Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Intrusion Detection in Network Intrusion Detection System using SVM

SVM을 이용한 네트워크 기반 침입탐지 시스템에서 새로운 침입탐지에 관한 연구

  • 양은목 (숭실대학교 소프트웨어학부) ;
  • 서창호 (공주대학교 응용수학과)
  • Received : 2018.02.23
  • Accepted : 2018.05.20
  • Published : 2018.05.28
Download PDF
⟨ Previous Next ⟩

Abstract

Much research has been done using the KDDCup99 data set to study intrusion detection using artificial intelligence. Previous studies have shown that the performance of the SMO (SVM) algorithm is superior. However, intrusion detection studies of new intrusion types not used in training are insufficient. In this paper, a model was created using the instances of weka's SMO and KDDCup99 training data set, kddcup.data.gz. We tested existing instances(292,300) of the corrected.gz file and new intrusions(18,729). In general, intrusion labels not used in training are not tested, so new intrusion labels were changed to normal. Of the 18,729 new intrusions, 1,827 were classified as intrusions. 1,827 instances classified as new intrusions are buffer_overflow. Three, neptune. 392, portsweep. 164, ipsweep. 9, back. 511, imap. 1, satan. Dogs, 645, nmap. 102.

인공지능을 이용한 침입탐지 연구는 KDDCup99 데이터 세트를 사용하여 많은 연구가 이루어졌다. 이전 연구에서 SMO(SVM)알고리즘의 성능이 우수하다고 알려져 있다. 하지만 훈련에 사용되지 않은 새로운 침입유형의 침입탐지연구는 미비하다. 본 논문에서는 웨카(weka)의 SMO와 KDDCup99 훈련 데이터 세트인 kddcup.data.gz의 인스턴스를 이용하여 모델을 생성하였다. corrected.gz 파일의 인스턴스 중 기존 침입(292,300개)과 새로운 침입(18,729개)을 테스트하였다. 일반적으로 훈련에 사용되지 않은 침입 라벨은 테스트 되지 않기 때문에 새로운 침입라벨을 normal.로 변경하여 테스트하였다. 새로운 침입 18,729개의 인스턴스 중 1,827개는 침입으로 분류하였다. 새로운 침입으로 분류한 1,827개의 인스턴스는 buffer_overflow. 3개, neptune. 392개, portsweep. 164개, ipsweep. 9개, back. 511개, imap. 1개, satan. 개, 645 개, nmap. 102개로 분류되었다.

Keywords

References

  1. Yugal kumar & G. Sahoo, (2012). Analysis of Parametric & Non Parametric Classifiers for Classification Technique using WEKA, IJITCS, 4(7), 43-49. DOI: 10.5815/ijitcs.2012.07.06
  2. DUTTON, D. & CONROY, G. (1997). A review of machine learning. The Knowledge Engineering Review,12(4), 341-367. DOI: 10.1017/S026988899700101X
  3. De Mantaras & Armengol E. (1998). Machine learning from example: Inductive and Lazy methods, Data & Knowledge Engineering, 25, 99-123. DOd: 10.1016/S0169-023X(97)00053-0
  4. Jing, L. & Bin, W. (2016, December). Network Intrusion Detection Method Based on Relevance Deep Learning. In Intelligent Transportation, Big Data & Smart City (ICITBS), 2016 International Conference on (pp. 237-240). IEEE. DOI: 10.1109/icitbs.2016.132
  5. Rani, N. & Purwar, R. K. (2017). Performance Analysis of various classifiers using Benchmark Datasets in Weka tools. International Journal of Engineering Trends and Technology (IJETT), 47(5), May. DOI: 10.14445/22315381/IJETT-V47P247
  6. Garg, T. & Khurana, S. S. (2014, May). Comparison of classification techniques for intrusion detection dataset using WEKA. In Recent Advances and Innovations in Engineering (ICRAIE), pp. 1-5. IEEE. DOI: 10.1109/ICRAIE.2014.6909184
  7. Ouyang, Z., Zhou, M., Wang, T. & Wu, Q. (2009, November). Mining concept-drifting and noisy data streams using ensemble classifiers. In Artificial Intelligence and Computational Intelligence. AICI'09. International Conference on (Vol. 4, pp. 360-364). IEEE. DOI: 10.1109/AICI.2009.153
  8. Ertam, F., & Yaman, O. (2017, September). Intrusion detection in computer networks via machine learning algorithms. In Artificial Intelligence and Data Processing Symposium (IDAP), 2017 International (pp. 1-4). IEEE. DOI: 10.1109/IDAP.2017.8090165
  9. Kabir, M. R., Onik, A. R., & Samad, T. (2017). A Network Intrusion Detection Framework based on Bayesian Network using Wrapper Approach. International Journal of Computer Applications, 166(4). DOI: 10.5120/ijca2017913992
  10. Garg, T., & Khurana, S. S. (2014, May). Comparison of classification techniques for intrusion detection dataset using WEKA. In Recent Advances and Innovations in Engineering (ICRAIE), 2014 (pp. 1-5). IEEE. DOI: 10.1109/ICRAIE.2014.6909184
  11. Modi, M. U., & Jain, A. (2015). A survey of IDS classification using KDD CUP 99 dataset in WEKA. Int. J. Sci. Eng. Res, 6(11), 947-954.
  12. Zeng, Z. Q., Yu, H. B., Xu, H. R., Xie, Y. Q., & Gao, J. (2008, November). Fast training support vector machines using parallel sequential minimal optimization. In Intelligent System and Knowledge Engineering, 2008. ISKE 2008. 3rd International Conference on (Vol. 1, pp. 997-1001). IEEE DOI: 10.1109/iske.2008.4731075
  13. S.S. Keerthi, S.K. Shevade, C. Bhattacharyya, K.R.K. Murthy (2001). Improvements to Platt's SMO Algorithm for SVM Classifier Design. Neural Computation, 13(3), 637-649. DOI: 10.1162/089976601300014493
  14. Trevor Hastie, Robert Tibshirani. (1998). Classification by Pairwise Coupling. In: Advances in Neural Information Processing Systems. DOI: 10.1214/aos/1028144844
  15. Srivastava, S. (2014). Weka: a tool for data preprocessing, classification, ensemble, clustering and association rule mining. International Journal of Computer Applications, 88(10). DOI: 10.5120/15389-3809
  16. E. M. Yang, H. J. Lee & C. H. Seo. (2017). Comparison of Detection Performance of Intrusion Detection System Using Fuzzy and Artificial Neural Network. Journal of Digital Convergence, 15(6), 391-398. DOI: 10.14400/JDC.2017.15.6.391
  17. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  18. https://www.cs.waikato.ac.nz/-ml/weka/