. Research gaps identified are: (1) computation of MI from the whole sample space instead of unclassified sample subspace; (2) consideration of relevance of features only or tradeoff between relevance and redundancy, but class conditional interaction of features is ignored.In this paper, we propose a general evaluation function using MI for feature selection. The proposed evaluation function is implemented which use dynamically computed MI values from unclassified instances. Effectiveness of...
2011 24th Canadian Conference on Electrical and Computer Engineering(CCECE), 2011
Abstract Feature selection methods play a significance role during classification of data having ... more Abstract Feature selection methods play a significance role during classification of data having high dimensions of features. The feature selection methods select most relevant subset of features that describe data appropriately. Mutual Information (MI) based upon ...
A novel evolutionary approach is proposed for effective intrusion detection based on benchmark da... more A novel evolutionary approach is proposed for effective intrusion detection based on benchmark datasets. The proposed approach can generate a pool of noninferior individual solutions and ensemble solutions thereof. The generated ensembles can be used to detect the intrusions accurately. For intrusion detection problem, the proposed approach could consider conflicting objectives simultaneously like detection rate of each attack class, error rate, accuracy, diversity, and so forth. The proposed approach can generate a pool of noninferior solutions and ensembles thereof having optimized trade-offs values of multiple conflicting objectives. In this paper, a three-phase, approach is proposed to generate solutions to a simple chromosome design in the first phase. In the first phase, a Pareto front of noninferior individual solutions is approximated. In the second phase of the proposed approach, the entire solution set is further refined to determine effective ensemble solutions considerin...
The Internet connects hundreds of millions of computers across the world running on multiple hard... more The Internet connects hundreds of millions of computers across the world running on multiple hardware and software platforms providing communication and commercial services. However, this interconnectivity among computers also enables malicious users to misuse resources and mount Internet attacks. The continuously growing Internet attacks pose severe challenges to develop a flexible, adaptive security oriented methods. Intrusion detection system (IDS) is
The State of the Art in Intrusion Prevention and Detection, 2013
Our increasing dependence on different types of networks leads us to make them more secure. Intru... more Our increasing dependence on different types of networks leads us to make them more secure. Intrusion detection is very challenging in all of those networks. An Intrusion detection system (IDS) attempts to discover malicious activities in a network. More sophisticated and increasing number of attacks are targeted against computer networks. Several methods have been proposed to provide accurate intrusion detection. Use of Artificial Intelligence (AI) in intrusion detection systems is wellknown. AI-based IDSs may detect even unknown attacks. On the other hand, network throughput is increasing and IDSs should be able to handle the high volume of traffic in real-time. Different models have been proposed to improve the processing speed of these systems. Most studies consider IDSs in IP version 4 (IPv4). However, the migration to IP version 6 (IPv6) has already started and is inevitable. There are several security challenges in this migration process and hence, IDS becomes an essential tool for these networks. Evolution from conventional wired networks to other types of networks introduce another set of security threats. For example, cloud environment, grid computing and wireless networks open up several vulnerabilities which are easily exploited by attackers. Thus, the ability to protect such networks by IDS become increasingly challenging. This chapter discusses the applications of AI-based IDS in different environments.
Uploads
Papers by GULSHAN KUMAR