X hits on this document

PDF document

Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach - page 6 / 10

23 views

0 shares

0 downloads

0 comments

6 / 10

Normal

1394

5

1

0

0

99.6

Probe

49

649

2

0

0

92.7

DoS

3

101

4096

2

0

97.5

U2Su

0

1

8

12

4

48.0

R2L

0

1

6

21

535

95.0

%

96.4

85.7

99.6

34.3

99.3

set classified, as “probe” indeed belongs to Probe. The overall accuracy of the classification is 97.04 with a false positive rate of 2.76% and false negative rate of 0.20.

Table 2. Performance

of resilient back propagation neural network

Normal

Probe DoS U2Su R2L

Table 3. Performance of SVMs

%

Because SVMs are only capable of binary classifications, we employed five SVMs, for the 5-class classification problem.. We partition the data into the two classes of “Normal” and “Rest” (Probe, DoS, U2Su, R2L) patterns, where the rest is the collection of four classes of attack instances in the data set. The objective is to separate normal and attack patterns. We repeat this process for all classes. Training is done using the RBF (radial bias function) kernel option; an important point of the kernel function is that it defines the feature space in which the training set examples will be classified. Table 3 summarizes the results of the experiments using SVMs.

4.3

SVM Experiments

Class

Training time (sec)

Testing time (sec)

Accuracy (%)

Normal

7.66

1.26

99.55

Probe

49.13

2.10

99.70

DoS

22.87

1.92

99.25

U2Su

3.38

1.05

99.87

R2L

11.54

1.02

99.78

5. Ranking The Significance of Features

Feature selection and ranking [16,17] is an important issue in intrusion detection. Of the large number of features that can be monitored for intrusion detection purpose, which are truly useful, which are less significant, and which may be useless? The question is relevant because the elimination of useless features (the so-called audit

trail reduction) enhances the accuracy of detection while speeding computation, thus improving the overall performance of an IDS. The feature

and selection problem for intrusion detection is similar

in

nature to

up the ranking various

engineering problems that are characterized by:

a.

Having a large number of input variables

x

=

(x1,

x2,

  • ,

xn)

of varying

degrees

of importance to the output y; i.e., some elements of x are essential, some are less important, some of them may not be mutually independent, and some may be useless or irrelevant (in determining the value of y)

Document info
Document views23
Page views23
Page last viewedWed Nov 23 22:10:14 UTC 2016
Pages10
Paragraphs417
Words4082

Comments