Limits...
A Dynamic Intrusion Detection System Based on Multivariate Hotelling's T2 Statistics Approach for Network Environments.

Sivasamy AA, Sundan B - ScientificWorldJournal (2015)

Bottom Line: The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer.Providing effective security protocols for any network environment, therefore, assumes paramount importance.Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

View Article: PubMed Central - PubMed

Affiliation: Department of Computer Science and Engineering, College of Engineering Guindy, Anna University, Chennai 600025, India.

ABSTRACT
The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling's T(2) method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling's T(2) statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup'99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

No MeSH data available.


ROC curve for all classes.
© Copyright Policy - open-access
Related In: Results  -  Collection


getmorefigures.php?uid=PMC4556881&req=5

fig1: ROC curve for all classes.

Mentions: During the evaluation process, both training and test datasets are kept entirely different in such a way that the model provides a more generalized environment for predicting its efficiency. The performance testing has been carried out by keeping the λ values at 1, 2, and 3. The results obtained for smaller variations in λ values, say, 1 and 1.5, are more or less the same. The results of the performance tests are plotted as ROC curves in Figure 1. The results reveal that the MHT2S model has been able to achieve 100% detection rate for normal, R2L, and U2R classes whereas, for the DoS and probe classes, the model achieves 99.77 and 97.32 percent detection rates, respectively. The false alarm rates obtained using this model for normal, R2L, U2R, DoS, and probe classes are 0.30, 2.50, 44, 0.23, and 0.94, respectively, which are shown in Table 6.


A Dynamic Intrusion Detection System Based on Multivariate Hotelling's T2 Statistics Approach for Network Environments.

Sivasamy AA, Sundan B - ScientificWorldJournal (2015)

ROC curve for all classes.
© Copyright Policy - open-access
Related In: Results  -  Collection

Show All Figures
getmorefigures.php?uid=PMC4556881&req=5

fig1: ROC curve for all classes.
Mentions: During the evaluation process, both training and test datasets are kept entirely different in such a way that the model provides a more generalized environment for predicting its efficiency. The performance testing has been carried out by keeping the λ values at 1, 2, and 3. The results obtained for smaller variations in λ values, say, 1 and 1.5, are more or less the same. The results of the performance tests are plotted as ROC curves in Figure 1. The results reveal that the MHT2S model has been able to achieve 100% detection rate for normal, R2L, and U2R classes whereas, for the DoS and probe classes, the model achieves 99.77 and 97.32 percent detection rates, respectively. The false alarm rates obtained using this model for normal, R2L, U2R, DoS, and probe classes are 0.30, 2.50, 44, 0.23, and 0.94, respectively, which are shown in Table 6.

Bottom Line: The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer.Providing effective security protocols for any network environment, therefore, assumes paramount importance.Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

View Article: PubMed Central - PubMed

Affiliation: Department of Computer Science and Engineering, College of Engineering Guindy, Anna University, Chennai 600025, India.

ABSTRACT
The ever expanding communication requirements in today's world demand extensive and efficient network systems with equally efficient and reliable security features integrated for safe, confident, and secured communication and data transfer. Providing effective security protocols for any network environment, therefore, assumes paramount importance. Attempts are made continuously for designing more efficient and dynamic network intrusion detection models. In this work, an approach based on Hotelling's T(2) method, a multivariate statistical analysis technique, has been employed for intrusion detection, especially in network environments. Components such as preprocessing, multivariate statistical analysis, and attack detection have been incorporated in developing the multivariate Hotelling's T(2) statistical model and necessary profiles have been generated based on the T-square distance metrics. With a threshold range obtained using the central limit theorem, observed traffic profiles have been classified either as normal or attack types. Performance of the model, as evaluated through validation and testing using KDD Cup'99 dataset, has shown very high detection rates for all classes with low false alarm rates. Accuracy of the model presented in this work, in comparison with the existing models, has been found to be much better.

No MeSH data available.