EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


25295 RePIDS: a multi tier real-time payload-based intrusion detection system
Home Policy Brochure Browse Search User Area Contact Help

Jamdagni, Aruna and Tan, Zhiyuan and Nanda, Priyadarsi and He, Xiangjian and Liu, Ren Ping (2013) RePIDS: a multi tier real-time payload-based intrusion detection system. Computer networks, 57 (3). pp. 811-824. ISSN 1389-1286 *** ISI Impact 1,446 ***

Full text available as:

PDF

773 Kb
Open Access



Official URL: http://dx.doi.org/10.1016/j.comnet.2012.10.002

Exported to Metis

Abstract

Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative Feature Selection Engine (IFSEng) for feature subspace selection. Principal Component Analysis (PCA) technique is used for the pre-processing of data. Mahalanobis Distance Map (MDM) is used to discover hidden correlations between the features and between the packets. We also propose a novel Real-time Payload-based Intrusion Detection System (RePIDS) that integrates a 3-Tier IFSEng and the MDM approach. Mahalanobis Distance (MD) dissimilarity criterion is used to classify each packet as either a normal or an attack packet. The effectiveness of the proposed RePIDS is evaluated using DARPA 99 dataset and Georgia Institute of Technology attack dataset. The traffic for Web-based application is considered for validating our model. F-value, a criterion, is used to evaluate the detection performance of RePIDS. Experimental results show that RePIDS achieves better performance (high F-values, 0.9958 for DARPA 99 dataset and 0.976 for Georgia Institute of Technology attack dataset respectively, with only 0.85% false alarm rate) and lower computational complexity when compared against two state-of-the-art payload-based intrusion detection systems. Additionally, it has 1.3 time higher throughput in comparison with real scenario of medium sized enterprise network.

Item Type:Article
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Uncontrolled Keywords:Intrusion detection; Data pre-processing; Principal component analysis; Mahalanobis Distance Map; Principal components; Iterative feature selection
ID Code:25295
Status:Published
Deposited On:28 November 2014
Refereed:Yes
International:Yes
ISI Impact Factor:1,446
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item