A Hybrid Intrusion Detection System with Traffic Classification Using Supervised Learning Algorithms

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science and Info Sys

Date of Award

Fall 2013

Abstract

As advancement in networking technology and as the Internet is continuing to expand in terms of an enormous number of applications and traffic, the threat from attackers has also grown accordingly. Therefore, detecting the malicious traffic among the normal traffic is a critical need. In addition, identifying and categorizing networking traffic by application is an important part of managing networks. There are several techniques that can detect and classify Internet traffic using Machine Learning Algorithm. I propose a hybrid Intrusion Detection system with traffic classification using supervised learning algorithms. Considering the online traffic classification needs to be done in an efficient, time-saving manner. Therefore, I develop a framework that incorporate detection and traffic classification before the network flow is collected. The framework consists of two parts: an Intrusion Detection module and a traffic classification module, both comprise supervised learning algorithms. The Intrusion Detection module tries to detect the malicious flows by using statistical traffic characteristics. For a new input flow, the framework first performs the Intrusion Detection module. If the flow is detected as malicious flow, the system generates alarm. Otherwise it goes to the traffic classification module to predict network traffic by application.

Advisor

Sang Suh

Subject Categories

Computer Sciences | Physical Sciences and Mathematics

Link to Full Text

Share

COinS