International Journal of P2P
Network Trends and Technology

Research Article | Open Access | Download PDF
Volume 3 | Issue 1 | Year 2013 | Article Id. IJPTT-V3I1P413 | DOI : https://doi.org/10.14445/22492615/IJPTT-V3I1P413

Anomaly Intrusion Detection System using Random Forests and k-Nearest Neighbor


Phyu Thi Htun, Kyaw Thet Khaing

Citation :

Phyu Thi Htun, Kyaw Thet Khaing, "Anomaly Intrusion Detection System using Random Forests and k-Nearest Neighbor," International Journal of P2P Network Trends and Technology (IJPTT), vol. 3, no. 1, pp. 39-43, 2013. Crossref, https://doi.org/10.14445/22492615/ IJPTT-V3I1P413

Abstract

This paper proposed a new approach to design the anomaly intrusion detection system using not only misuse but also anomaly intrusion detection for both training and detection of normal or attacks respectively. The utilized method is the combination of Machine Learning and pattern recognition method for Anomaly Intrusion Detection System(AIDS). The Machine Learning Algorithm, Random Forest, use as a feature selection method and the pattern recognition algorithm, k-Nearest Neighbours for detection and classification of the known and unknown attack classes. The experimental results are obtained by using through intrusion dataset: the KDD Cup 1999 dataset.

Keywords

AIDS, Random Forest, k-Nearest Neighbour, unknown attacks

References

[1] W. Lee and S. J. Stolfo, “Data Mining Approaches for Intrusion Detection”, the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
[2] K.T.Khaing and T.T.Naing, “Enhanced Feature Ranking and Selection using Recurisive Featue Elemination and k-Nearest Neighbor Algorithms in SVM for IDS”, Internaiton Journal of Network and Mobile Technology(IJNMT), No.1, Vol 1. 2010.
[3] M. Bahrololum, E. Salahi and M. Khaleghi, "Anomaly Intrusion Detection Design using Hybrid of Unsupervised and Supervised Neural Network", International Journal of Computer Network & Communications(IJCNC), Vol.1, No.2, July 2009.
[4] L. Breiman, “Random Forests”, Machine Learning 45(1):5– 32, 2001.
[5] V. Marinova-Boncheva, "A Short Survey of Intrusion Detection System" , 2007.
[6] Tamas Abraham, “IDDM: Intrusion Detection Using Data Mining Techniques”, DSTO Electronics and Surveillance Research Laboratory, Salisbury, Australia, May 2001.
[7] M. Mahoney and P. Chan, “An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection”, Proceeding of Recent Advances in Intrusion Detection (RAID)-2003, Pittsburgh, USA, September 2003.
[8] KDD’99 datasets, The UCI KDD Archive, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html , Irvine, CA, USA, 1999.
[9] KDD Cup 1999. Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, December 2009.
[10] Lan Guo, Yan Ma, Bojan Cukic, and Harshinder Singh, “Robust Prediction of Fault-Proneness by Random Forests”, Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), pp. 417-428, Brittany, France, November 2004.
[11] Ting-Fan Wu, Chih-Jen Lin, and Ruby C. Weng, “Probability Estimates for Multi-class Classification by Pairwise Coupling”, The Journal of Machine Learning Research, Volume 5, December 2004.
[12] Yimin Wu, High-dimensional Pattern Analysis in Multimedia Information Retrieval and Bioinformatics, Doctoral Thesis, State University of New York, January 2004.
[13] Bogdan E. Popescu, and Jerome H. Friedman, Ensemble Learning for Prediction, Doctoral Thesis, Stanford University, January 2004.
[14] Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Salvatore Stolfo. “A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data.” Applications of Data Mining in Computer Security, 2002.
[15] WEKA software, Machine Learning, http://www.cs.waikato.ac.nz/ml/weka/, The University of Waikato, Hamilton, New Zealand.
[16] Leo Breiman and Adele Cutler, Random forests, http://statwww.berkeley.edu/users/breiman/RandomForests/c c_home.htm, University of California, Berkeley, CA, USA.
[17] David J. Hand, Heikki Mannila, and Padhraic Smyth, Principles of Data Mining, The MIT Press, August, 2001.
[18] MIT Lincoln Laboratory, DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/,MA, USA.
[19] J.Zhange and M. Zulkerline, “Network Intrusion Detection using Random Forests”,2011.
[20] T. Lappas and K. Pelechrinis Data Mining Techniques for (Network) Intrusion Detection Systems”.
[21] J. Zhang and M. Zulkernine, ”Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection”, Symposium on Network Security and Information Assurance Proc. of the IEEE International Conference on Communications (ICC), 6 pages, Istanbul, Turkey, June 2006.
[22] S. Thirumuruganathan, “A Detailed Introduction to KNearest Neighbor (KNN) Algorithm”, World Press, May 17, 2010.
[23] X Wu, V Kumar, J Ross Quinlan, J Ghosh, “Top 10 Data mining Algorithm”, Knowledge and Information Systems, Volume 14, Issue 1, pp 1-37 ,2008 – Springer
[24] S. Mukkamala, A.H. Hung and A. Abraham, “Intrusion Detection Using an Ensemble of Intelligent Paradigms.” Journal of Network and Computer Applications, Vol. 28(2005), 167-182.
[25] S. Chebrolu, A. Abraham, and J.P. Thomas, “Feature Deduction and Ensemble Design of Intrusion Detection Systems.” International Journal of Computers and Security, Vol 24, Issue 4,(June 2005), 295-307
[26] A.H. Sung and S. Mukkamala, “The Feature Selection and Intrusion Detection Problems.” Proceedings of Advances in Computer Science - ASIAN 2004: Higher- Level Decision Making. 9th Asian Computing Science Conference. Vol. 321(2004) , 468-482.
[27] S. Mukkamala, A.H. Sung and A. Abraham, “Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach.” LNCS 3029, Springer Hiedelberg, 2004, pp. 633-642.
[28] A. Abraham and R. Jain, “Soft Computing Models for Network Intrusion Detection Systems.” Soft Computing in Knowledge Discovery: Methods and Applications, Springer Chap 16, 2004, 20pp.
[29] A. Abraham, C. Grosan, and C.M. Vide, “Evolutionar Design of Intrusion Detection Programs.” InternationalJournal of Network Security, Vol. 4, No. 3, 2007, pp. 328-339