Frequency : 12 issues per year
Subject : Computer Applications and Technology
ISSN : 2319–8656 (Online)
IJCATR Volume 13 Issue 1
Alert Correlation Model Based on Hybrid Machine Learning Techniques to Enhance the Performance of NIDS
Joseph Mbugua, Enoch Mogendi
10.7753/IJCATR1301.1003
keywords : Alert Correlation, Machine Learning, Model, Performance, Intrusion Detection.
There obstacles in developing an effective intrusion detection systemin this modern digital world. This work proposes a three level model in developingNIDS that offers multiple types of correlations. In the first level, several feature selection techniques are integrated existing feature selection techniques Correlation Feature Selection, Information Gain and Chi square to find the best set of features used in this work. The second level enhances the structural based alert correlation model based on Expectation and Maximization (EM) to improve the quality of alerts and detection capability by grouping alerts with common attributes. Then an anomaly classification module is designed in the third level based on fusion of five heterogeneous classifiers Support Vector Machine (SVM), Instance based Learners (IBL), Random Forest, J48, and Bayes Net using Voting as a Multi-Classifier. The NSL KDD dataset is used in this experiment. The overall detection rate is 99.9%, false error rate 0.1% and execution rate of 1340.7 seconds. This shows that HAC is effective and practical in providing complete correlation even on high dimensionality, large scaled and low quality dataset used in intrusion detection system.
@artical{j1312024ijcatr13011003,
Title = "Alert Correlation Model Based on Hybrid Machine Learning Techniques to Enhance the Performance of NIDS",
Journal ="International Journal of Computer Applications Technology and Research(IJCATR)",
Volume = "13",
Issue ="1",
Pages ="9 - 18",
Year = "2024",
Authors ="Joseph Mbugua, Enoch Mogendi"}
.