UNWANTED BEHAVIOUR DETECTION AND CLASSIFICATION IN NETWORK TRAFFIC


Onem I. M.

International Conference on Knowledge Discovery and Information Retrieval (KDIR 2010), Valencia, İspanya, 25 - 28 Ekim 2010, ss.122-128 identifier

  • Basıldığı Şehir: Valencia
  • Basıldığı Ülke: İspanya
  • Sayfa Sayıları: ss.122-128

Özet

An Intrusion Detection System classifies activities at an unwanted intention and can log or prevent activities that are marked as intrusions. Intrusions occur when malicious activity and unwanted behaviour gain access to or affect the usability of a computer resource. During the last years, anomaly discovery has attracted the attention of many researchers to overcome the disadvantage of signature-based IDSs in discovering novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Difficulty is discovering unwanted behaviour in network traffic after they have been subject to machine learning methods and processes. The goal of this research is using the SVM machine learning model with different kernels and different kernel parameters for classification unwanted behaviour on the network with scalable performance. The SVM model enables flexible, flow-based method for detecting unwanted behaviour and illustrates its use in the context of an incident, and can forward the design and deployment of improved techniques for security scanning. Although scalability and performance are major considerations and results also are targeted at minimizing false positives and negatives. The classification matured in this paper is used for improving SVM computational efficiency to detect intrusions in each category, and enhanced model is presented experimental results based on an implementation of the model tested against real intrusions.