Assessing degree of intrusion scope (DIS): a statistical strategy for anomaly based intrusion detection

摘要

Intrusion detection system (IDS) is a type of security management system which analyzes information gathered from various areas within a computer or a network to identify possible security breaches. In the last decades an unprecedented increase in the volume and sophistication of network attacks are witnessed. As the quality of the training data greatly influences the quality of the learned models it is difficult to collect high quality training data. New attacks leveraging newly discovered security vulnerabilities emerge quickly and frequently, and also it is not possible to collect data related to these new attacks to train a detection model before the attacks are discovered and understood. The exponential growth of zero-day attacks emphasizes the need of defence mechanisms that can accurately detect previously unseen attacks in real-time. In this regard, a meta-heuristic assessment model called assessing degree of intrusion scope, which is aimed to estimate the degree of intrusion scope threshold from optimal features of given network transaction for training. In order to evaluate the proposed approach, widely used dataset for evaluation of IDS, NSL-KDD data set is used which reflects the network traffic and provides considerable and consistent accuracy improvements in detecting the new and existing attacks. The experimental results indicating that the feature correlation is having significant impact towards minimizing the computational and time complexity of measuring Intrusion Impact Scale.