Implementing BACON-MVV Outlier Detection Scheme in Intrusion Detection System
| Main Authors: | Hiryanto, Lely; Faculty of Information Technology, Tarumanagara University, Muliawan, Andri; Faculty of Information Technology, Tarumanagara University, Herwindiati, Dyah Erny; Faculty of Information Technology, Tarumanagara University |
|---|---|
| Format: | application/pdf eJournal |
| Bahasa: | eng |
| Terbitan: |
Lecturer External Publication
, 2013
|
| Online Access: |
http://fti.tarumanagara.ac.id/jurnal/index.php/lep/article/view/101 |
Daftar Isi:
- Denial of Service (DoS) and Probing attacks are common detectable intrusions that are frightened by most network users since the final result of these attacks is collapsing the network. One way to counter these attacks is by using an Intrusion Detection System (IDS). Most IDS builders rely on their intuition and experience to select the statistical measures for anomaly detection. In real application, it is difficult to obtain purely normal data. One way to make sure that pure normal activity signature can be generated is to use a robust statistical method. This paper proposes combination of two statistical methods, Blocked Adaptive Computationally Efficient Outlier Nominators (BACON) and Minimum Vector Variance (MVV). We called thecombination as BACON-MVV outlier detection scheme. By using a sufficient traffic data model in a form of a matrix generatedfrom the network connection records, this method could easily finds the special features (signatures) of normal packet trafficby calculating mean vector and covariance matrix from the training data sets, followed by computing the distance between the signatures and the feature of incoming network connections. Using the distance values and the cutoff chi square value as thethreshold value, the method can classify whether a connection is normal or an intrusion. Experiment using dataset fromDARPA (Defense Advanced Research Projects Agency) Dataset 1998 shows that BACON-MVV provides better accuracy thanthe common statistics-based outlier detection technique such as Mahalanobis-distance. BACON-MVV method can depict thepatterns of DoS and Probing attacks in 100% accuracy.This paper is published in The 12th International Conference on QiR (Quality in Research), Vol. 1, 4 – 7 July 2011, Bali - Indonesia ; Pages: 205; ISSN: 114-1284