Loading…

Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection

Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abno...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE access 2019, Vol.7, p.52181-52190
Main Authors:	Alhakami, Wajdi, ALharbi, Abdullah, Bourouis, Sami, Alroobaea, Roobaea, Bouguila, Nizar
Format:	Article
Language:	English
Subjects:	Alarms Anomalies anomaly intrusion detection Bayes methods Bayesian analysis Bayesian inference bounded generalized Gaussian models Clustering Computers Cybersecurity False alarms Feature extraction infinite mixture models Internet of Things Intrusion detection Intrusion detection systems Intrusion detection systems (IDS) Markov chain Monte Carlo (MCMC) Nonparametric statistics Parameter uncertainty Probabilistic models Smart cities
Citations:	Items that this one cites Items that cite this one
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by	cdi_FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3
cites	cdi_FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3
container_end_page	52190
container_issue
container_start_page	52181
container_title	IEEE access
container_volume	7
creator	Alhakami, Wajdi ALharbi, Abdullah Bourouis, Sami Alroobaea, Roobaea Bouguila, Nizar
description	Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abnormal activities are detected and they are not too flexible for a complex environment. The high-level rate of the generated false alarms reduces the performance of IDS against cyber-attacks and makes the tasks of the security analyst particularly difficult and the management of intrusion detection process computationally expensive. We study here one of the challenging aspects of computer and network security and we propose to build a detection model for both known and unknown intrusions (or anomaly detection) via a novel nonparametric Bayesian model. The design of our framework can be extended easily to be adequate for IoT technology and notably for intelligent smart city web-based applications. In our method, we learn the patterns of the activities (both normal and anomalous) through a Bayesian-based MCMC inference for infinite bounded generalized Gaussian mixture models. Contrary to classic clustering methods, our approach does not need to specify the number of clusters, takes into consideration the uncertainty via the introduction of prior knowledge for the parameters of the model, and permits to solve problems related to over- and under-fitting. In order to get better clustering performance, feature weights, model's parameters, and the number of clusters are estimated simultaneously and automatically. The developed approach was evaluated using popular data sets. The obtained results demonstrate the efficiency of our approach in detecting various attacks.
doi_str_mv	10.1109/ACCESS.2019.2912115
format	article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2019_2912115</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8693712</ieee_id><doaj_id>oai_doaj_org_article_bb53d16d8d5e48a19826bc3c1c2e4086</doaj_id><sourcerecordid>2455640614</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3</originalsourceid><addsrcrecordid>eNpNUcFOGzEQXVWtVAR8ARdLnJN67LXXPqYp0EgIDoGzNWvP0g3JOrUdVfl7Nl2EmMs8jd57M6NXVVfA5wDc_lgslzfr9VxwsHNhQQCoL9WZAG1nUkn99RP-Xl3mvOFjmXGkmrMKH6j8i-mVLYa4w-2RrYaSDrmPA_tFhXw5oefcDy8M2UMc9phwRyX1nv3EI-UeB7bY71NE_4fhENgtYTkkYmvaTuqL6luH20yX7_28er69eVr-nt0_3q2Wi_uZr7kpszZwy6kOgUzbdgIai2RqC43CDkxNXBNH4wP3DQTk5FsSnQq2lVwrY708r1aTb4i4cfvU7zAdXcTe_R_E9OIwld5vybWtkgF0MEFRbRCsEbr10oMXNB6jR6_ryWt87O-BcnGbeEjDeL4TtVK65hrqkSUnlk8x50Tdx1bg7hSNm6Jxp2jcezSj6mpS9UT0oTDaygaEfAP75Isu</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455640614</pqid></control><display><type>article</type><title>Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection</title><source>IEEE Xplore Open Access Journals</source><creator>Alhakami, Wajdi ; ALharbi, Abdullah ; Bourouis, Sami ; Alroobaea, Roobaea ; Bouguila, Nizar</creator><creatorcontrib>Alhakami, Wajdi ; ALharbi, Abdullah ; Bourouis, Sami ; Alroobaea, Roobaea ; Bouguila, Nizar</creatorcontrib><description>Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abnormal activities are detected and they are not too flexible for a complex environment. The high-level rate of the generated false alarms reduces the performance of IDS against cyber-attacks and makes the tasks of the security analyst particularly difficult and the management of intrusion detection process computationally expensive. We study here one of the challenging aspects of computer and network security and we propose to build a detection model for both known and unknown intrusions (or anomaly detection) via a novel nonparametric Bayesian model. The design of our framework can be extended easily to be adequate for IoT technology and notably for intelligent smart city web-based applications. In our method, we learn the patterns of the activities (both normal and anomalous) through a Bayesian-based MCMC inference for infinite bounded generalized Gaussian mixture models. Contrary to classic clustering methods, our approach does not need to specify the number of clusters, takes into consideration the uncertainty via the introduction of prior knowledge for the parameters of the model, and permits to solve problems related to over- and under-fitting. In order to get better clustering performance, feature weights, model's parameters, and the number of clusters are estimated simultaneously and automatically. The developed approach was evaluated using popular data sets. The obtained results demonstrate the efficiency of our approach in detecting various attacks.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2019.2912115</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Alarms ; Anomalies ; anomaly intrusion detection ; Bayes methods ; Bayesian analysis ; Bayesian inference ; bounded generalized Gaussian models ; Clustering ; Computers ; Cybersecurity ; False alarms ; Feature extraction ; infinite mixture models ; Internet of Things ; Intrusion detection ; Intrusion detection systems ; Intrusion detection systems (IDS) ; Markov chain Monte Carlo (MCMC) ; Nonparametric statistics ; Parameter uncertainty ; Probabilistic models ; Smart cities</subject><ispartof>IEEE access, 2019, Vol.7, p.52181-52190</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3</citedby><cites>FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3</cites><orcidid>0000-0001-7224-7940</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8693712$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Alhakami, Wajdi</creatorcontrib><creatorcontrib>ALharbi, Abdullah</creatorcontrib><creatorcontrib>Bourouis, Sami</creatorcontrib><creatorcontrib>Alroobaea, Roobaea</creatorcontrib><creatorcontrib>Bouguila, Nizar</creatorcontrib><title>Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection</title><title>IEEE access</title><addtitle>Access</addtitle><description>Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abnormal activities are detected and they are not too flexible for a complex environment. The high-level rate of the generated false alarms reduces the performance of IDS against cyber-attacks and makes the tasks of the security analyst particularly difficult and the management of intrusion detection process computationally expensive. We study here one of the challenging aspects of computer and network security and we propose to build a detection model for both known and unknown intrusions (or anomaly detection) via a novel nonparametric Bayesian model. The design of our framework can be extended easily to be adequate for IoT technology and notably for intelligent smart city web-based applications. In our method, we learn the patterns of the activities (both normal and anomalous) through a Bayesian-based MCMC inference for infinite bounded generalized Gaussian mixture models. Contrary to classic clustering methods, our approach does not need to specify the number of clusters, takes into consideration the uncertainty via the introduction of prior knowledge for the parameters of the model, and permits to solve problems related to over- and under-fitting. In order to get better clustering performance, feature weights, model's parameters, and the number of clusters are estimated simultaneously and automatically. The developed approach was evaluated using popular data sets. The obtained results demonstrate the efficiency of our approach in detecting various attacks.</description><subject>Alarms</subject><subject>Anomalies</subject><subject>anomaly intrusion detection</subject><subject>Bayes methods</subject><subject>Bayesian analysis</subject><subject>Bayesian inference</subject><subject>bounded generalized Gaussian models</subject><subject>Clustering</subject><subject>Computers</subject><subject>Cybersecurity</subject><subject>False alarms</subject><subject>Feature extraction</subject><subject>infinite mixture models</subject><subject>Internet of Things</subject><subject>Intrusion detection</subject><subject>Intrusion detection systems</subject><subject>Intrusion detection systems (IDS)</subject><subject>Markov chain Monte Carlo (MCMC)</subject><subject>Nonparametric statistics</subject><subject>Parameter uncertainty</subject><subject>Probabilistic models</subject><subject>Smart cities</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNUcFOGzEQXVWtVAR8ARdLnJN67LXXPqYp0EgIDoGzNWvP0g3JOrUdVfl7Nl2EmMs8jd57M6NXVVfA5wDc_lgslzfr9VxwsHNhQQCoL9WZAG1nUkn99RP-Xl3mvOFjmXGkmrMKH6j8i-mVLYa4w-2RrYaSDrmPA_tFhXw5oefcDy8M2UMc9phwRyX1nv3EI-UeB7bY71NE_4fhENgtYTkkYmvaTuqL6luH20yX7_28er69eVr-nt0_3q2Wi_uZr7kpszZwy6kOgUzbdgIai2RqC43CDkxNXBNH4wP3DQTk5FsSnQq2lVwrY708r1aTb4i4cfvU7zAdXcTe_R_E9OIwld5vybWtkgF0MEFRbRCsEbr10oMXNB6jR6_ryWt87O-BcnGbeEjDeL4TtVK65hrqkSUnlk8x50Tdx1bg7hSNm6Jxp2jcezSj6mpS9UT0oTDaygaEfAP75Isu</recordid><startdate>2019</startdate><enddate>2019</enddate><creator>Alhakami, Wajdi</creator><creator>ALharbi, Abdullah</creator><creator>Bourouis, Sami</creator><creator>Alroobaea, Roobaea</creator><creator>Bouguila, Nizar</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-7224-7940</orcidid></search><sort><creationdate>2019</creationdate><title>Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection</title><author>Alhakami, Wajdi ; ALharbi, Abdullah ; Bourouis, Sami ; Alroobaea, Roobaea ; Bouguila, Nizar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Alarms</topic><topic>Anomalies</topic><topic>anomaly intrusion detection</topic><topic>Bayes methods</topic><topic>Bayesian analysis</topic><topic>Bayesian inference</topic><topic>bounded generalized Gaussian models</topic><topic>Clustering</topic><topic>Computers</topic><topic>Cybersecurity</topic><topic>False alarms</topic><topic>Feature extraction</topic><topic>infinite mixture models</topic><topic>Internet of Things</topic><topic>Intrusion detection</topic><topic>Intrusion detection systems</topic><topic>Intrusion detection systems (IDS)</topic><topic>Markov chain Monte Carlo (MCMC)</topic><topic>Nonparametric statistics</topic><topic>Parameter uncertainty</topic><topic>Probabilistic models</topic><topic>Smart cities</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Alhakami, Wajdi</creatorcontrib><creatorcontrib>ALharbi, Abdullah</creatorcontrib><creatorcontrib>Bourouis, Sami</creatorcontrib><creatorcontrib>Alroobaea, Roobaea</creatorcontrib><creatorcontrib>Bouguila, Nizar</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Alhakami, Wajdi</au><au>ALharbi, Abdullah</au><au>Bourouis, Sami</au><au>Alroobaea, Roobaea</au><au>Bouguila, Nizar</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2019</date><risdate>2019</risdate><volume>7</volume><spage>52181</spage><epage>52190</epage><pages>52181-52190</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Anomaly-based intrusion detection systems (IDSs) have been deployed to monitor network activity and to protect systems and the Internet of Things (IoT) devices from attacks (or intrusions). The problem with these systems is that they generate a huge amount of inappropriate false alarms whenever abnormal activities are detected and they are not too flexible for a complex environment. The high-level rate of the generated false alarms reduces the performance of IDS against cyber-attacks and makes the tasks of the security analyst particularly difficult and the management of intrusion detection process computationally expensive. We study here one of the challenging aspects of computer and network security and we propose to build a detection model for both known and unknown intrusions (or anomaly detection) via a novel nonparametric Bayesian model. The design of our framework can be extended easily to be adequate for IoT technology and notably for intelligent smart city web-based applications. In our method, we learn the patterns of the activities (both normal and anomalous) through a Bayesian-based MCMC inference for infinite bounded generalized Gaussian mixture models. Contrary to classic clustering methods, our approach does not need to specify the number of clusters, takes into consideration the uncertainty via the introduction of prior knowledge for the parameters of the model, and permits to solve problems related to over- and under-fitting. In order to get better clustering performance, feature weights, model's parameters, and the number of clusters are estimated simultaneously and automatically. The developed approach was evaluated using popular data sets. The obtained results demonstrate the efficiency of our approach in detecting various attacks.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2019.2912115</doi><tpages>10</tpages><orcidid>https://orcid.org/0000-0001-7224-7940</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2019, Vol.7, p.52181-52190
issn	2169-3536 2169-3536
language	eng
recordid	cdi_crossref_primary_10_1109_ACCESS_2019_2912115
source	IEEE Xplore Open Access Journals
subjects	Alarms Anomalies anomaly intrusion detection Bayes methods Bayesian analysis Bayesian inference bounded generalized Gaussian models Clustering Computers Cybersecurity False alarms Feature extraction infinite mixture models Internet of Things Intrusion detection Intrusion detection systems Intrusion detection systems (IDS) Markov chain Monte Carlo (MCMC) Nonparametric statistics Parameter uncertainty Probabilistic models Smart cities
title	Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T19%3A48%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Network%20Anomaly%20Intrusion%20Detection%20Using%20a%20Nonparametric%20Bayesian%20Approach%20and%20Feature%20Selection&rft.jtitle=IEEE%20access&rft.au=Alhakami,%20Wajdi&rft.date=2019&rft.volume=7&rft.spage=52181&rft.epage=52190&rft.pages=52181-52190&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2019.2912115&rft_dat=%3Cproquest_cross%3E2455640614%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c408t-bd090e4dde8bbf2179ae849175af184e06e0a8cd0c71da0ecbe2f5d9b306589c3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2455640614&rft_id=info:pmid/&rft_ieee_id=8693712&rfr_iscdi=true