Effects of feature transformation and selection on classification of network traffic activities

Lim , Wen Ying (2015) Effects of feature transformation and selection on classification of network traffic activities. Masters thesis, Universiti Malaysia Sabah.

[img]PDF
601Kb

Abstract

As new technologies are emerging day by day, network, regardless of the Internet or Intranet within a corporation often plays a crucial role in connecting people from all around the world. From military use to achieving business goals and household need, data security often get attention from computer scientists. Traditional security measures that include the installation of firewall and antivirus software are commonly utilised to prevent intrusion. However, such types of defence are merely sufficient to secure a network and data travelling across it. Thus, second lines of defence like Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are introduced to overcome the inadequacy of traditional security measures. Generally, IDS uses two approaches, the Anomaly Detection (A-IDS) and the Misuse Detection in order to identify patterns of intrusion. A-IDS often perform comparison of the model of normal and anomalous model. Depending on the ability to measure similarity or distance between a target and a known type, comparison is made to determine whether to establish a new target anomalous or not. This research aims to investigate the effects of feature transformation on the classification of network activities; the focus is to represent the data into point series form to permit the application of Time Series Classification (TSC). The TSC technique used is k-Nearest Neighbour (KNN) coupled with Dynamic Time Warping. Effects of using different similarity measures, Euclidean Distance (ED) and Cosine similarity algorithm are also investigated. Experiments conducted involve conversion of the categorical data by three different conversion techniques to generate point series data – simple, probability and entropy conversion. Comparison between different classifiers is also conducted. The performance of the classifier is best using 1NN with Euclidean distance and entropy conversion for categorical data, where the recorded accuracy is 99.19%.

Item Type:Thesis (Masters)
Uncontrolled Keywords:Intrusion Detection System (IDS), Intrusion Prevention System (IPS), traditional security measures, patterns of intrusion, Anomaly Detection (A-IDS), Misuse Detection, Time Series Classification (TSC)
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:FACULTY > Faculty of Computing and Informatics
ID Code:12079
Deposited By:IR Admin
Deposited On:30 Oct 2015 11:57
Last Modified:30 Oct 2015 11:57

Repository Staff Only: item control page


Browse Repository
Collection
   Articles
   Book
   Speeches
   Thesis
   UMS News
Search
Quick Search

   Latest Repository

Link to other Malaysia University Institutional Repository

Malaysia University Institutional Repository