Al-Jarrah, O.Y. and Alhussein, O. and Yoo, Paul D. and Muhaidat, S. and Taha, K. and Kim, K. (2015) Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8), pp. 1796-1806. ISSN 2168-2267.
![[img]](https://eprints.bbk.ac.uk/style/images/fileicons/text.png) |
Text
Al-Jarrah et al IEEE Trans Cybernetics 2016.pdf - Published Version of Record Restricted to Repository staff only Download (2MB) |
Abstract
chines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient counter- measure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) iden- tifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet’s payload and com- paring it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the short- comings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network’s traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state- of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network fea- ture set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The pro- posed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outper- forms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.
Metadata
| Item Type: | Article |
|---|---|
| School: | Birkbeck Faculties and Schools > Faculty of Science > School of Computing and Mathematical Sciences |
| Depositing User: | Paul Yoo |
| Date Deposited: | 12 Oct 2018 12:03 |
| Last Modified: | 09 Aug 2023 12:45 |
| URI: | https://eprints.bbk.ac.uk/id/eprint/24451 |
Statistics
Additional statistics are available via IRStats2.
Archive Staff Only (login required)
