Intelligent Solution for New Cyberspace Attacks رسالة ماجستير

Abstract

The main issues of Intrusion Detection Systems (IDS) are the sensitivity of these systems toward the errors and the inconsistent and inequitable ways in which the evaluation processes of these systems were often performed. Most of the previous efforts concerned about improving the overall accuracy of these models via increasing the detection rate and decreasing the false alarm which is truly important. However, even they improved the overall accuracy of these systems; they almost fell in the accuracy paradox phenomena. Machine Learning (ML) algorithms mostly classifies all or most the records of the minor classes to one of the main classes with negligible impact on performance. The seriousness of the threats caused by the minor classes and the short coming of the previous efforts were used to address this issue in addition to the need for improving the performance of the IDSs were the motivations for this work. In this thesis, stratified sampling method and different cost-function schemes were consolidated with both Support Vector Machine (SVM) and Extreme Learning Machine (ELM) methods to build competitive ID solutions that improved the performance of these systems and reduced the occurrence of the accuracy paradox problem. This, while ensuring a consistent and fair evaluation of the performed experiments. The main experiments were performed on NSL-KDD dataset while that the UNB ISCX2012 dataset was used to proof the concept. The experimental results of NSL-KDD dataset showed that the ten-fold Gaussian radial base function (RBF) kernel WSVM model was better than Ji et al. Multi-Level ID method models, it was the most stable one and it had better performance than the multi-level SVM model in all rounds and the multi- V level neural network (NN) model in most rounds. They also showed that the optimized Gaussian RBF kernel with two-fold SVM model was better performance than Al-Yaseen at el. Multi-level hybrid SVM and ELM models in overall accuracy, recall and F-score. Also, it competed the best model of Fossaceca et al. MARK-ELM in DoS and R2U classes and it had better performance in the Probing and U2R classes. While the experimental results of UNB ISCX2012 dataset showed that the optimized Gaussian RBF with WSVM was better than the polynomial kernel SVM model in the recent thesis in the overall accuracy in addition to all F-score values except the Botnet F-Score. The better F-score of the botnet that achieved by the previous thesis experiments on a random selected subset did not reflect better performance on that set because the weakness of the experiments