COMPARATIVE ANALYSIS OF THE K-NEAREST NEIGHBOR ALGORITHM   ON VARIOUS INTRUSION DETECTION DATASETS

Andri Agung  Riyadi; Fachri Amsury; Tiska Pattiasina; Jupriyanto Jupriyanto

doi:10.34288/jri.v4i1.147

Authors

Andri Agung Riyadi Universitas Nusa Mandiri
Fachri Amsury Universitas Nusa Mandiri
Tiska Pattiasina Universitas Bina Sarana Informatika
Jupriyanto Jupriyanto Universitas Nusa Mandiri

(*) Corresponding Author

DOI:

https://doi.org/10.34288/jri.v4i1.147

Keywords:

Intrusion Detection System, Machine Learning, Network Security, k-Nearest Neighbors

Abstract

Because we have flaws in developing security rules, inadequate computer system settings, or software defects, security in computer networks can be vulnerable. Intrusion detection is a computer network security method that detects, prevents, and blocks unauthorized access to confidential information. The IDS method is intended to defend the system and minimize the harm caused by any attack on a computer network that violates computer security policies such as availability, confidentiality, and integrity. Data mining techniques were utilized to extract relevant information from IDS databases. The following are some of the most widely utilized IDS datasets NSL-KDD, 10% KDD, Full KDD, Corrected KDD99, UNSW-NB15, ADFA Windows, Caida, dan UNM have been used to get the accuracy rate using the k-Nearest Neighbors algorithm (k-NN). The latest IDS dataset provided by the Canadian Institute of Cybersecurity contains most of the latest attack scenarios named the CICIDS2017 dataset. Preliminary experiment shows that the approach using the k-NN method on the CICIDS2017 dataset successfully produces the highest average value of intrusion detection accuracy than other IDS datasets.

Downloads

Download data is not yet available.

References

Agushinta, D. (2008, August). Perancangan Aplikasi Data Mining Untuk Memrediksi Permintaan Customer Pada Perusahaan Persewaan Mobil. In Proceeding, Seminar Ilmiah Nasional Komputer dan Sistem Intelijen (KOMMIT 2008).

Alshammari, R., & Nur Zincir-Heywood, A. (2007). A flow-based approach for SSH traffic detection. In 2007 IEEE International Conference on Systems, Man and Cybernetics (pp. 296–301). IEEE. doi:10.1109/ICSMC.2007.4414006

Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Company.

Chung, Y. Y., & Wahid, N. (2012). A hybrid network intrusion detection system using simplified swarm optimization (SSO). Applied Soft Computing, 12(9), 3014–3022. doi:10.1016/j.asoc.2012.04.020

Data Mining: Practical Machine Learning Tools and Techniques. (2011). Elsevier. doi:10.1016/C2009-0-19715-5

Witten, I. H., Frank, E., Hall, M. A., Pal, C. J., & DATA, M. (2005). Practical machine learning tools and techniques. In DATA MINING (Vol. 2, p. 4).

Depren, O., Topallar, M., Anarim, E., & Ciliz, M. K. (2005). An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Systems with Applications, 29(4), 713–722. doi:10.1016/j.eswa.2005.05.002

Fayyad, U. (1997). Data mining and knowledge discovery in databases: implications for scientific databases. In Proceedings. Ninth International Conference on Scientific and Statistical Database Management (Cat. No.97TB100150) (pp. 2–11). IEEE Comput. Soc. doi:10.1109/SSDM.1997.621141

Gharib, A., Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2016). An Evaluation Framework for Intrusion Detection Dataset. In 2016 International Conference on Information Science and Security (ICISS) (pp. 1–6). IEEE. doi:10.1109/ICISSEC.2016.7885840

Kim, G., Lee, S., & Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700. doi:10.1016/j.eswa.2013.08.066

Lin, W.-C., Ke, S.-W., & Tsai, C.-F. (2015). CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-Based Systems, 78, 13–21. doi:10.1016/j.knosys.2015.01.009

McHugh, J., Christie, A., & Allen, J. (2000). Defending Yourself: The Role of Intrusion Detection Systems. IEEE Software, 17(5), 42–51. doi:10.1109/52.877859

Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. Booz-allen and Hamilton Inc MCLEAN VA.

Mucherino, A., Papajorgji, P. J., & Pardalos, P. M. (2009). k-Nearest Neighbor Classification (pp. 83–106). doi:10.1007/978-0-387-88615-2_4

Radford, B. J., Richardson, B. D., & Davis, S. E. (2018). Sequence aggregation rules for anomaly detection in computer network traffic. arXiv preprint arXiv:1805.03735.

Sharafaldin, I., Habibi Lashkari, A., & Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (pp. 108–116). SCITEPRESS - Science and Technology Publications. doi:10.5220/0006639801080116

Hamid, Y., Balasaraswathi, V. R., Journaux, L., & Sugumaran, M. (2018). Benchmark Datasets for Network Intrusion Detection: A Review. Int. J. Netw. Secur., 20(4), 645-654.

Zhang, J., Li, H., Gao, Q., Wang, H., & Luo, Y. (2015). Detecting anomalies from big network traffic data using an adaptive detection approach. Information Sciences, 318, 91–110. doi:10.1016/j.ins.2014.07.044