Two-tier network anomaly detection model: a machine learning approach
详细信息 查看全文
- 作者:Hamed Haddad Pajouh…
- 关键词:Anomaly detection ; Intrusion detection system ; Multi ; layer classification ; Certainity ; factor
- 刊名:Journal of Intelligent Information Systems
- 出版年:2017
- 出版时间:February 2017
- 年:2017
- 卷:48
- 期:1
- 页码:61-74
- 全文大小:
- 刊物类别:Computer Science
- 刊物主题:Information Storage and Retrieval; Data Structures, Cryptology and Information Theory; Artificial Intelligence (incl. Robotics); IT in Business; Document Preparation and Text Processing;
- 出版者:Springer US
- ISSN:1573-7675
- 卷排序:48
文摘
Network anomaly detection is one of the most challenging fields in cyber security. Most of the proposed techniques have high computation complexity or based on heuristic approaches. This paper proposes a novel two-tier classification models based on machine learning approaches Naïve Bayes, certainty factor voting version of KNN classifiers and also Linear Discriminant Analysis for dimension reduction. Experimental results show a desirable and promising gain in detection rate and false alarm compared with other existing models. The model also trained by two generated balance training sets using SMOTE method to evaluate the chosen similarity measure for dealing with imbalanced network anomaly data sets. The two-tier model provides low computation time due to optimal dimension reduction and feature selection, as well as good detection rate against rare and complex attack types which are so dangerous because of their close similarity to normal behaviors like User to Root and Remote to Local. All evaluation processes experimented by NSL-KDD data set.