Title: Intrusion detection method based on nonlinear correlation measure

Authors: Mohammed A. Ambusaidi; Zhiyuan Tan; Xiangjian He; Priyadarsi Nanda; Liang Fu Lu; Aruna Jamdagni

Addresses: Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia ' Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia ' Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia ' Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia ' Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia ' Center for Innovation in IT Services and Applications (iNEXT), School of Computing and Communication, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia

Abstract: Cyber crimes and malicious network activities have posed serious threats to the entire internet and its users. This issue is becoming more critical, as network-based services, are more widespread and closely related to our daily life. Thus, it has raised a serious concern in individual internet users, industry and research community. A significant amount of work has been conducted to develop intelligent anomaly-based intrusion detection systems (IDSs) to address this issue. However, one technical challenge, namely reducing false alarm, has been along with the development of anomaly-based IDSs since 1990s. In this paper, we provide a solution to this challenge. A nonlinear correlation coefficient-based (NCC) similarity measure is proposed to help extract both linear and nonlinear correlations between network traffic records. This extracted correlative information is used in our proposed IDS to detect malicious network behaviours. The effectiveness of the proposed NCC-based measure and the proposed IDS are evaluated using NSL-KDD dataset. The evaluation results demonstrate that the proposed NCC-based measure not only helps reduce false alarm rate, but also helps discriminate normal and abnormal behaviours efficiently.

Keywords: intrusion detection; nonlinear correlation coefficient; NCC; mutual information; DoS attacks; denial of service; false alarms; similarity measures; malicious behaviour; network security; normal behaviour; abnormal behaviour.

DOI: 10.1504/IJIPT.2014.066377

International Journal of Internet Protocol Technology, 2014 Vol.8 No.2/3, pp.77 - 86

Available online: 17 Dec 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article