L-SCANN: Logarithmic Subcentroid and Nearest Neighbor

• Autorzy: Tohari A. , Kharisma M.
• Języki publikacji: EN

Abstrakty

EN

Securing a computer network has become a need in this digital era. One way to ensure the security is by deploying an intrusion detection system (IDS), which some of them employs machine learning methods, such as k-nearest neighbor. Despite its strength for detecting intrusion, there are some factors, which should be improved. In IDS, some research has been done in terms of feature generation or feature selection. However, its performance may not be good enough. In this paper, a method to increase the quality of the generated features while maintaining its high accuracy and low computational time is proposed. This is done by reducing the search space in training data. In this case, the authors use distance between the evaluated point and the centroid of the other clusters, as well as the logarithmic distance between the evaluated point and the subcentroid of the respective cluster. Besides the performance, the effect of homogeneity in extracting centroid and subcentroid on the accuracy of the detection model is also evaluated. Based on conducted experiment, authors find that the proposed method is able to decrease processing time and increase the performance. In more details, by using NSL-KDD 20% dataset, there is an increase of 4%, 2%, and 6% from those of TANN in terms of accuracy, sensitivity and specificity, respectively. Similarly, by using Kyoto 2006 dataset, proposed method rises 1%, 3%, and 2% than those of TANN.

Słowa kluczowe

EN

clustering; feature transformation; information security; network security

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2016
• Tom: nr 4
• Strony: 71--80
• Opis fizyczny: Bibliogr. 23 poz., rys., tab.

Twórcy

autor

Tohari A.

• Department of Informatics, Institut Teknologi Sepuluh Nopember (ITS), Surabaya, Indonesia

autor

Kharisma M.

• Department of Informatics, Institut Teknologi Sepuluh Nopember (ITS), Surabaya, Indonesia

Bibliografia

• [1] B. Czaplewski, M. Dzwonkowski, and R. Rykaczewski, “Digital fingerprinting based on quaternion encryption scheme for gray-tone images”, J. Telecommun. & Inform. Technol., no. 2, pp. 3–11, 2014.
• [2] T. Ahmad and J. Hu, “Generating cancelable biometric templates using a projection line”, in Proc. 11th Int. Conf. on Control, Autom., Robot. & Vision ICARCV 2010, Singapore, 2010, pp. 7–12.
• [3] M. Holil and T. Ahmad, “Secret data hiding by optimizing general smoothness difference expansion-based method”, J. Theor. & Appl. Informa. Technol., vol. 72, no. 2, pp. 155–163, 2015.
• [4] P. Garc´ia-Teodoro, J. D´iaz-Verdejo, G. Macia-Fern´andez, and ´ E. Vazquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges”, Comput. Secur., vol. 28, no. 1–2, pp. 18–28, 2009.
• [5] R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection”, in Proc. IEEE Symp. on Secur. & Priv., Oakland, CA, USA, 2010, pp. 305–316.
• [6] I. H. Witten and E. Frank, Data Mining: Practical Machine Learning Tools and Techniques, 2nd ed. San Francisco, CA, USA: Morgan Kaufmann Publ. Inc., 2005.
• [7] W.-C. Lin, S.-W. Ke, and C.-F. Tsai, “CANN”, Know.-Based Syst., vol. 78, no. C, pp. 13–21, 2015.
• [8] C.-F. Tsai and C.-Y. Lin, “A triangle area based nearest neighbors approach to intrusion detection”, Pattern Recogn., vol. 43, no. 1, pp. 222–229, 2010.
• [9] K. Muchammad and T. Ahmad, “Detecting intrusion using recursive clustering and sum of log distance to subcentroid”, Procedia Comp. Sci., vol. 72, no. 1, pp. 446–452, 2015.
• [10] C. Guo, Y. Zhou, Y. Ping, Z. Zhang, G. Liu, and Y. Yang, “A distance sum-based hybrid method for intrusion detection”, Appl. Intellig., vol. 40, no. 1, pp. 178–188, 2014.
• [11] J. Parkinson and M. Blaxter, “Simitri-visualizing similarity relationships for groups of sequences”, Bioinformatics, vol. 19, no. 3, pp. 390–395, Feb. 2003.
• [12] B. Luo and J. Xia, “A novel intrusion detection system based on feature generation with visualization strategy”, Expert Syst. Appl., vol. 41, no. 9, pp. 4139–4147, 2014.
• [13] E.-H. Han and G. Karypis, “Centroid-based document classification: Analysis and experimental results”, in Proceedings of the 4th European Conference on Principles of Data Mining and Knowledge Discovery. London, UK: Springer, 2000, pp. 424–431.
• [14] S. Varuna and P. Natesan, “An integration of k-means clustering and nave bayes classifier for intrusion detection”, in Proc. 3rd Int. Conf. on Sig. Process., Commun. & Netw. ICSCN 2015, Chennai, India, 2015, pp. 1–5.
• [15] W. Wang, T. Guyet, R. Quiniou, M.-O. Cordier, F. Masseglia, and X. Zhang, “Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks”, Knowl.-Based Syst., vol. 2014, no. 70, 2014.
• [16] X. Zhang, C. Furtlehner, C. Germain-Renaud, and M. Sebag, “Data stream clustering with affinity propagation”, IEEE Trans. on Knowl. & Data Engin., vol. 26, no. 7, pp. 1644–1656, 2014.
• [17] B. J. Frey and D. Dueck, “Clustering by passing messages between data points”, Science, vol. 315, no. 5814, pp. 972–976, 2007.
• [18] V. Garcia, E. Debreuve, and M. Barlaud,“Fast k-Nearest Neighbor Search using GPU”, ArXiv e-prints, Apr. 2008.
• [19] J. Heinermann, O. Kramer, K. L. Polsterer, and F. Gieseke, “On GPU based nearest neighbor queries for large-scale photometric catalogs in astronomy”, in KI 2013: Advances in Artificial Intelligence, I. J. Timm and M. Thimm, Eds. LNCS, vol. 8077, pp. 86–97. Springer, 2013.
• [20] M. Steinbach, G. Karypis, and V. Kumar, “A comparison of document clustering techniques”, in Proc. KDD Workshop on Text Mining, Boston, MA, USA, 2000.
• [21] A. Demiriz, K. Bennett, and M. J. Embrechts, “Semi-supervised clustering using genetic algorithms”, in Proc. Conf. on Artificial Neural Networks in Engineering ANNIE’99, St. Louis, MO, USA, 1999, pp. 809–814.
• [22] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD cup 99 data set”, in Proc. 2nd IEEE Symp. on Computat. Intellig. for Secur. & Defense Appl. CISDA’09, Ottawa, Canada, 2009, pp. 53–58.
• [23] J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue, and K. Nakao, “Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation”, in Proc. 1st Worksh. on Build. Analysis Datasets and Gathering Exper. Returns for Secur. BADGERS 2011, Salzburg, Austria, 2011, pp. 29–36.

Uwagi

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę (zadania 2017).