Title: A smart heuristic scanner for an intrusion detection system using two-stage machine learning techniques
Authors: K.V.S.N. Rama Rao; Sudheer Kumar Battula; T. Lakshmi Siva Rama Krishna
Addresses: Department of Computer Science and Engineering, MLR Institute of Technology, Hyderabad, Telangana, India ' International School of Computer Science and Information Technology (ISCSAIT), Jawaharlal Nehru Institute of Advanced Studies (JNIAS), Hyderabad, Telangana, India ' Department of Computer Science and Engineering, K L University, Vaddeswaram, Andhra Pradesh, India
Abstract: Building intrusion detection system (IDS) for an enterprise is a complex and challenging task as the attack types are growing day by day. Hence, there is a need for a smart heuristic scanner in an IDS to perform deep packet inspection in order to detect newer form of attacks and decisively declare a source as trusted or un-trusted. To perform deep packet inspection, packet headers at transport and network layers are processed through a two-level machine learning classifiers. Naive Bayes is applied in the first stage on TCP level heuristics. The output of the first stage classifier and IP heuristics are given as input to the k-nearest neighbours (KNNs) classifier in the second stage. At the end of the second stage classification, results are rendered as trusted or un-trusted. The experimental results showed that the proposed approach is efficient in terms of detection rate and false alarms.
Keywords: machine learning; heuristic; classifiers; TCP/IP packets; intrusion detection system; IDS.
DOI: 10.1504/IJAIP.2017.088146
International Journal of Advanced Intelligence Paradigms, 2017 Vol.9 No.5/6, pp.519 - 529
Received: 16 Mar 2015
Accepted: 05 Oct 2015
Published online: 27 Nov 2017 *