Exploring discrepancies in findings obtained with the KDD Cup '99 data set

Engen, Vegard; Vincent, Jonathan; Phalp, Keith

doi:10.3233/ida-2010-0466

Cited by 41 publications

(12 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Eventually, the proposed model will be employed for classification of new samples. For evaluation of the reliability of the suggested approach, a number of experiments are conducted using KDD Cup 1999 data which is known to be a popular dataset and has been widely used by the researchers [39][40][41][42]. The results of experiments and their investigations are described in the subsequent part.…”

Section: Feature Selection Methods Ga-svmmentioning

confidence: 99%

A hybrid method consisting of GA and SVM for intrusion detection system

Aslahi-Shahri

Rahmani

Chizari

et al. 2015

Neural Comput & Applic

185

View full text Add to dashboard Cite

In this paper, a hybrid method of support vector machine and genetic algorithm (GA) is proposed and its implementation in intrusion detection problem is explained. The proposed hybrid algorithm is employed in reducing the number of features from 45 to 10. The features are categorized into three priorities using GA algorithm as the highest important is the first priority and the lowest important is placed in the third priority. The feature distribution is done in a way that 4 features are placed in the first priority, 4 features in the second, and 2 features in the third priority. The results reveal that the proposed hybrid algorithm is capable of achieving a truepositive value of 0.973, while the false-positive value is 0.017.

show abstract

Section: Feature Selection Methods Ga-svmmentioning

confidence: 99%

A hybrid method consisting of GA and SVM for intrusion detection system

Aslahi-Shahri

Rahmani

Chizari

et al. 2015

Neural Comput & Applic

185

View full text Add to dashboard Cite

show abstract

“…Moreover, generalization of results obtained from Solarisbased system is not logical since Solaris-based system has limited usage in cyber community compared to Linux [25][26] . The most critical point in KDD collection is the existence of several data artifacts within it which make it not reliable [27] .…”

Section: Kdd Datasetsmentioning

confidence: 99%

Enhanced Host-Based Intrusion Detection Using System Call Traces

Ikram¹

2019

JKAU Comp IT Sci

View full text Add to dashboard Cite

To detect zero-day attacks in modern systems, several host-based intrusion detection systems are proposed using the newly compiled ADFA-LD dataset. These techniques use the system call traces of the dataset to detect anomalies, but generally they suffer either from high computational cost as in window-based techniques or low detection rate as in frequency-based techniques. To enhance the accuracy and speed, we propose a host-based intrusion detection system based on distinct short sequences extraction from traces of system calls with a novel algorithm to detect anomalies. To the best of our knowledge, the obtained results of the proposed system are superior to all up-to-date published systems in terms of computational cost and learning time. The obtained detection rate is also much higher than almost all compared systems and is very close to the highest result. In particular, the proposed system provides the best combination of high detection rate and very small learning time. The developed prototype achieved 90.48% detection rate, 22.5% false alarm rate, and a learning time of about 30 seconds. This provides high capability to detect zero-day attacks and also makes it flexible to cope with any environmental changes since it can learn quickly and incrementally without the need to rebuild the whole classifier from scratch.

show abstract

“…It has been recommended for evaluating the performance of an anomalybased IDS in detecting new intrusions. Due to the reason that the primary concern to an anomaly-based IDS is its accuracy in modelling normal traffic behaviour of a network, the age of data does not prevent a fair evaluation on the system [43]. Moreover, testing our approach using KDD Cup 99 data set contributes convincing evaluations and comparisons with other related state-of-the-art techniques [11] [12].…”

Section: System Evaluationmentioning

confidence: 99%

Detection of Denial-of-Service Attacks Based on Computer Vision Techniques

Tan

Jamdagni

et al. 2015

IEEE Trans. Comput.

139

View full text Add to dashboard Cite

the ensemble detection system involves time-consuming computation and cannot work real-time. Yu et al. [21] suggested a two-tier hierarchical detection system using SVM. The hierarchical structure and one-class SVM (i.e., Support Vector Data Description) equip it with the advantage in classifying various attacks into their appropriate classes. This detection system achieved its best attack detection rate of 99.40% using 3 selected Management Information Based (MIB) features. Statistical analysis techniques have been employed to conduct investigation into attributes of network traffic packets and to determine a rationale threshold for discriminating attacks from the legitimate traffic. Wang et al. [22] proposed a sequential Change-Point Monitoring (CPM) approach for the detection of DoS attacks. A non-parametric Cumulative Sum (CUSUM) algorithm was used in the CPM to evaluate the significance of the changes of traffic patterns and to determine the appearance of DoS attacks. The CPM is more suitable for analysing a complex network environment. Whereas in [22], CPM was only tested using SYN flooding attacks. Moreover, its performance is possibly affected by network indiscipline. Kim and Reddy [23] suggested a statistical-based approach to detect anomalies at an egress router. Discrete wavelet transform was used to transform address correlation data (i.e., the correlation of destination IP addresses, port numbers and the number of flows). This statistical-based detection technique provides a solution to detect outgoing anomalous traffic at source networks. Thatte et al. [24] developed a bivariate Parametric Detection Mechanism (bPDM) operating on aggregate traffic. The bPDM applies the Sequential Probability Ratio Test (SPRT) on two aggregate traffic statistics (i.e., packet rate and packet size), and it alleges an anomaly only when a rise in the traffic volume is associated with a change in the distribution of packet-size. Despite the afore-discussed systems or approaches show innovation and promise in different aspects of attack detection, they still suffer from relatively high false positive rates. This is partly because they either neglect the dependency and correlation between features/attributes or do not manage to fully exploit the correlation [25]. Some recent studies attempt to cope with this problem by taking full advantage of the correlation in their designs. Thottan and Ji [10] developed an abrupt change detection approach which employs statistical signal processing technique based on the Auto-Regression (AR) process. An operation matrix (A), which retained "the ensemble average of the two point spatial cross-correlation of the abnormality vectors estimated over a time interval T " [10], participated in the computation of the value of abnormality indicator. Although this detection approach has shown to be effective in detecting several network anomalies, it is still an open topic for now how to manage features with various time granularities. Jin et al. [11] proposed a statistical detection approach using...

show abstract

Exploring discrepancies in findings obtained with the KDD Cup '99 data set

Cited by 41 publications

References 65 publications

A hybrid method consisting of GA and SVM for intrusion detection system

A hybrid method consisting of GA and SVM for intrusion detection system

Enhanced Host-Based Intrusion Detection Using System Call Traces

Detection of Denial-of-Service Attacks Based on Computer Vision Techniques

Contact Info

Product

Resources

About