An optimized feature set for anomaly-based intrusion detection / Wasswa Hassan

Wasswa, Hassan (2019) An optimized feature set for anomaly-based intrusion detection / Wasswa Hassan. Masters thesis, University of Malaya.

[img] PDF (The Candidate's Agreement)
Restricted to Repository staff only

Download (194Kb)
    PDF (Thesis M.A)
    Download (2017Kb) | Preview


      The ubiquity of the internet and its enhanced transmission speed has led to establishment of many networks by various businesses across the vertical market. Currently, a huge number of organizations across the globe conduct business transactions over the internet. This has amplified the volume of network traffic flowing in and out of business information systems making real-time analysis a very hectic task for network administrators. Consequently, the escalated number of business transactions has allured an outrageous number of cyber attackers to the business’ information systems. The hackers use advanced techniques and tools to launch new and well refined attacks every day. To enable detection of new and unknown attacks, various research efforts have focused towards enhancing anomaly-based network intrusion detection systems (ANIDS). One way to optimize the performance of ANIDSs is to identify only relevant features for training the intrusion detection system (IDS). This is since modern traffic constitutes a large number of attributes many of which are irrelevant for classification of traffic as either benign or anomaly. Having only relevant features can greatly reduce model complexity making it more interpretable, improve IDS performance in terms of speed and accuracy and avoid over fitting. To this end, this research proposed a feature set that optimizes the performance of ANIDSs by utilizing various feature selection techniques, i.e. filter, wrapper and embedded methods, for enhanced information security. The proposed feature set is evaluated using five machine learning classifiers trained and tested on UNSW-NB15 dataset. The proposed feature set recorded better detection results with regard to accuracy, precision, recall, false positive rate (FPR) and detection time compared to feature sets obtained by application of a single feature election method. Random forest classifier outperformed the other four classifiers used in this research i.e. Decision tree (DT), AdaBoost, Extra trees classifier and Gradient boosting classifier with regard to accuracy, precision, recall and false positive rate (FPR) while DT recorded shortest detection time.

      Item Type: Thesis (Masters)
      Additional Information: Dissertation (M.A.) – Faculty of Computer Science & Information Technology, University of Malaya, 2019.
      Uncontrolled Keywords: Intrusion detection; Intrusion detection systems; Machine learning; Feature selection; UNSW-NB15
      Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
      Divisions: Faculty of Computer Science & Information Technology
      Depositing User: Mr Mohd Safri Tahir
      Date Deposited: 14 Jan 2020 03:53
      Last Modified: 17 Aug 2020 08:05

      Actions (For repository staff only : Login required)

      View Item