Professional Documents
Culture Documents
ms160400843 - Synopsis v2.2
ms160400843 - Synopsis v2.2
D Thesis
Department of Computer Science
The massive growth in the Internet during last two decades increases the
importance of cyber security manifolds. Numerous new threats to data
security are being created on daily basis. Intrusion Detection System (IDS) is
a primary defence mechanism to secure data and resources from illegal
disclosure and unauthorized use. Various approaches for cyber security were
proposed by researchers i.e. signature based intrusion detection and
anomaly detection based intrusion detection. In signature based intrusion
detection approach the IDS has a database containing the signatures of
harmful traffic like viruses. An ID sniffs and analyses each data packet and
compare it with its database. In case of a match, it removes the data packet
from network. Anomaly detection based IDS categorizes network traffic into
valid traffic and anomalous traffic. Accuracy of this categorization bases on
appropriate features selection. Existing approaches mostly rely on
quantitative features. Scarcity of work on studying encoding of qualitative
features into quantitative form is a significant flaw of these approaches.
Encoding of qualitative features into quantitative features can increase
accuracy level of anomaly detection model. In this research an Intrusion
Detection System based on anomaly detection model using supervised
learning techniques and both quantitative i.e. attack type, protocol, timing of
attack, source IP Address, destination IP Address and qualitative features i.e.
number of bytes in source packets, Source to destination packet count,
Source bits per second, and Row total duration. Different supervised learning
techniques i.e. Nearest Neighbour, Random Forest, Multilevel perceptron and
Decision tree, along with encoding techniques i.e. Polynomial encoding,
Leave one out encoding, Target encoding are used to enhance the anomaly
detection process in unbalanced network traffic. Performance enhancement
and anomaly detection accuracy improvement is major concern in proposed
model. The proposed model will be trained and tested on UNSW-NB15 data
set. Experimental results are recorded and compared for suitability of
anomaly detection model against the UNSW-NB15 data set.
Introduction
Research Objectives
Literature Review:
Shadi Aljawarneh et al. states that the first ever IDS proposed by Dorothy E.
Denning during a research conducted under the SRI International
(Aljawarneh et al., 2018). This leads to a new generation of intrusion
detection systems referred as the anomaly detection based IDS.
In a study (Naseer et al., 2018) different deep learning technique are studied
to investigate their suitability for anomaly detection in network flows. They
developed a IDS model based on different deep learning techniques, i.e.
Convolutional Neural Networks (CNNs), Auto-encoders and Recurrent Neural
Networks (RNNs).they used NSLKDD training dataset to train their model and
same dataset namely NSLKDDTest+ and NSLKDDTest21 for evaluation and
evaluated on both test datasets. After evaluation they reported that Deep
Convolutional Neural Network (DCNN) and Long Short term Memory (LSTM)
Recurrent neural network (RNN) Models proved up to 85% and 89% accurate
on test dataset. They concluded that deep learning is a viable and promising
technology for anomaly detection in network security.
This model will be trained using a well-known and reliable standard dataset,
names as UNSW-NB15. This data set is divided into two parts (Moustafa &
Slay, 2016) training set and testing set. Moustafa et al. (Moustafa & Slay,
2016) states that UNSW-NB15 is recently generated as a benchmark dataset
for IDS performance evaluation. It has nine types of modern attacks and
comprise of realistic activities of a normal traffic captured within change in
time. This dataset also comprises 49 feature of data flow between different
nodes in a network. Authors compared the UNSW-NB15 dataset with KDD99
dataset statistically and practically proved that UNSW-NB15 is more complex
and reflects real world situations in more sophisticated fashion. It provides a
number of modern attacks in more realistic way.
In this study, after training of model the anomaly detection accuracy of the
model will be evaluated and compared statistically with UNSW-NB15 dataset.
Risk Analysis and Management (Not Applicable)
References/Bibliography
[1] Ali, A., Hu, Y., Hsieh, C., & Khan, M. (2017). A Comparative Study on
Machine Learning Algorithms for Network Defense. Virginia Journal Of
Science, 68(3 & 4), 1-19. doi: 10.25778/PEXS-2309
[2] Nevat, I., Divakaran, D., Nagarajan, S., Zhang, P., Su, L., Ko, L., & Thing, V. (2018).
Anomaly Detection and Attribution in Networks with Temporally Correlated
Traffic. IEEE/ACM Transactions on Networking, 26(1), 131-144. doi:
10.1109/tnet.2017.2765719
[3] Koh, J., Nevat, I., Leong, D., & Wong, W. (2016).Geo-Spatial Location Spoofing
Detection for Internet of Things. IEEE Internet Of Things Journal, 3(6), 971-978. doi:
10.1109/jiot.2016.2535165
[4] Li, Y., Ma, R., & Jiao, R. (2015). A Hybrid Malicious Code Detection Method based on
Deep Learning. International Journal Of Security And Its Applications, 9(5), 205-216.
doi: 10.14257/ijsia.2015.9.5.21
[5] Salama, M., Eid, H., Ramadan, R., Darwish, A., &Hassanien, A. (2011).Hybrid
Intelligent Intrusion Detection Scheme. Advances In Intelligent And Soft Computing, 293-
303. doi: 10.1007/978-3-642-20505-7_26
[6] Denning, D. (1987). An Intrusion-Detection Model. IEEE Transactions On Software
Engineering, SE-13(2), 222-232. doi: 10.1109/tse.1987.232894
[7] García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., &Vázquez, E. (2009).
Anomaly-based network intrusion detection: Techniques, systems and
challenges. Computers & Security, 28(1-2), 18-28. doi: 10.1016/j.cose.2008.08.003
[8] Ravale, U., Marathe, N., & Padiya, P. (2015). Feature Selection Based Hybrid Anomaly
Intrusion Detection System Using K Means and RBF Kernel Function. Procedia
Computer Science, 45, 428-435. doi: 10.1016/j.procs.2015.03.174
[9] Aljawarneh, S., Aldwairi, M., &Yassein, M. (2018).Anomaly-based intrusion detection
system through feature selection analysis and building hybrid efficient model. Journal Of
Computational Science, 25, 152-160. doi: 10.1016/j.jocs.2017.03.006
[10] Kwon, D., Kim, H., Kim, J., Suh, S., Kim, I., & Kim, K. (2017). A survey of deep
learning-based network anomaly detection. Cluster Computing.doi: 10.1007/s10586-017-
1117-8
[11] Liao, Y., &Vemuri, V. (2002).Use of K-Nearest Neighbor classifier for intrusion
detection. Computers & Security, 21(5), 439-448. doi: 10.1016/s0167-4048(02)00514-x
[12] Borisaniya, B., & Patel, D. (2015).Evaluation of Modified Vector Space Representation
Using ADFA-LD and ADFA-WD Datasets. Journal of Information Security, 06(03),
250-264. doi: 10.4236/jis.2015.63025
[13] Assem, N., Rachidi, T., &Taha El Graini, M. (2018). INTRUSION DETECTION USING
BAYESIAN CLASSIFIER FOR ARBITRARILY LONG SYSTEM CALL
SEQUENCES. IADIS International Journal On Computer Science And Information
Systems, 9(1), 71-81. Retrieved from
http://www.iadisportal.org/ijcsis/papers/2014170106.pdf
[14] De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., &Prieto, B. (2015). PCA filtering and
probabilistic SOM for network intrusion detection. Neurocomputing, 164, 71-81. doi:
10.1016/j.neucom.2014.09.083
[15] Al-Yaseen, W., Othman, Z., &Nazri, M. (2017). Multi-level hybrid support vector
machine and extreme learning machine based on modified K-means for intrusion
detection system. Expert Systems with Applications, 67, 296-303. doi:
10.1016/j.eswa.2016.09.041
[16] Naseer, S., Saleem, Y., Khalid, S., Bashir, M., Han, J., Iqbal, M., & Han, K. (2018).
Enhanced Network Anomaly Detection Based on Deep Neural Networks. IEEE
Access, 6, 48231-48246. doi:10.1109/access.2018.2863036
[17] Aygun, R., &Yavuz, A. (2017). Network Anomaly Detection with Stochastically
Improved Autoencoder Based Models. 2017 IEEE 4Th International Conference On
Cyber Security And Cloud Computing (Cscloud).doi: 10.1109/cscloud.2017.39
[18] Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems:
Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99
data set. Information Security Journal: A Global Perspective, 25(1-3), 18-31. doi:
10.1080/19393555.2015.1125974
[19]
Gantt chart (to be used as guideline)
Details of Funds/Expenditure (Not Applicable)
Student Signature
Date: ______
DECLARATION
____________________
Signature of Supervisor
Profile of Supervisor
Name of Supervisor:_________________________________________________________
Designation: _______________________________________________________________
Total No. of Impact Factor Research Publications during last 5 years: ____
Total No. of Publications without Impact Factor during last 5 years: _______________
Ongoing
Research students
Signature of Supervisor
Signature / Seal
Chairperson of the Department
Date: ___________