Paper Info
Title
NSNAD: negative selection-based network anomaly detection approach with relevant feature subset
Abstract
Intrusion detection systems are one of the security tools widely deployed in network architectures in order to monitor, detect and eventually respond to any suspicious activity in the network. However, the constantly growing complexity of networks and the virulence of new attacks require more adaptive approaches for optimal responses. In this work, we propose a semi-supervised approach for network anomaly detection inspired from the biological negative selection process. Based on a reduced dataset with a filter/ranking feature selection technique, our algorithm, namely negative selection for network anomaly detection (NSNAD), generates a set of detectors and uses them to classify events as anomaly. Otherwise, they are matched against an Artificial Human Leukocyte Antigen in order to be classified as normal. The accuracy and the computational time of NSNAD are tested under three intrusion detection datasets: NSL-KDD, Kyoto2006+ and UNSW-NB15. We compare the performance of NSNAD against a fully supervised algorithm (Naïve Bayes), an unsupervised clustering algorithm (K-means) and a semi-supervised algorithm (One-class SVM) with respect to multiple accuracy metrics. We also compare the time incurred by each algorithm in training and classification stages.
Year
DOI
Venue
2020
10.1007/s00521-019-04396-2
Neural Computing and Applications
Keywords
DocType
Volume
Intrusion detection system (IDS), Anomaly detection, Feature selection, Artificial immune system (AIS), Negative selection, NSL-KDD dataset, Kyoto2006+ dataset, UNSW-NB15 dataset
Journal
32
Issue
ISSN
Citations 
8
0941-0643
1
PageRank 
References 
Authors
0.35
0
3
Name
Order
Citations
PageRank
Naila Belhadj aissa110.35
Mohamed. Guerroumi2367.17
Abdelouahid Derhab327732.68