View Complete Reference

Sun, L, Ho, A, Xia, Z, Chen, J and Zhang, M (2019)

Development of an Early Warning System for Network Intrusion Detection Using Benfordís Law Features

In: Meng W., Furnell S. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2019. Communications in Computer and Information Science, vol 1095. Springer, Singapore.

ISSN/ISBN: Not available at this time. DOI: 10.1007/978-981-15-0758-8_5

Abstract: In order to ensure a high level of security in computer networks, it is important to prevent malicious behaviours from the intruders. However, high volumes of network traffic make it difficult for intrusion detection systems (IDSs) to separate abnormal network traffic from the normal ones. To alleviate this problem, a window-based feature extraction method using the Benford's law has been proposed in this paper. Our method employs six features of the divergence values, including the first digit and the first three digits of size difference between traffic flows. Experiments are performed and evaluated using the KDD99 dataset. To illustrate the advantages of our proposed method, three popular classifiers, Multi-Layer Perceptron (MLP), Support Vector Machine (SVM) and Na{\"i}ve Bayes are analysed using different combinations of these six features as the input feature sets. The results demonstrated that the MLP classifier performs the best in classifying the normal, mixed and malicious windows by correctly classifying the normal and malicious windows. This is particularly useful to reduce the amount of network traffic that needs to be analysed. The only exception is the mixed window which contains both normal flows and attack flows, and it needs to be further analysed to distinguish normal flows from malicious ones. Our method is fast and can be used as an early warning system to trigger other more advanced IDSs to focus on the specific regions of the network traffic. The combined system, incorporating our method with a traditional IDS, can provide a lower FAR of 0.27{\%} compared with 9.87{\%} of the isolated IDS, along with no significant reduction of the detection performance. Moreover, the whole accuracy of the combined system achieves 92.09{\%}.

@InProceedings{, author="Sun, Liuying and Ho, Anthony and Xia, Zhe and Chen, Jiageng and Zhang, Mingwu", editor="Meng, Weizhi and Furnell, Steven", title="Development of an Early Warning System for Network Intrusion Detection Using Benford's Law Features", booktitle="Security and Privacy in Social Networks and Big Data", year="2019", publisher="Springer Singapore", address="Singapore", pages="57--73", isbn="978-981-15-0758-8", }

Reference Type: Book Chapter

Subject Area(s): Computer Science, Social Sciences