Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection

Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abno...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2019, Vol.7, p.52181-52190
Main Authors: Alhakami, Wajdi, ALharbi, Abdullah, Bourouis, Sami, Alroobaea, Roobaea, Bouguila, Nizar
Format: Article
Language:English
Subjects:
Alarms
Anomalies
anomaly intrusion detection
Bayes methods
Bayesian analysis
Bayesian inference
bounded generalized Gaussian models
Clustering
Computers
Cybersecurity
False alarms
Feature extraction
infinite mixture models
Internet of Things
Intrusion detection
Intrusion detection systems
Intrusion detection systems (IDS)
Markov chain Monte Carlo (MCMC)
Nonparametric statistics
Parameter uncertainty
Probabilistic models
Smart cities
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abnormal activities are detected and they are not too flexible for a complex environment. The high-level rate of the generated false alarms reduces the performance of IDS against cyber-attacks and makes the tasks of the security analyst particularly difficult and the management of intrusion detection process computationally expensive. We study here one of the challenging aspects of computer and network security and we propose to build a detection model for both known and unknown intrusions (or anomaly detection) via a novel nonparametric Bayesian model. The design of our framework can be extended easily to be adequate for IoT technology and notably for intelligent smart city web-based applications. In our method, we learn the patterns of the activities (both normal and anomalous) through a Bayesian-based MCMC inference for infinite bounded generalized Gaussian mixture models. Contrary to classic clustering methods, our approach does not need to specify the number of clusters, takes into consideration the uncertainty via the introduction of prior knowledge for the parameters of the model, and permits to solve problems related to over- and under-fitting. In order to get better clustering performance, feature weights, model's parameters, and the number of clusters are estimated simultaneously and automatically. The developed approach was evaluated using popular data sets. The obtained results demonstrate the efficiency of our approach in detecting various attacks.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2912115