Application of Machine Learning Algorithms for Real Time Intrusion Detection and Classification

Abstract

The dynamic challenges faced by the information systems are increasing rapidly. The threats and attacks are framed and launched with new techniques targeting at the information stored in the networks. The information, while moving through subtle domains undergoes change continuously by types of users, system administrators and others who need to access. Protection of information systems is very essential against threat like Denial of service attack and Intrusions. In this research work, an experimental testbed is developed where real time attacks are generated for Network, Transport and Application layer. Distributed Denial of Service (DDoS) attack categories are generated. The rule based techniques applied for real time detection are Fuzzy Inference Systems (FIS) and Decision Trees (DT). Fuzzy Inference Systems are applied with Automatic Rule Generation Module (FIS-ARG). The ARG Module greatly reduces the process of framing rules based on their weightage. The Decision Trees are used with Reduced Error Pruning Module (DT-REP). The REP module actually reduces the tree size to two thirds and increases the Classification Rate (CR). The CR and FPR of FIS-ARG and DT-REP are comparatively higher than the available techniques. To improve the classification rate of real time attacks Support Vector machines are used with the Simple Network Management Protocol Management Information Base (SNMP MIB) data. 22 MIB variables are collected from the experimental testbed which provides the change in parameters of the network traffic. The best CR and FPR are provided by the TBED. The standard datasets like kddcup 99 and Shonlau s Truncated Command Sequences(STCS) are used to evaluate the performance of the rule based techniques and machine learning algorithms. The complete work has been developed as an Ensemble IDS Tool in which real attacks can be generated, detected and classified.