Anomaly Detection System for Internet Traffic based on TF-IDF and BFR Clustering Algorithms

  • Authors

    • Suad A. Alasadi
    • Wesam S. Bhaya
    2018-11-27
    https://doi.org/10.14419/ijet.v7i4.19.27967
  • Anomaly Detection, IDS, Network Attacks, Clustering Data Mining, TF_IDF, BFR.

  • An anomaly can be defined as any deviation from the normal and something which is outside the usual range of variations, it consumes network resources, and lead to security issues such as Confidentiality, Integrity, and Availability (CIA).An Intrusion Detection Systems (IDS) are designed and implemented by many researchers to analyze, detect, and prevent the anomaliestraffics. Although, there are various techniques for IDS to detect anomalies like statistical, machine learning techniques. Data mining can be efficiently employed for anomaly detection. Since, it works to extract features from network traffic; it can be used to distinguish between common legitimate and attack traffics. Data mining can be efficiently identifying the important data for user and predicts the results that can be utilized to detect various types of attacks.

    In this paper, an anomaly detection approach usingTerm Frequency Inverse Document Frequency(TF_IDF) and Bradley, Fayyad, and Reina(BFR) clustering algorithm is presented to detect and prevent malicious traffic efficiently and with low time complexity.Multiple types of attacks are detected in the proposed solution like (Flooding, Denial of Service (DoS), Backdoors, and Worms)attacks effectively using two modern datasets are which are“NUST2009, UNSW-NB2015â€.

    The experiments result shows that the BFR clustering algorithm perform better than the K-meanalgorithm in term of accuracy and detection rate. The overall accuracy for NUST2009 dataset is 99.2%, the detection rate is 100%, and false alarm rate is 0%. While the overall accuracy in UNSW-NB2015 dataset is 98.76, the detection rate is 79.28%, and false alarm rate is 0%.

     

     

  • References

    1. [1] Marnerides, A. Schaeffer-Filho, and A. Mauthe, “Traffic anomaly diagnosis in Internet backbone networks: A survey,†Elsevier, vol. 73, pp. 224–243, 2014.

      [2] S. Kumar, “Survey of Current Network Intrusion Detection Techniques,†Citeseer, pp. 1–18, 2007.

      [3] C. Douligeris, A. Mitrokotsa, “DDoS Attacks and Defense Mechanisms: Classification and State-of-the-Artâ€, Computer Networks, Vol. 44, No. 5, pp. 643-666, 2004.

      [4] R. kumar, M. Nene," A Survey on Latest DoS Attacks: Classification and Defense Mechanisms", International Journal of Innovative Research in Computer and Communication Engineering, Vol. 1, Issue 8, October 2013.

      [5] A. Rajaraman and J. D. Ullman, “Mining of Massive Datasets,†Lect. Notes Stanford CS345A Web Mining, vol. 67, p. 328, 2011.

      [6] Xin Du, Yingjie Yang, Xiaowen Kang, “Research of Applying Information Entropy and Clustering Techniques Network Traffic Analysisâ€, IEEE, 978-0-7695-3508-1, 2008.

      [7] Farhad S. Gharehchopogh, NedaJabbari, and Zeinab G. Azar. “Evaluation
      of fuzzy k-means and k-means clustering algorithms in intrusion detection systemsâ€. International Journal of Scientific and Technology Research, 1(11) 66–71, December 2012.

      [8] Z. Miller, W. Deitrick, and W. Hu, “Anomalous Network Packet Detection Using Data Stream Mining,†J. Inf. Secur., vol. 2, no. 4, pp. 158–168, 2011.

      [9] Ghanshyam P. Dubey, Neetesh Gupta, and Rakesh K. Bhujade. “A novel approach to intrusion detection system using rough set theory and incremental svmâ€. International Journal of Soft Computing and Engineering (IJSCE), (1):663–667, 2011.

      [10] R.-C. Chen, K.-F. Cheng, Y.-H. Chen, and C.-F. Hsieh, “Using Rough Set and Support Vector Machine for Network Intrusion Detection System,†in 2009 First Asian Conference on Intelligent Information and Database Systems, 2009, pp. 465–470.

      [11] Eid H. F., Darwish A., Ella Hassanien, and Abraham A. “Principle components analysis and support vector machine based intrusion detection systemâ€. In Intelligent Systems Design and Applications (ISDA), 10th International Conference on, pages 363–367. IEEE, December 2010.

      [12] Vivek K. Kshirsagar, Sonali M. Tidke and Swati Vishnu, “Intrusion Detection System using Genetic Algorithm and Data Mining: An Overviewâ€, International Journal of Computer Science and Informatics ISSN (PRINT): 2231 – 5292, Vol-1, Iss-4, 2012.

      [13] S. Mehibs and S. Hashim, “Proposed Network Intrusion Detection System Based on Fuzzy c_Mean Algorithm in Cloud Computing Environmentâ€, JUBPAS, vol. 26, no. 2, pp. 27-35, Dec. 2017.

      [14] S. Mehibs and S. Hashim, “Proposed Network Intrusion Detection System ‎In Cloud Environment Based on Back ‎Propagation Neural Networkâ€, JUBPAS, vol. 26, no. 1, pp. 29-40, Dec. 2017.

      [15] W. Bhaya and M. Ebadymanaa, “DDoS attack detection approach using an efficient cluster analysis in large data scale,†in 2017 Annual Conference on New Trends in Information and Communications Technology Applications, NTICT 2017, 2017.

      [16] Joshi, Manish and TheyaznHassnHadi. “A Review of Network Traffic Analysis and Prediction Techniques.†CoRR abs/1507.05722 (2015): n. pag.

      [17] S. Ali Khayam, F. Mirza, et al., " A SURVEY OF ANOMALY-BASED INTRUSION DETECTION SYSTEMS", School of Electrical Engineering and Computer Science, 2009.

      [18] N. Moustafa, J.Slay," The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems", 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2015.

      [19] B. Trstenjak,S. Mikac, D. Donko, "KNN with TF-IDF Based Framework for Text Categorization", 24th DAAAM International Symposium on Intelligent Manufacturing and Automation, 2013.

      [20] P.S. Bradley, Usama Fayyad, and Cory Reina, Scaling Clustering Algorithms to Large Databases, KDD-98 Proceedings, 1998.

      [21] C. Tsai, C. Lin, “A Triangle Area Based Nearest Neighbors Approach to Intrusion Detectionâ€, Pattern Recognition, Vol. 43, No. 1, pp. 222-229, 2010.â€

      [22] S. Mukherjee, N.Sharma, “ Intrusion Detection Using Naive Bayes Classifier with Feature Reductionâ€, Procedia Technology, Vol. 4, pp. 119-128, 2012.

  • Downloads

  • How to Cite

    A. Alasadi, S., & S. Bhaya, W. (2018). Anomaly Detection System for Internet Traffic based on TF-IDF and BFR Clustering Algorithms. International Journal of Engineering & Technology, 7(4.19), 600-604. https://doi.org/10.14419/ijet.v7i4.19.27967