The International Arab Journal of Information Technology (IAJIT)



 Intrusion Detection System (IDS) has been an import ant tool for network security. However, existing IDSs that have been proposed do not perform well for anomaly traff ics especially Remote to Local (R2L) attack which is one of the most concerns. We thus propose a new efficient technique to improve IDS performance focusing mainly on R2L attacks. The Principal Component Analysis (PCA) and Simplified F uzzy Adaptive resonance theory Map (SFAM) are used to work collaboratively to perform feature selection. The r esults of our experiment based on KDD Cup’99 datase t show that this hybrid method improves classification performance o f R2L attack significantly comparing to other techniques while classification of the other types of attacks are s till well performing.

[1] Ahmed K., El-Henawy M., Rashad Z., and Nomir O., On-Line Signature Verification Based on PCA Feature Reduction and Statistical Analysis, in Proceedings of the International Conference on Computer Engineering and System , Cairo, Egypt, pp. 3-8, 2010.

[2] Alsharafat W., Applying Artificial Neural Network and eXtended Classifier System for Network Intrusion Detection, the International Arab Journal of Information Technology , vol. 10, no. 3, pp. 230-238, 2013. (14) (13) (12) (11) (10) Anomaly Traffic Detection Based onPCA and SFAM 259

[3] Bin Haji S., Abdullah H., bin Abu Bak K., bin Ngadi A., Dahlan D., and Chimphlee W., A Novel Method for Unsupervised Anomaly Detection using Unlabelled Data, in Proceedings of International Conference Computational Sciences and its Applications , Perugia, pp. 252-260, 2010.

[4] Devaraju S. and Ramakrishnan S., Performance Analysis of Intrusion Detection System using Various Neural Network Classifiers, in Proceedings of International Conference on Recent Trends in Information Technology , Chennai, Tamil Nadu, pp. 1033-1038, 2011.

[5] Good P., Kost D., and Cherry A., Introducing a Unified PCA Algorithm for Model Size Reduction, in Proceedings of IEEE Transactions on Semiconductor Manufacturing , Austin, USA, pp. 201-209, 2010.

[6] Gou S., Wang Y., Jiao L., Feng J., and Yao Y., Distributed Transfer Network Learning based Intrusion Detection, in Proceedings of International Symposium on Parallel and Distributed Processing with Applications , Chengdu, pp. 511-515, 2009.

[7] Hodge V. and Austin J., A Survey of Outlier Detection Methodologies, Artificial Intelligence Review , vol. 22, no. 2, pp. 85-126, 2004.

[8] Jahanbani A. and Karim H., A New Approach for Detecting Intrusions Based on the PCA Neural Network, Journal of Basic and Applied Scientific Research , vol. 1, no. 2, pp. 672-679, 2012.

[9] Jolliffe T., Principal Component Analysis , Springer-Verlag, New York, 2002.

[10] Khakpour N. and Jalili S., Using Supervised and Transductive Learning Techniques to Extract Network Attack Scenarios, in Proceedings of the 14 th International CSI Computer Conference , Tehran, pp. 71-76, 2009.

[11] Li L. and Zhao K., A New Intrusion Detection System Based on Rough Set Theory and Fuzzy Support Vector Machine, in Proceedings of the 3 rd International Workshop on Intelligent Systems and Applications , pp. 1-5, 2011.

[12] Li X., Optimization of the Neural-Network- Based Multiple Classifiers Intrusion Detection System, in Proceedings of International Conference on Internet Technology and Applications , Wuhan, pp. 1-4, 2010.

[13] Lu H. and Xu J., Three-level Hybrid Intrusion Detection System, in Proceedings of International Conference on Information Engineering and Computer Science , Wuhan, pp. 1-4, 2009.

[14] Mazal J., Casas P., Labit Y., and Owezarski P., Sub-Space Clustering, Inter-Clustering Results Association and Anomaly Correlation for Unsupervised Network Anomaly Detection, in Proceedings of the 7 th International Conference on Network and Service Management , Paris, pp. 1-8, 2011.

[15] Mechtri L., Djemili F., and Ghoualmi N., Intrusion Detection using Principal Component Analysis, in Proceedings of the 2 nd International Conference on Engineering Systems Management and Its Applications , Sharjah, pp. 1-6, 2010.

[16] Meyn S., Surana A., Lin Y., and Narayanan S., Anomaly Detection Using Projective Markov Models in a Distributed Sensor Network, in Proceedings of the 48 th IEEE Conference on Decision and Control, 2009 held jointly with the 2009 28 th Chinese Control Conference , Shanghai, pp. 4662-4669, 2009.

[17] Mukhopadhyay I., Chakraborty M., Chakrabarti S., and Chatterjee T., Back Propagation Neural Network Approach to Intrusion Detection System, in Proceedings of International Conference on Recent Trends in Information Systems , Kolkata, pp. 303-308, 2011.

[18] Nziga J. and Cannady J., Minimal Dataset for Network Intrusion Detection Systems via MID- PCA: A Hybrid Approach, in Proceedings of the 6 th International Conference Intelligent Systems , Sofia, pp. 453-460, 2012.

[19] Poojitha G., Kumar N., and Reddy J., Intrusion Detection using Artificial Neural Network, in Proceedings of the 2 nd International Conference on Computing, Communication and Networking Technologies , Karur, pp. 1-7, 2010.

[20] Primekumar P. and Idiculla M., On-Line Malayalam Handwritten Character Recognition using Wavelet Transform and SFAM, in Proceedings of the 3 ed International Conference on Electronics Computer Technology , Kanyakumari, pp. 49-53 2011.

[21] Rajasekaran S. and Vijayalakshmi A., Image Recognition using Simplified Fuzzy ARTMAP Augmented with a Moment based Feature Extractor, International Journal of Pattern Recognition and Artificial Intelligence , vol. 14, no. 8, pp. 1081-1095, 2000.

[22] Said D., Stirling L., Federolf P., and Barker K., Data Preprocessing for Distance-Based Unsupervised Intrusion Detection, in Proceedings of the 9 th Annual International Conference on Privacy, Security and Trust , Montreal, pp. 181-188, 2011.

[23] Tang P., Jiang R., and Zhao M., Feature Selection and Design of Intrusion Detection System Based on k-Means and Triangle Area Support Vector Machine, in Proceedings of the 2 nd International Future Networks , Sanya, Hainan, pp. 144- 148, 2010.

[24] Terrence F., Evolutionary Optimization of a Fuzzy Rule-based Network Intrusion Detection System, in Proceedings of Annual Meeting of the North American Fuzzy Information Processing Society , Toronto, pp. 1-6, 2010.

[25] Vatanen T., Kuusela M., Malmi E., Raiko T., Aaltonen T., and Nagai Y., Semi-Supervised Detection of Collective Anomalies with an Application in High Energy Physics, in 260 The International Arab Journal of Information Te chnology, Vol. 12, No. 3, May 2015 Proceedings of IEEE International Joint Conference on Neural Networks , Brisbane, pp.1- 8, 2012.

[26] Venkatesan P. and Suresh M., Classification of Renal Failure using Simplified Fuzzy Adaptive Resonance Theory Map, International Journal of Computer Science and Network Security , vol. 9, no. 11, pp. 129-134, 2009.

[27] Wattanapongsakorn N., Srakaew S., Wonghirunsombat E., Sribavonmongkol C., Junhom T., Jongsubsook P., and Charnsripinyo C., A Practical Network-Based Intrusion Detection and Prevention System, in Proceedings 11 th International Conference on Trust, Security and Privacy in Computing and Communications , Liverpool, pp. 209-214, 2012.

[28] Wu J., Chaing D., Lin T., Chung Y., and Chen T., A Reliable Dynamic User-Remote Password Authentication Scheme over Insecure Network, in Proceedings of the 26 th International Conference on Advanced Information Networking and Applications Workshops , Fukuoka, pp. 25-28, 2012.

[29] Xiang G. and Min W., Applying Semi- supervised Cluster Algorithm for Anomaly Detection, in Proceedings of the 3 rd International Symposium on Information Processing, Qingdao, pp. 43-45, 2010.

[30] Yang C., Yang H., and Deng F., Quantum- Inspired Immune Evolutionary Algorithm based Parameter Optimization for Mixtures of Kernels and its Application to Supervised Anomaly IDSs, in Proceedings of the 7 th World Congress on Intelligent Control and Automation , Chongqing, pp. 4568-4573, 2008.

[31] Zhong J., Wu H., and Lai Y., Intrusion Detection using Evolving Fuzzy Classifiers, in Proceedings of the 6 th IEEE Joint International Information Technology and Artificial Intelligence Conference , Chongqing, pp. 119- 122, 2011. Preecha Somwang received his MS degree in information technology from Nakhon Ratchasima College, Nakhon Ratchasima, Thailand in 2011. He is with a PhD student under faculty of information technology at Mahanakhon University of jmlo/koarea of interest includes comp uter network and intrusion detection. Woraphon Lilakiatsakun received the BS degree from the King Mongkut Institute of Technology Ladkrabang, Bangkok, Thailand in 1993, the MS degree from the same university in 1998 and the PhD degree from the University of New South Wales, Australia, in 2004, all in electrical engineering. Since 2004, he has been the director o f Information Technology graduate school of Mahanakorn University of Technology, Bangkok, Thailand. His recent research interest includes wir eless network and internet application.