An Approach to Reduce Uncertainty Problem in Network Intrusion Detection Systems

Abstract

In the current scenario pertaining to cyberattacks, Denial of Service attacks are the most common type. Denial of Service (DoS) has now become an attack category that has different types of attacks such as Back, Neptune, Smurf, Teardrop, etc. As common as these attacks are, they are one of the most troublesome to deal with and have become an annoyance in the industry. Along with those, attacks like User-to-Root (U2R), Remote-to-Local (R2L) and Probe are used to gain access to the system and hence form the cycle of an attack. A network intrusion detection system is proposed which is tailored to detect these attacks. The main objective is to classify the aforementioned types of attacks with minimum uncertainty and reduce the number of false positives for more reliable detection. With data mining coupled with machine learning and deep learning algorithms, a feature selection and a classification model is built by primarily training it on the KDDCup99 dataset and the ISTS Dataset, then tweaking the models by testing it on real-time data gathered from tcpdump. Real-time data collected using the ISTS dataset is firstly labelled using unsupervised machine learning methods and also by matching the data with the KDDCup99 dataset records. A model with the most optimum algorithms used for feature selection and classification procedure is developed. Also, different algorithms used on various parameters are compared.