Frequency : 12 issues per year
Subject : Computer Applications and Technology
ISSN : 2319–8656 (Online)
IJCATR Volume 11 Issue 8
Model for Enhancing Performance of Network Intrusion Detection based on Hybrid Feature Selection and Unsupervised Learning Techniques
Joseph Mbugua Chahira, Jane Kinanu Kiruki
10.7753/IJCATR1108.1008
keywords : Network Intrusion Detection, unsupervised learning, Clustering, alert correlation, Structural-based AC.
As security threats change and advance in a drastic way, relevant of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts as they require high levels of human involvement in creating the system and/or maintaining it. The main goal in this work is to enhances the structural based alert correlation model to improve the quality of alerts and detection capability of NIDS by grouping alerts with common attributes based on unsupervised learning techniques. This work compares four unsupervised learning algorithms namely Self-organizing maps (SOM), K-means, Expectation and Maximization (EM) and Fuzzy C-means (FCM) to select the best cluster algorithm based on Clustering Accuracy Rate (CAR), Clustering Error (CE) and processing time. The result inferred that the proposed model based on hybrid feature selection, PCA and EM is effective in terms of Clustering Accuracy Rate (CAR) and processing time for The NSL-KDD Dataset
@artical{j1182022ijcatr11081008,
Title = "Model for Enhancing Performance of Network Intrusion Detection based on Hybrid Feature Selection and Unsupervised Learning Techniques ",
Journal ="International Journal of Computer Applications Technology and Research(IJCATR)",
Volume = "11",
Issue ="8",
Pages ="341 - 350",
Year = "2022",
Authors ="Joseph Mbugua Chahira, Jane Kinanu Kiruki"}
Review related work on unsupervised learning.
Discuss Unsupervised learning techniques SOM, EM KM and FCM.
Evaluate the performance based on Clustering Error, Error Rate, Accuracy Rate, Time.
Design a Model for Enhancing Performance of Network Intrusion Detection based on Hybrid Feature Selection and Unsupervised Learning Techniques