Effects of feature transformation and selection on classification of network traffic activities

Lim, Wen Ying (2015) Effects of feature transformation and selection on classification of network traffic activities. Masters thesis, Universiti Malaysia Sabah.

[img]
Preview
Text
mt0000000677.pdf

Download (615kB) | Preview

Abstract

As new technologies are emerging day by day, network, regardless of the Internet or Intranet within a corporation often plays a crucial role in connecting people from all around the world. From military use to achieving business goals and household need, data security often get attention from computer scientists. Traditional security measures that include the installation of firewall and antivirus software are commonly utilised to prevent intrusion. However, such types of defence are merely sufficient to secure a network and data travelling across it. Thus, second lines of defence like Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are introduced to overcome the inadequacy of traditional security measures. Generally, IDS uses two approaches, the Anomaly Detection (A-IDS) and the Misuse Detection in order to identify patterns of intrusion. A-IDS often perform comparison of the model of normal and anomalous model. Depending on the ability to measure similarity or distance between a target and a known type, comparison is made to determine whether to establish a new target anomalous or not. This research aims to investigate the effects of feature transformation on the classification of network activities; the focus is to represent the data into point series form to permit the application of Time Series Classification (TSC). The TSC technique used is k-Nearest Neighbour (KNN) coupled with Dynamic Time Warping. Effects of using different similarity measures, Euclidean Distance (ED) and Cosine similarity algorithm are also investigated. Experiments conducted involve conversion of the categorical data by three different conversion techniques to generate point series data – simple, probability and entropy conversion. Comparison between different classifiers is also conducted. The performance of the classifier is best using 1NN with Euclidean distance and entropy conversion for categorical data, where the recorded accuracy is 99.19%.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), traditional security measures, patterns of intrusion, Anomaly Detection (A-IDS), Misuse Detection, Time Series Classification (TSC)
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: FACULTY > Faculty of Computing and Informatics
Depositing User: Unnamed user with email storage.bpmlib@ums.edu.my
Date Deposited: 30 Oct 2015 03:57
Last Modified: 07 Nov 2017 07:31
URI: http://eprints.ums.edu.my/id/eprint/12079

Actions (login required)

View Item View Item