inis 18: e1

Research Article

A data-driven approach for Network Intrusion Detection and Monitoring based on Kernel Null Space

Download20 downloads
  • @ARTICLE{10.4108/eai.13-6-2019.159801,
        author={Truong  Thu  Huong and Ta  Phuong  Bac and Quoc  Thong  Nguyen and Huu  Du  Nguyen and Kim  Phuc  Tran},
        title={A data-driven approach for Network Intrusion Detection and Monitoring based on Kernel Null Space},
        journal={EAI Endorsed Transactions on Industrial Networks and Intelligent Systems: Online First},
        volume={},
        number={},
        publisher={EAI},
        journal_a={INIS},
        year={2019},
        month={8},
        keywords={Network Security Support, Kernel Quantile Estimator, One-class Classification, Kernel Null Space vector machine},
        doi={10.4108/eai.13-6-2019.159801}
    }
    
  • Truong Thu Huong
    Ta Phuong Bac
    Quoc Thong Nguyen
    Huu Du Nguyen
    Kim Phuc Tran
    Year: 2019
    A data-driven approach for Network Intrusion Detection and Monitoring based on Kernel Null Space
    INIS
    EAI
    DOI: 10.4108/eai.13-6-2019.159801
Truong Thu Huong1,*, Ta Phuong Bac1, Quoc Thong Nguyen2, Huu Du Nguyen3, Kim Phuc Tran4
  • 1: School of Electronics and Telecommunications, Hanoi University of Science and Technology, 1 Dai Co Viet street, Hanoi, Vietnam
  • 2: Division of Artificial Intelligence, Dong A University, Da Nang, Vietnam
  • 3: Faculty of Information Technology, Vietnam National University of Agriculture, Hanoi, Vietnam
  • 4: GEMTEX Laboratory, Ecole Nationale Sup des Arts et Industries Textiles, BP 30329 59056 Roubaix Cedex 1, France
*Contact email: huong.truongthu@hust.edu.vn

Abstract

In this study, we propose a new approach to determine intrusions of network in real-time based on statistical process control technique and kernel null space method. The training samples in a class are mapped to a single point using the Kernel Null Foley-Sammon Transform. The Novelty Score are computed from testing samples in order to determine the threshold for the real-time detection of anomaly. The efficiency of the proposed method is illustrated over the KDD99 data set. The experimental results show that our new method outperforms the OCSVM and the original Kernel Null Space method by 1.53% and 3.86% respectively in terms of accuracy.