Model For Improving Performance Of Network Intrusion Detection Based On Machine Learning Techniques

Digital crimes have increased in number and sophistication affecting the networks quality of services parameters like confidentiality, integrity and availability of resources. Network Intrusion Detection Systems (NIDS) are deployed to optimize detection and provide comprehensive view of intrusion activities. However, NIDSs generates large volumes of alerts mixed with false positives, and repeated warnings for the same attack, or alert notifications from erroneous activity. This prevents Security Analyst in evaluating the severity of each attack and selecting suitable response plan to prevent information and resources‘ loss in the network at the right time. To achieve high accuracy while lowering false alarm rates there are major challenges in designing an intrusion detection system. To address this issue, this work proposes a three-level model for network Intrusion detection that offers multiple types of correlations. In the first level, several feature selection techniques are integrated to find the best set of features used in this work. The existing feature selection techniques includes Correlation Feature Selection (CFS) based evaluator with Best-first searching method, Information Gain (IG) based Attributes Evaluator with ranker searching method, and Chi square and ranker searching method. The second level enhances the structural based alert correlation model to improve the quality of alerts and detection capability by grouping alerts with common attributes based on unsupervised learning techniques.