A robust domain partitioning intrusion detection method

dc.contributor.author Mwitondi, Kassim S.
dc.contributor.author Said, Raed A.
dc.contributor.author Zargari, Shahrzad A.
dc.date.accessioned 2020-04-06T05:00:15Z
dc.date.available 2020-04-06T05:00:15Z
dc.date.copyright 2019
dc.date.issued 2019-10
dc.description This article is not available at CUD collection. The version of scholarly record of this Article is published in Journal of Information Security and Applications (2019), available online at: https://doi.org/10.1016/j.jisa.2019.102360. en_US
dc.description.abstract The capacity for data mining algorithms to learn rules from data is influenced by, inter-alia, the random nature of training and test data as well as by the diversity of domain partitioning models. Isolating normal from malicious data traffic across networks is one regular task that is naturally affected by that randomness and diversity. We propose a robust algorithm Sample-Measure-Assess (SMA) that detects intrusion based on rules learnt from multiple samples. We adapt data obtained from a set of simulations, capturing data attributes identifiable by number of bytes, destination and source of packets, protocol and nature of data flows (normal and abnormal) as well IP addresses. A fixed sample of 82,332 observations on 27 variables was drawn from a superset of 2.54 million observations on 49 variables and multiple samples were then repeatedly extracted from the former and used to train and test multiple versions of classifiers, via the algorithm. With two class labels–binary and multi-class, the dataset presents a classic example of masked and spurious groupings, making an ideal case for concept learning. The algorithm learns a model for the underlying distributions of the samples and it provides mechanics for model assessment. The settings account for our method's novelty–i.e., ability to learn concept rules from highly masked to highly spurious cases while observing model robustness. A comparative analysis of Random Forests and individually grown trees show that we can circumvent the former's dependence on multicollinearity of the trees and their individual strength in the forest by proceeding from dimensional reduction to classification using individual trees. Given data of similar structure, the algorithm can order the models in terms of optimality which, means our work can contribute towards understanding the concept of normal and malicious flows across tools. The algorithm yields results that are less sensitive to violated distributional assumptions and, hence, it yields robust parameters and provides a generalisation that can be monitored and adapted to specific low levels of variability. We discuss its potential for deployment with other classifiers and potential for extension into other applications, simply by adapting the objectives to specific conditions. © 2019 en_US
dc.identifier.citation Mwitondi, K. S., Said, R. A., & Zargari, S. A. (2019). A robust domain partitioning intrusion detection method. Journal of Information Security and Applications, 48. https://doi.org/10.1016/j.jisa.2019.102360 en_US
dc.identifier.issn 22142134
dc.identifier.uri http://dx.doi.org/10.1016/j.jisa.2019.102360
dc.identifier.uri http://hdl.handle.net/20.500.12519/202
dc.language.iso en en_US
dc.publisher Elsevier Ltd en_US
dc.relation Authors Affiliations : Mwitondi, K.S., Sheffield Hallam University, Faculty of Science, Technology and Arts, United Kingdom; Said, R.A., Canadian University Dubai, United Arab Emirates; Zargari, S.A., Sheffield Hallam University, Faculty of Science, Technology and Arts, United Kingdom
dc.relation.ispartofseries Journal of Information Security and Applications;Vol. 48
dc.rights Permission to reuse abstract has been secured from Elsevier Ltd.
dc.rights.holder Copyright : 2019 Elsevier Ltd. All rights reserved.
dc.subject Bagging en_US
dc.subject Bootstrapping en_US
dc.subject Classification en_US
dc.subject Cross-validation en_US
dc.subject Cyber-decurity en_US
dc.subject Data mining en_US
dc.subject Decision trees en_US
dc.subject Intrusion detection en_US
dc.subject Over-fitting en_US
dc.subject Random forests en_US
dc.subject Robustness en_US
dc.subject Supervised modelling en_US
dc.subject Unsupervised modelling en_US
dc.subject Forestry en_US
dc.subject Regression analysis en_US
dc.subject Robustness en_US
dc.title A robust domain partitioning intrusion detection method en_US
dc.type Article en_US
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
2.23 KB
Item-specific license agreed upon to submission