BIROn - Birkbeck Institutional Research Online

    Data randomization and cluster-based partitioning for Botnet intrusion detection

    Al-Jarrah, O.Y. and Alhussein, O. and Yoo, Paul D. and Muhaidat, S. and Taha, K. and Kim, K. (2015) Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8), pp. 1796-1806. ISSN 2168-2267.

    [img] Text
    Al-Jarrah et al IEEE Trans Cybernetics 2016.pdf - Published Version of Record
    Restricted to Repository staff only

    Download (2MB)

    Abstract

    chines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient counter- measure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) iden- tifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet’s payload and com- paring it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the short- comings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network’s traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state- of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network fea- ture set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The pro- posed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outper- forms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.

    Metadata

    Item Type: Article
    School: Birkbeck Faculties and Schools > Faculty of Science > School of Computing and Mathematical Sciences
    Depositing User: Paul Yoo
    Date Deposited: 12 Oct 2018 12:03
    Last Modified: 09 Aug 2023 12:45
    URI: https://eprints.bbk.ac.uk/id/eprint/24451

    Statistics

    Activity Overview
    6 month trend
    2Downloads
    6 month trend
    207Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item
    Edit/View Item