Browse > Article
http://dx.doi.org/10.15207/JKCS.2018.9.11.015

Performance Evaluation of One Class Classification to detect anomalies of NIDS  

Seo, Jae-Hyun (Division of Computer Science & Engineering, WonKwang University)
Publication Information
Journal of the Korea Convergence Society / v.9, no.11, 2018 , pp. 15-21 More about this Journal
Abstract
In this study, we try to detect anomalies on the network intrusion detection system by learning only one class. We use KDD CUP 1999 dataset, an intrusion detection dataset, which is used to evaluate classification performance. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve relatively high classification efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data. In this study, we use one class classifiers based on support vector machines and density estimation to detect new unknown attacks. The test using the classifier based on density estimation has shown relatively better performance and has a detection rate of about 96% while maintaining a low FPR for the new attacks.
Keywords
Intrusion detection; one class classification; unsupervised learning; machine learning; artificial intelligence;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Y. T. K. Lai, J. S. Hu, Y. H. Tsai, & W. Y. Chiu. (2018). Industrial Anomaly Detection and One-class Classification using Generative Adversarial Networks. In 2018 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM), 1444-1449.
2 Confusion matrix, https://en.wikipedia.org/wiki/Confusion_matrix
3 L. Portnoy, E. Eskin, & S. Stolfo. (2001). Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001).
4 L. M. Manevitz & M. Yousef. (2001). One-class SVMs for document classification. Journal of machine Learning research, 2, 139-154.
5 J. H. Seo. (2018). Feature Selection for Anomaly Detection Based on Genetic Algorithm, Journal of the Korea Convergence Society, 9(7), 1-7.   DOI
6 J. G. Kang, J. Y. Lee, & Y. Y. You. (2017). A Study on Implementation of Fraud Detection System (FDS) Applying BigData Platform, Journal of the Korea Convergence Society, 8(4), 19-24.   DOI
7 M. M. Moya & D. R. Hush. (1996). Network constraints and multi-objective optimization for one-class classification. Neural Networks, 9(3), 463-474.   DOI
8 D. M. J. Tax. (2001). One-class classification: concept-learning in the absence of counter-examples [Ph. D. thesis]. Delft University of Technology, Stevinweg, The Netherlands.
9 K. Hempstalk, E. Frank, & I. H. Witten. (2008, September). One-class classification by combining density and class probability estimation. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases, 505-519. Springer, Berlin, Heidelberg.
10 S. S. Khan & M. G. Madden. (2014). One-class classification: taxonomy of study and review of techniques. The Knowledge Engineering Review, 29(3), 345-374.   DOI
11 S. S. Khan & M. G. Madden. (2009). A survey of recent trends in one class classification. In Irish Conference on Artificial Intelligence and Cognitive Science, 188-197. Springer, Berlin, Heidelberg.
12 P. Nader, P. Honeine, & P. Beauseroy. (2014). lp-norms in One-Class Classification for Intrusion Detection in SCADA Systems. IEEE Transactions on Industrial Informatics, 10(4), 2308-2317.   DOI
13 KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
14 WEKA, https://www.cs.waikato.ac.nz/ml/weka/
15 B. Mukherjee, L. T. Heberlein, & K. N. Levitt. (1994). Network intrusion detection. IEEE network, 8(3), 26-41.   DOI
16 P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, & E. Vazquez. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security, 28(1-2), 18-28.   DOI
17 I. Kang, M. K. Jeong, & D. Kong. (2012). A differentiated one-class classification method with applications to intrusion detection. Expert Systems with Applications, 39(4), 3899-3905.   DOI
18 G. Ratsch, S., Mika, B., Scholkopf, & K. R. Muller. (2002). Constructing boosting algorithms from SVMs: an application to one-class classification. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(9), 1184-1199.   DOI
19 K. L. Li, H. K. Huang, S. F. Tian, & W. Xu. (2003, November). Improving one-class SVM for anomaly detection. In Machine Learning and Cybernetics, 2003 International Conference on, 5, 3077-3081. IEEE.
20 G. Giacinto, R. Perdisci, M. Del Rio, & F. Roli. (2008). Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion, 9(1), 69-82.   DOI
21 J. H. Seo. (2018). Detection of Car Hacking Using One Class Classifier. Journal of the Korea Convergence Society, 9(6), 33-38.   DOI
22 H. Moeini & F. M. Torab. (2017). Comparing compositional multivariate outliers with autoencoder networks in anomaly detection at Hamich exploration area, east of Iran. Journal of Geochemical Exploration, 180, 15-23.   DOI
23 C. Zhou & R. C. Paffenroth. (2017). Anomaly detection with robust deep autoencoders. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 665-674.