1. UKM Learning and Research Repository
  2. PHD Thesis / Tesis PHD
  3. Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat
Please use this identifier to cite or link to this item: https://ptsldigital.ukm.my/jspui/handle/123456789/513404
Title: Enhanced DNA encoding algorithm for anomaly intrusion detection system
Authors: Omar Fitian Rashid Al-Rawi (P80374)
Supervisor: Zulaiha Ali Othman, Assoc. Prof. Dr.
Keywords: Intrusion detection system
Machine learning
Algorithm
Universiti Kebangsaan Malaysia -- Dissertations
Dissertations, Academic -- Malaysia
Issue Date: 24-Apr-2019
Description: An intrusion detection system (IDS) aims to identify unauthorized use, misuse, and abuse of computer systems or network. Usually, the quality of IDS is measured based on detection rate (DR) and false alarm rate (FAR). Machine learning is the most popular technique used for intrusion detection system. Various good algorithms are proposed, obtaining high detection rate by improving the algorithm or hybridizing with other algorithm, however; they are still suffering with the time especially after the improvement of the algorithm and dealing with large traffic data. On other hand, previous researches have successfully applied the Deoxyribonucleic Acid (DNA) approaches for misuse and anomaly intrusion detection system. However, the results showed very low detection rate with low processing time. Literature review have found that three factors influence the quality solution of DNA disease detection: DNA encoding method, DNA’s Keys and their positions and matching method used to detect anomaly. Therefore, the aim of this research is to propose a suitable DNA approach for anomaly IDS with two objectives. The first objective; is to propose an enhanced three DNA encoding algorithms for anomaly intrusion detection system using two keys and their positions (DNA-IDS) known as DEM4all, DEM3sel, and DEMdif. These encoding methods are used to convert the network traffic dataset into a form of DNA sequences. DEM4all used the same characters number to represent all attributes, DEM3sel used three characters to represent all attributes and put a single character to distinguish between nominal and numerical attributes; while DEMdif used different number of characters to represent all attributes based on attributes values and put a single character to distinguish between nominal and numerical attributes. The second objective; is to improve the best propose DNA encoding approach, using three and four DNA’s keys and their positions, applied four matching algorithms and also combination of two algorithms, and propose new features selection method based on DNA location. The experiments are conducted using the KDDCup"99 and NSL-KDD datasets. The results showed that DEM3sel encoding method is obtained the best results, with detection rate for DoS, Probe, R2L, and U2R as 99.54%, 99.87%, 99.99%, and 100% respectively, with DR, FAR, and accuracy up to 99.58%, 35.53%, and 92.74% respectively, and matching time equal to 62 seconds. Then an improvement method, used three and four keys and their positions, has improved the accuracy up to 1.75%, and reduced FAR up to 26.48% and matching time to 74 seconds. Furthermore, the implementation of four matching algorithms (Brute force algorithm, Boyer Moore algorithm, Horspool algorithm and Knuth- Morris-Pratt algorithm) and the combination of two algorithms (Boyer Moore Algorithm and Knuth–Morris–Pratt Algorithm) have improved the matching times up to 13,8,6,5, and 16 seconds respectively. The Knuth-Morris-Pratt algorithm has shown the best matching algorithm. The proposed features selection method has improved the DR, FAR and accuracy results up to 1.55%, 0.13% and 1.27% respectively, while the encoding time reduced from 46702 seconds using all 41 features to 325 seconds using the selected features. With such result, it can be concluded that the proposed DNA approach for IDS can be used as a good approach for effective and efficient anomaly IDS.,Ph.D.
Pages: 214
Publisher: UKM, Bangi
Appears in Collections:Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Files in This Item:
File Description SizeFormat 
ukmvital_126638+Source01+Source010.PDF
  Restricted Access		4.33 MBAdobe PDFThumbnail
View/Open
Show full item record Recommend this item


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.