| According to the techniques being used,network intrusion detection systems (IDS) can be categorized as anomaly-based and misuse-based. Anomaly detection is a very active area in the research of IDS. As a network measurement means, statistics of packet headers play an important role for many network management tasks. Aggregating the information contained in packet headers in different ways may constitute usedful metrics for the network traffics. A specific subset extracted from these metrics can be used to describe the behaviors of network attacks. In theory, if these metrics present relative stability in attack free environment and are sensitive to attacks, they are ideal for the detection of the network attack occurrences. For a collection of such candidate metrics, the redundant features can be removed with principal component analysis and information gain techniques, to reduce real-time detection overhead. Machine learning based classifiers are used to detect anomaly caused by network attacks. Three classifiers are design with the selected metrics: support vector machine classifier, neural network classifier trained with BP algorithm, neural network classifier trained with PSO algorithm. These classifiers are tested with DARPA data sets of MIT Lincoln Labs used to test the effectiveness IDSs. After training, these classifiers all achieve accuracy rate above 97%, demonstrating the effectiveness of the proposed aggregated nework behavior metrics in the detection of network traffic anomaly. In addition, the outcomes of the experiments show that deleting the redundant inputs of classifiers can generate the correct prediction. |
PDF Full Text Request