Ulster University Logo

Applying One-Class Classification Techniques to IP Flow Records for Intrusion Detection

Muhammad Fahad, UMER, Muhammad, SHER and Bi, Yaxin (2017) Applying One-Class Classification Techniques to IP Flow Records for Intrusion Detection. Baltic J. Modern Computing, 5 (1). pp. 70-86. [Journal article]

[img] Text (Acceptance email) - Supplemental Material
Restricted to Repository staff only

[img] Text - Accepted Version

DOI: http://dx.doi.org/10.22364/bjmc.2017.5.1.05


Flow-basedintrusiondetectionsystemsanalyzeIPflowrecordstodetectattacksagainst computer networks. IP flow records contain aggregated packet header information; therefore, the amount of data processed by the intrusion detection system is reduced. In addition, since no pay- load is analyzed, the end-to-end encryption does not affect the deployment of intermediate intru- sion detection system. In this paper, we evaluate one-class classification techniques for detection of malicious flows at an initial stage of a multi-stage flow-based intrusion detection system. The initial stage uses minimal flow attributes and only decide if the IP flow is normal or malicious. Since there is only one class of interest (malicious) at the initial stage, we use one-class classifi- cation for detection of malicious flows. In this paper, we review available one-class classification techniques and evaluate them on a flow-based dataset to determine their performance for detec- tion of malicious flows. Our results show that one-class classification techniques using boundary methods give best results in detection of malicious IP flows.

Item Type:Journal article
Keywords:Intrusion detection, IP flows, One-class classification
Faculties and Schools:Faculty of Computing & Engineering
Faculty of Computing & Engineering > School of Computing and Mathematics
Research Institutes and Groups:Computer Science Research Institute
Computer Science Research Institute > Artificial Intelligence and Applications
ID Code:37311
Deposited By: Dr Yaxin Bi
Deposited On:10 Apr 2017 12:51
Last Modified:10 Apr 2017 12:52

Repository Staff Only: item control page