Document Type
Dissertation
Degree
Doctor of Philosophy (PhD)
Major/Program
Electrical Engineering
First Advisor's Name
Hai Deng
First Advisor's Committee Title
Committee chair
Second Advisor's Name
Frank Urban
Second Advisor's Committee Title
Committee member
Third Advisor's Name
Jean Andrian
Third Advisor's Committee Title
Committee member
Fourth Advisor's Name
Deng Pan
Fourth Advisor's Committee Title
Committee member
Keywords
intrusion detection, classification, fuzzy, Dempster-shafer theory
Date of Defense
3-22-2016
Abstract
Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature of cyber attacks, it has been a technical challenge for an intrusion detection system (IDS) to effectively recognize unknown attacks or known attacks with inadequate training data. Therefore in this dissertation work, an innovative two-stage classifier is developed for accurately and efficiently detecting both unknown attacks and known attacks with insufficient or inaccurate training information.
The novel two-stage fuzzy classification scheme is based on advanced machine learning techniques specifically for handling the ambiguity of traffic connections and network data. In the first stage of the classification, a fuzzy C-means (FCM) algorithm is employed to softly compute and optimize clustering centers of the training datasets with some degree of fuzziness counting for feature inaccuracy and ambiguity in the training data. Subsequently, a distance-weighted k-NN (k-nearest neighbors) classifier, combined with the Dempster-Shafer Theory (DST), is introduced to assess the belief functions and pignistic probabilities of the incoming data associated with each of known classes to further address the data uncertainty issue in the cyberattack data. In the second stage of the proposed classification algorithm, a subsequent classification scheme is implemented based on the obtained pignistic probabilities and their entropy functions to determine if the input data are normal, one of the known attacks or an unknown attack. Secondly, to strengthen the robustness to attacks, we form the three-layer hierarchy ensemble classifier based on the FCM weighted k-NN DST classifier to have more precise inferences than those made by a single classifier. The proposed intrusion detection algorithm is evaluated through the application of the KDD’99 datasets and their variants containing known and unknown attacks. The experimental results show that the new two-stage fuzzy KNN-DST classifier outperforms other well-known classifiers in intrusion detection and is especially effective in detecting unknown attacks.
Identifier
FIDC000288
Recommended Citation
Jing, Xueyan, "Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection" (2016). FIU Electronic Theses and Dissertations. 2436.
https://digitalcommons.fiu.edu/etd/2436
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).