Analysis of NSL KDD Dataset Using Classification Algorithms for Intrusion Detection System

Page: [142 - 147] Pages: 6

  • * (Excluding Mailing and Handling)

Abstract

Background: Intrusion detection systems are responsible for detecting anomalies and network attacks. Building of an effective IDS depends upon the readily available dataset. This dataset is used to train and test intelligent IDS. In this research, NSL KDD dataset (an improvement over original KDD Cup 1999 dataset) is used as KDD’99 contains huge amount of redundant records, which makes it difficult to process the data accurately.

Methods: The classification techniques applied on this dataset to analyze the data are decision trees like J48, Random Forest and Random Trees.

Results: On comparison of these three classification algorithms, Random Forest was proved to produce the best results and therefore, Random Forest classification method was used to further analyze the data. The results are analyzed and depicted in this paper with the help of feature/attribute selection by applying all the possible combinations.

Conclusion: There are total of eight significant attributes selected after applying various attribute selection methods on NSL KDD dataset.

Keywords: Intrusion detection systems, anomaly, attacks, weka, classification, accuracy.

Graphical Abstract

[1]
" Intrusion detection system. Available at:", https://en.wikipedia.org/ wiki/Intrusion_detection_system
[2]
R Bace, and P. Mell, "NIST Special Publication on intrusion detection systems", NIST Special Publications SP. 800, 2001.
[3]
V. Jyothsna, V.V.R. Prasad, and K.M. Prasad, "A review of anomaly based intrusion detection system", Int. J. Comput. Appl., vol. 28, pp. 26-35, 2011.
[4]
M. Scheidell, "Intrusion detection system.U.S. Patent 7603711",
[5]
"Datasets. Available at:", http://www.unb.ca/cic/research/ datasets/ nsl.html
[6]
"Data mining software in Java. Available at:", http://www.cswaikato.ac.nz/ml/weka/
[7]
"Data mining. Available at:", https://en.wikipedia.org/wiki/ Data_ mining.
[8]
M.A.M. Hasan, M. Nasser, S. Ahmad, and K.I. Molla, "Feature selection for intrusion detection using random forest", J. Info. Sec., vol. 7, pp. 129-140, 2016.
[9]
M. Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set", In: Proceedings of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA).Ottawa, ON, Canada 2009
[10]
S. Revathi, and A. Malathi, "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection", Int. J. Eng. Res. Technol., vol. 2, pp. 1848-1853, 2013.
[11]
M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita, "Network anomaly detection: methods, systems and tools", IEEE Commun. Surveys Tutorials., vol. 16, pp. 303-336, 2014.
[12]
S.K. Sahu, S. Sarangi, and S.K. Jena, "A detail analysis on intrusion detection datasets", In: Proceedings of the IEEE International Advance Computing Conference (IACC), Gurgaon, India, 2014, pp. 1348-1353.
[13]
J. Cannady, "Artificial neural networks for misuse detection", In: National Information Systems Security Conference, Arlington, VA, 1998, pp. 368-381.
[14]
M.A.M. Hasan, M. Nasser, and B. Pal, "On the KDD’99 dataset: support vector machine based intrusion detection system (IDS) with different kernels", Int. J. Electr. Commun. Comput. Eng., vol. 4, pp. 1164-1170, 2013.
[15]
M.A.M. Hasan, M. Nasser, B. Pal, and S. Ahmad, "Support vector machine and random forest modeling for intrusion detection system (IDS)", J. Intelli. Learning Syst. Appl., vol. 6, pp. 45-52, 2014.
[16]
Q. Wang, and V. Megalooikonomou, "A clustering algorithm for intrusion detection", In: Proceedings Mining., Intrusion Detection, Information Assurance, and Data Networks Security: Orlando, Florida, 2005, pp. 31-38.
[17]
B. Pal, and M.A.M. Hasan, "Neural network & genetic algorithm based approach to network intrusion detection & comparative analysis of performance", In: 15th International Conference on Computer and Information Technology (ICCIT), Chittagong, 2012, pp. 150-154.
[18]
Y. Chen, A. Abraham, and J. Yang, "Feature selection and intrusion detection using hybrid flexible neural tree", Adv. Neural Netw., vol. 3498, pp. 439-444, 2005.
[19]
S. Chebrolu, A. Abraham, and J.P. Thomas, "Hybrid feature selection for modeling intrusion detection systems", Neural Info. Process., vol. 3316, pp. 1020-1025, 2004.
[20]
S. Chebrolu, A. Abraham, and J.P. Thomas, "Feature deduction and ensemble design of intrusion detection systems", Comput. Sec., vol. 24, pp. 295-307, 2005.
[21]
V. Chahar, R. Chhikara, Y. Gigras, and L. Singh, "Significance of hybrid feature selection technique for intrusion detection systems", Indian J. Sci. Technol., vol. 9, pp. 1-7, 2016.
[22]
S.R.A. Archana, and M.S. Thanabal, "Optimization algorithms for feature selection in classification: a survey", Int. J. Innov. Res. Comput. Commun. Eng., vol. 4, pp. 1124-1127, 2016.