Intrusion Detection System (IDS) is a form of defense that aims to detect suspicious activities and attack against information systems in general. With new types of attacks appearing continuously, developing adaptive and flexible security oriented approaches is a severe challenge. In this scenario, this thesis presents an anomaly-based intrusion detection technique as a valuable technology to protect the target system against malicious activities. This technique uses a semi-supervised learning model to identify and learn from past events as manifested in system logs and build a user behavior profile. The observed behavior of the user is analyzed to infer whether or not the normal profile supports the observed one. This is carried out using two-class classifiers. A new hybrid approach using Support Vector Machine (SVM) and Naïve Bayes (NB) is proposed to provide better accuracy and to reduce the problem of high false positive. The comparison of the proposed approach is made with other SVM and NB techniques. Hybrid approach is found to outperform SVM and NB. For the validation of the result, cross-validation is employed, and the result is presented using Receiver Operating Characteristics (ROC) curve. The experimentation is implemented in datasets from two different organizations.
Roshan Pokhrel, Prabhat Pokharel, Arun Kumar Timalsina, PhD (2019); Anomaly-Based – Intrusion Detection System using User Profile Generated from System Logs; International Journal of Scientific and Research Publications (IJSRP)
9(2) (ISSN: 2250-3153), DOI: http://dx.doi.org/10.29322/IJSRP.9.02.2019.p8631