Loading…
A cyber network attack detection based on GM Median Nearest Neighbors LDA
The continuous development in network technologies causes a considerable hike in number of attacks and intrusions. Identification of these threats has become a critical part of security. To fulfill this task, the Intrusion Detection Systems (IDS) were created. Unfortunately, these tools have curse o...
Saved in:
| Published in: | Computers & security 2019-09, Vol.86, p.63-74 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13 |
| container_end_page | 74 |
| container_issue | |
| container_start_page | 63 |
| container_title | Computers & security |
| container_volume | 86 |
| creator | Elkhadir, Zyad Mohammed, Benattou |
| description | The continuous development in network technologies causes a considerable hike in number of attacks and intrusions. Identification of these threats has become a critical part of security. To fulfill this task, the Intrusion Detection Systems (IDS) were created. Unfortunately, these tools have curse of dimensionality which tends to increase time complexity and decrease resource utilization. As a consequence, it is desirable that important features of network traffic must be analyzed. To obtain these features, previous work has employed a variant of Linear Discriminant Analysis (LDA) called Median Nearest Neighbors-LDA (Median NN-LDA). This approach finds the relevant features by working with network connections that are near to the median of every class. However, Median NN-LDA has an important drawback. It employs the class arithmetic mean vectors in the within and between scatter matrices formulation. As the arithmetic mean is sensitive to outliers, the approach will not produce optimal results. To deal with that, this paper introduces a new robust Median NN-LDA based on the generalized mean. Many experiments on KDDcup99 and NSL-KDD indicate the superiority of the approach over many LDA variants. |
| doi_str_mv | 10.1016/j.cose.2019.05.021 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2287979253</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404819301142</els_id><sourcerecordid>2287979253</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13</originalsourceid><addsrcrecordid>eNp9kM1OwzAQhC0EEqXwApwscU6wnfhP4lIVKJVauMDZcuwNJIW42AHUt8dVOXPa1Wpmd_ZD6JKSkhIqrvvShQQlI1SXhJeE0SM0oUqyQjCijtEki2RRk1qdorOUekKoFEpN0HKG3a6BiAcYf0LcYDuO1m2whxHc2IUBNzaBx7lZrPEafGcH_Ag2Qhpz7V7fmhATXt3OztFJa98TXPzVKXq5v3uePxSrp8VyPlsVrmJqLKRWoL1VQnleC-cZgBWSMl95pZu20nVTEwK-pbpuOReSEFspLvJINLqh1RRdHfZuY_j8yjFMH77ikE8axpTUUjNeZRU7qFwMKUVozTZ2HzbuDCVmj8z0Zo_M7JEZwk1Glk03BxPk_N8dRJNcB4PLX8dMw_jQ_Wf_BX3fcxs</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2287979253</pqid></control><display><type>article</type><title>A cyber network attack detection based on GM Median Nearest Neighbors LDA</title><source>Elsevier</source><creator>Elkhadir, Zyad ; Mohammed, Benattou</creator><creatorcontrib>Elkhadir, Zyad ; Mohammed, Benattou</creatorcontrib><description>The continuous development in network technologies causes a considerable hike in number of attacks and intrusions. Identification of these threats has become a critical part of security. To fulfill this task, the Intrusion Detection Systems (IDS) were created. Unfortunately, these tools have curse of dimensionality which tends to increase time complexity and decrease resource utilization. As a consequence, it is desirable that important features of network traffic must be analyzed. To obtain these features, previous work has employed a variant of Linear Discriminant Analysis (LDA) called Median Nearest Neighbors-LDA (Median NN-LDA). This approach finds the relevant features by working with network connections that are near to the median of every class. However, Median NN-LDA has an important drawback. It employs the class arithmetic mean vectors in the within and between scatter matrices formulation. As the arithmetic mean is sensitive to outliers, the approach will not produce optimal results. To deal with that, this paper introduces a new robust Median NN-LDA based on the generalized mean. Many experiments on KDDcup99 and NSL-KDD indicate the superiority of the approach over many LDA variants.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2019.05.021</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Arithmetic ; Communications traffic ; Discriminant analysis ; Feature extraction methods ; Generalized mean ; Intrusion detection systems ; KDDcup99 ; Linear discriminant analysis ; Mathematical analysis ; Matrix methods ; Median NN-LDA ; Network anomaly detection ; NSL-KDD ; Outliers (statistics)</subject><ispartof>Computers & security, 2019-09, Vol.86, p.63-74</ispartof><rights>2019 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Sep 2019</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13</citedby><cites>FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13</cites><orcidid>0000-0003-1685-8389</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Elkhadir, Zyad</creatorcontrib><creatorcontrib>Mohammed, Benattou</creatorcontrib><title>A cyber network attack detection based on GM Median Nearest Neighbors LDA</title><title>Computers & security</title><description>The continuous development in network technologies causes a considerable hike in number of attacks and intrusions. Identification of these threats has become a critical part of security. To fulfill this task, the Intrusion Detection Systems (IDS) were created. Unfortunately, these tools have curse of dimensionality which tends to increase time complexity and decrease resource utilization. As a consequence, it is desirable that important features of network traffic must be analyzed. To obtain these features, previous work has employed a variant of Linear Discriminant Analysis (LDA) called Median Nearest Neighbors-LDA (Median NN-LDA). This approach finds the relevant features by working with network connections that are near to the median of every class. However, Median NN-LDA has an important drawback. It employs the class arithmetic mean vectors in the within and between scatter matrices formulation. As the arithmetic mean is sensitive to outliers, the approach will not produce optimal results. To deal with that, this paper introduces a new robust Median NN-LDA based on the generalized mean. Many experiments on KDDcup99 and NSL-KDD indicate the superiority of the approach over many LDA variants.</description><subject>Arithmetic</subject><subject>Communications traffic</subject><subject>Discriminant analysis</subject><subject>Feature extraction methods</subject><subject>Generalized mean</subject><subject>Intrusion detection systems</subject><subject>KDDcup99</subject><subject>Linear discriminant analysis</subject><subject>Mathematical analysis</subject><subject>Matrix methods</subject><subject>Median NN-LDA</subject><subject>Network anomaly detection</subject><subject>NSL-KDD</subject><subject>Outliers (statistics)</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNp9kM1OwzAQhC0EEqXwApwscU6wnfhP4lIVKJVauMDZcuwNJIW42AHUt8dVOXPa1Wpmd_ZD6JKSkhIqrvvShQQlI1SXhJeE0SM0oUqyQjCijtEki2RRk1qdorOUekKoFEpN0HKG3a6BiAcYf0LcYDuO1m2whxHc2IUBNzaBx7lZrPEafGcH_Ag2Qhpz7V7fmhATXt3OztFJa98TXPzVKXq5v3uePxSrp8VyPlsVrmJqLKRWoL1VQnleC-cZgBWSMl95pZu20nVTEwK-pbpuOReSEFspLvJINLqh1RRdHfZuY_j8yjFMH77ikE8axpTUUjNeZRU7qFwMKUVozTZ2HzbuDCVmj8z0Zo_M7JEZwk1Glk03BxPk_N8dRJNcB4PLX8dMw_jQ_Wf_BX3fcxs</recordid><startdate>201909</startdate><enddate>201909</enddate><creator>Elkhadir, Zyad</creator><creator>Mohammed, Benattou</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-1685-8389</orcidid></search><sort><creationdate>201909</creationdate><title>A cyber network attack detection based on GM Median Nearest Neighbors LDA</title><author>Elkhadir, Zyad ; Mohammed, Benattou</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Arithmetic</topic><topic>Communications traffic</topic><topic>Discriminant analysis</topic><topic>Feature extraction methods</topic><topic>Generalized mean</topic><topic>Intrusion detection systems</topic><topic>KDDcup99</topic><topic>Linear discriminant analysis</topic><topic>Mathematical analysis</topic><topic>Matrix methods</topic><topic>Median NN-LDA</topic><topic>Network anomaly detection</topic><topic>NSL-KDD</topic><topic>Outliers (statistics)</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Elkhadir, Zyad</creatorcontrib><creatorcontrib>Mohammed, Benattou</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Elkhadir, Zyad</au><au>Mohammed, Benattou</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A cyber network attack detection based on GM Median Nearest Neighbors LDA</atitle><jtitle>Computers & security</jtitle><date>2019-09</date><risdate>2019</risdate><volume>86</volume><spage>63</spage><epage>74</epage><pages>63-74</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>The continuous development in network technologies causes a considerable hike in number of attacks and intrusions. Identification of these threats has become a critical part of security. To fulfill this task, the Intrusion Detection Systems (IDS) were created. Unfortunately, these tools have curse of dimensionality which tends to increase time complexity and decrease resource utilization. As a consequence, it is desirable that important features of network traffic must be analyzed. To obtain these features, previous work has employed a variant of Linear Discriminant Analysis (LDA) called Median Nearest Neighbors-LDA (Median NN-LDA). This approach finds the relevant features by working with network connections that are near to the median of every class. However, Median NN-LDA has an important drawback. It employs the class arithmetic mean vectors in the within and between scatter matrices formulation. As the arithmetic mean is sensitive to outliers, the approach will not produce optimal results. To deal with that, this paper introduces a new robust Median NN-LDA based on the generalized mean. Many experiments on KDDcup99 and NSL-KDD indicate the superiority of the approach over many LDA variants.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2019.05.021</doi><tpages>12</tpages><orcidid>https://orcid.org/0000-0003-1685-8389</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2019-09, Vol.86, p.63-74 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_proquest_journals_2287979253 |
| source | Elsevier |
| subjects | Arithmetic Communications traffic Discriminant analysis Feature extraction methods Generalized mean Intrusion detection systems KDDcup99 Linear discriminant analysis Mathematical analysis Matrix methods Median NN-LDA Network anomaly detection NSL-KDD Outliers (statistics) |
| title | A cyber network attack detection based on GM Median Nearest Neighbors LDA |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T17%3A41%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20cyber%20network%20attack%20detection%20based%20on%20GM%20Median%20Nearest%20Neighbors%20LDA&rft.jtitle=Computers%20&%20security&rft.au=Elkhadir,%20Zyad&rft.date=2019-09&rft.volume=86&rft.spage=63&rft.epage=74&rft.pages=63-74&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2019.05.021&rft_dat=%3Cproquest_cross%3E2287979253%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c328t-798e9da868d546cd2eea6712d3d89bf394b400edf194f556700a38560ed6b9b13%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2287979253&rft_id=info:pmid/&rfr_iscdi=true |