Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Subramanian, Uma; Ong, Hang See

doi:10.7763/jacn.2014.v2.87

Cited by 7 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, they focused on establishing a relationship between the attack types and the protocol used by the hackers, using clustered data. Subramanian et al [46] presented an analysis of the effect of clustering the training data and test data in the classification efficiency of the Naive Bayes classifier. Kumar et al [47] proposed a clustering approach based on a simple k-means clustering algorithm to analyze the NSL-KDD dataset.…”

Section: Figure 1: Sdn-based Intrusion Detection System 3 Methodology...mentioning

confidence: 99%

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

Alshammri¹,

Samha²,

Hemdan³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Network management and multimedia data mining techniques have a great interest in analyzing and improving the network traffic process. In recent times, the most complex task in Software Defined Network (SDN) is security, which is based on a centralized, programmable controller. Therefore, monitoring network traffic is significant for identifying and revealing intrusion abnormalities in the SDN environment. Consequently, this paper provides an extensive analysis and investigation of the NSL-KDD dataset using five different clustering algorithms: K-means, Farthest First, Canopy, Density-based algorithm, and Exception-maximization (EM), using the Waikato Environment for Knowledge Analysis (WEKA) software to compare extensively between these five algorithms. Furthermore, this paper presents an SDN-based intrusion detection system using a deep learning (DL) model with the KDD (Knowledge Discovery in Databases) dataset. First, the utilized dataset is clustered into normal and four major attack categories via the clustering process. Then, a deep learning method is projected for building an efficient SDN-based intrusion detection system. The results provide a comprehensive analysis and a flawless reasonable study of different kinds of attacks incorporated in the KDD dataset. Similarly, the outcomes reveal that the proposed deep learning method provides efficient intrusion detection performance compared to existing techniques. For example, the proposed method achieves a detection accuracy of 94.21% for the examined dataset.

show abstract

Section: Figure 1: Sdn-based Intrusion Detection System 3 Methodology...mentioning

confidence: 99%

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

Alshammri¹,

Samha²,

Hemdan³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…Mainly these IDS use different types of intrusion detection techniques. These techniques are based on: Signature [29][30][31][32][33], Anomaly [34][35][36][37][38], Artificial Neural Network (ANN) [39][40][41][42][43], Fuzzy Logic [44][45][46][47], Association Rule [34,48,49], Support Vector Machine (SVM) [50][51][52], Genetic Algorithm (GA) [53][54][55][56][57], Hybrid Technique [58]. Signaturebased IDS mainly detect intrusion by matching captured patterns with previously generated pattern databases.…”

Section: Ids Overview and Limitationsmentioning

confidence: 99%

An edge based hybrid intrusion detection framework for mobile edge computing

Singh

Chatterjee

Satapathy

2021

Complex Intell. Syst.

View full text Add to dashboard Cite

The Mobile Edge Computing (MEC) model attracts more users to its services due to its characteristics and rapid delivery approach. This network architecture capability enables users to access the information from the edge of the network. But, the security of this edge network architecture is a big challenge. All the MEC services are available in a shared manner and accessed by users via the Internet. Attacks like the user to root, remote login, Denial of Service (DoS), snooping, port scanning, etc., can be possible in this computing environment due to Internet-based remote service. Intrusion detection is an approach to protect the network by detecting attacks. Existing detection models can detect only the known attacks and the efficiency for monitoring the real-time network traffic is low. The existing intrusion detection solutions cannot identify new unknown attacks. Hence, there is a need of an Edge-based Hybrid Intrusion Detection Framework (EHIDF) that not only detects known attacks but also capable of detecting unknown attacks in real time with low False Alarm Rate (FAR). This paper aims to propose an EHIDF which is mainly considered the Machine Learning (ML) approach for detecting intrusive traffics in the MEC environment. The proposed framework consists of three intrusion detection modules with three different classifiers. The Signature Detection Module (SDM) uses a C4.5 classifier, Anomaly Detection Module (ADM) uses Naive-based classifier, and Hybrid Detection Module (HDM) uses the Meta-AdaboostM1 algorithm. The developed EHIDF can solve the present detection problems by detecting new unknown attacks with low FAR. The implementation results illustrate that EHIDF accuracy is 90.25% and FAR is 1.1%. These results are compared with previous works and found improved performance. The accuracy is improved up to 10.78% and FAR is reduced up to 93%. A game-theoretical approach is also discussed to analyze the security strength of the proposed framework.

show abstract

“…Naive Bayes Classification (NBC) for handling missing data need appropriate replacement value to maintain the method performance. Missing data at multivariate if there are mixed values either discrete, continuous, and category will require the conversion process to be numerical value [12]. NBC to handle missing data can work with the condition it requires imputation process firstly to replace value part whose attribute missed so it is called Naive Bayes Imputation (NBI).…”

Section: Introductionmentioning

confidence: 99%

A Hybrid Self Organizing Map Imputation (Somi) With Naïve Bayes for Imputation Missing Data Classification

Suprajitno¹,

Khotimah²,

Miswanto³

2019

GEOMATE

View full text Add to dashboard Cite

This study proposes hybrid SOMI (Self Organizing Map Imputation) and Naïve Bayes (NB) model on data, that contain missing values to improve the performance of the Naïve Bayes Imputation (NBI) it has weaknesses for missing categories n ≤ 1. This new hybrid model, using imputation approach based on SOMI is used for prepossessing and NB classification for the classification process in multivariate data, so that it can improve performance. SOMI measurements use an average error with self-organizing feature map. The multivariate attribute is converted to numeric attributes to establish data uniformity. The SOMI learning results have used weight variations by combining the mechanism of distance hierarchical value representation with a new scheme to overcome mixed types. Hybrid SOMINB is used to classify mixed data to correct misclassification. The model has advantages because it can update weights with the probability of each attribute. Attribute values have produced a set of probabilities for each cluster using the Naïve Bayes group. Outputs of the SOMI Method are used as learning machines to produce training data for the target class to be used in Naive Bayes machine learning. The results of this study used all missing scenarios at a random mechanism and various missing percentages. The results of the hybrid SOMINB model showed more results with an accuracy rate of 90.00% with other imputation analysis. Experimental results present that the proposed produces higher accuracy than general estimating values which established missing value treatment methods.

show abstract

Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Cited by 7 publications

References 12 publications

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

An edge based hybrid intrusion detection framework for mobile edge computing

A Hybrid Self Organizing Map Imputation (Somi) With Naïve Bayes for Imputation Missing Data Classification

Contact Info

Product

Resources

About