ISSN (ONLINE) : 2045 -8711 ISSN (PRINT) : 2045 -869X
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY & CREATIVE ENGINEERING MARCH 2018 VOL- 8 NO -3
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018
UK: Managing Editor International Journal of Innovative Technology and Creative Engineering 1a park lane, Cranford London TW59WA UK E-Mail: firstname.lastname@example.org Phone: +44-773-043-0249 USA: Editor International Journal of Innovative Technology and Creative Engineering Dr. Arumugam Department of Chemistry University of Georgia GA-30602, USA. Phone: 001-706-206-0812 Fax:001-706-542-2626 India: Editor International Journal of Innovative Technology & Creative Engineering Dr. Arthanariee. A. M Finance Tracking Center India 66/2 East mada st, Thiruvanmiyur, Chennai -600041 Mobile: 91-7598208700
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018
International Journal of Innovative Technology & Creative Engineering Vol.8 No.3 March 2018
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018
From Editor's Desk Dear Researcher, Greetings! Research article in this issue discusses about motivational factor analysis. Let us review research around the world this month. Galaxies, stars, planets and life, all are formed from one essential substance: matter. But the abundance of matter is one of the biggest unsolved mysteries of physics. The Big Bang, 13.8 billion years ago, spawned equal amounts of matter and its bizarro twin, antimatter. Matter and antimatter partners annihilate when they meet, so an even stephen universe would have ended up full of energy and nothing else. Somehow, the balance tipped toward matter in the early universe. A beguiling subatomic particle called a neutrino may reveal how that happened. If neutrinos are their own antiparticles meaning that the neutrino’s matter and antimatter versions are the same thing the lightweight particle might point to an explanation for the universe’s glut of matter. So scientists are hustling to find evidence of a hypothetical kind of nuclear decay that can occur only if neutrinos and antineutrinos are one and the same. But another attempt, set to begin soon, may have a fighting chance of detecting this decay, if it occurs. Meanwhile, planning is under way for a new generation of experiments that will make even more sensitive measurements. Neutrino less double beta decay is a variation on standard beta decay, a relatively common radioactive process that occurs naturally on Earth. In beta decay, a neutron within an atom’s nucleus converts into a proton, releasing an electron and an antineutrino. The element thereby transforms into another one further along the periodic table. It has been an absolute pleasure to present you articles that you wish to read. We look forward to many more new technologies related research articles from you and your friends. We are anxiously awaiting the rich and thorough research papers that have been prepared by our authors for the next issue.
Thanks, Editorial Team IJITCE
Editorial Members Dr. Chee Kyun Ng Ph.D Department of Computer and Communication Systems, Faculty of Engineering,Universiti Putra Malaysia,UPMSerdang, 43400 Selangor,Malaysia. Dr. Simon SEE Ph.D Chief Technologist and Technical Director at Oracle Corporation, Associate Professor (Adjunct) at Nanyang Technological University Professor (Adjunct) at ShangaiJiaotong University, 27 West Coast Rise #08-12,Singapore 127470 Dr. sc.agr. Horst Juergen SCHWARTZ Ph.D, Humboldt-University of Berlin,Faculty of Agriculture and Horticulture,Asternplatz 2a, D-12203 Berlin,Germany Dr. Marco L. BianchiniPh.D Italian National Research Council; IBAF-CNR,Via Salaria km 29.300, 00015 MonterotondoScalo (RM),Italy Dr. NijadKabbaraPh.D Marine Research Centre / Remote Sensing Centre/ National Council for Scientific Research, P. O. Box: 189 Jounieh,Lebanon Dr. Aaron Solomon Ph.D Department of Computer Science, National Chi Nan University,No. 303, University Road,Puli Town, Nantou County 54561,Taiwan Dr. Arthanariee. A. M M.Sc.,M.Phil.,M.S.,Ph.D Director - Bharathidasan School of Computer Applications, Ellispettai, Erode, Tamil Nadu,India Dr. Takaharu KAMEOKA, Ph.D Professor, Laboratory of Food, Environmental & Cultural Informatics Division of Sustainable Resource Sciences, Graduate School of Bioresources,Mie University, 1577 Kurimamachiya-cho, Tsu, Mie, 514-8507, Japan Dr. M. Sivakumar M.C.A.,ITIL.,PRINCE2.,ISTQB.,OCP.,ICP. Ph.D. Project Manager - Software,Applied Materials,1a park lane,cranford,UK Dr. Bulent AcmaPh.D Anadolu University, Department of Economics,Unit of Southeastern Anatolia Project(GAP),26470 Eskisehir,TURKEY Dr. SelvanathanArumugamPh.D Research Scientist, Department of Chemistry, University of Georgia, GA-30602,USA.
Review Board Members Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials,CSIRO Process Science & Engineering Private Bag 33, Clayton South MDC 3169,Gate 5 Normanby Rd., Clayton Vic. 3168, Australia Dr. Zhiming Yang MD., Ph. D. Department of Radiation Oncology and Molecular Radiation Science,1550 Orleans Street Rm 441, Baltimore MD, 21231,USA Dr. Jifeng Wang Department of Mechanical Science and Engineering, University of Illinois at Urbana-Champaign Urbana, Illinois, 61801, USA Dr. Giuseppe Baldacchini ENEA - Frascati Research Center, Via Enrico Fermi 45 - P.O. Box 65,00044 Frascati, Roma, ITALY. Dr. MutamedTurkiNayefKhatib Assistant Professor of Telecommunication Engineering,Head of Telecommunication Engineering Department,Palestine Technical University (Kadoorie), TulKarm, PALESTINE.
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018 Dr.P.UmaMaheswari Prof &Head,Depaartment of CSE/IT, INFO Institute of Engineering,Coimbatore. Dr. T. Christopher, Ph.D., Assistant Professor &Head,Department of Computer Science,Government Arts College(Autonomous),Udumalpet, India. Dr. T. DEVI Ph.D. Engg. (Warwick, UK), Head,Department of Computer Applications,Bharathiar University,Coimbatore-641 046, India. Dr. Renato J. orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business School,RuaItapeva, 474 (8° andar),01332-000, São Paulo (SP), Brazil Visiting Scholar at INSEAD,INSEAD Social Innovation Centre,Boulevard de Constance,77305 Fontainebleau - France Y. BenalYurtlu Assist. Prof. OndokuzMayis University Dr.Sumeer Gul Assistant Professor,Department of Library and Information Science,University of Kashmir,India Dr. ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg., Rm 120,Hampton University,Hampton, VA 23688 Dr. Renato J. Orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business SchoolRuaItapeva, 474 (8° andar),01332-000, São Paulo (SP), Brazil Dr. Lucy M. Brown, Ph.D. Texas State University,601 University Drive,School of Journalism and Mass Communication,OM330B,San Marcos, TX 78666 JavadRobati Crop Production Departement,University of Maragheh,Golshahr,Maragheh,Iran VineshSukumar (PhD, MBA) Product Engineering Segment Manager, Imaging Products, Aptina Imaging Inc. Dr. Binod Kumar PhD(CS), M.Phil.(CS), MIAENG,MIEEE HOD & Associate Professor, IT Dept, Medi-Caps Inst. of Science & Tech.(MIST),Indore, India Dr. S. B. Warkad Associate Professor, Department of Electrical Engineering, Priyadarshini College of Engineering, Nagpur, India Dr. doc. Ing. RostislavChoteborský, Ph.D. Katedramateriálu a strojírenskétechnologieTechnickáfakulta,Ceskázemedelskáuniverzita v Praze,Kamýcká 129, Praha 6, 165 21 Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials,CSIRO Process Science & Engineering Private Bag 33, Clayton South MDC 3169,Gate 5 Normanby Rd., Clayton Vic. 3168 DR.ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg.,HamptonUniversity,Hampton, VA 23688 Mr. Abhishek Taneja B.sc(Electronics),M.B.E,M.C.A.,M.Phil., Assistant Professor in the Department of Computer Science & Applications, at Dronacharya Institute of Management and Technology, Kurukshetra. (India). Dr. Ing. RostislavChotěborský,ph.d, Katedramateriálu a strojírenskétechnologie, Technickáfakulta,Českázemědělskáuniverzita v Praze,Kamýcká 129, Praha 6, 165 21
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018 Dr. AmalaVijayaSelvi Rajan, B.sc,Ph.d, Faculty – Information Technology Dubai Women’s College – Higher Colleges of Technology,P.O. Box – 16062, Dubai, UAE Naik Nitin AshokraoB.sc,M.Sc Lecturer in YeshwantMahavidyalayaNanded University Dr.A.Kathirvell, B.E, M.E, Ph.D,MISTE, MIACSIT, MENGG Professor - Department of Computer Science and Engineering,Tagore Engineering College, Chennai Dr. H. S. Fadewar B.sc,M.sc,M.Phil.,ph.d,PGDBM,B.Ed. Associate Professor - Sinhgad Institute of Management & Computer Application, Mumbai-BangloreWesternly Express Way Narhe, Pune - 41 Dr. David Batten Leader, Algal Pre-Feasibility Study,Transport Technologies and Sustainable Fuels,CSIRO Energy Transformed Flagship Private Bag 1,Aspendale, Vic. 3195,AUSTRALIA Dr R C Panda (MTech& PhD(IITM);Ex-Faculty (Curtin Univ Tech, Perth, Australia))Scientist CLRI (CSIR), Adyar, Chennai - 600 020,India Miss Jing He PH.D. Candidate of Georgia State University,1450 Willow Lake Dr. NE,Atlanta, GA, 30329 Jeremiah Neubert Assistant Professor,MechanicalEngineering,University of North Dakota Hui Shen Mechanical Engineering Dept,Ohio Northern Univ. Dr. Xiangfa Wu, Ph.D. Assistant Professor / Mechanical Engineering,NORTH DAKOTA STATE UNIVERSITY SeraphinChallyAbou Professor,Mechanical& Industrial Engineering Depart,MEHS Program, 235 Voss-Kovach Hall,1305 OrdeanCourt,Duluth, Minnesota 55812-3042 Dr. Qiang Cheng, Ph.D. Assistant Professor,Computer Science Department Southern Illinois University CarbondaleFaner Hall, Room 2140-Mail Code 45111000 Faner Drive, Carbondale, IL 62901 Dr. Carlos Barrios, PhD Assistant Professor of Architecture,School of Architecture and Planning,The Catholic University of America Y. BenalYurtlu Assist. Prof. OndokuzMayis University Dr. Lucy M. Brown, Ph.D. Texas State University,601 University Drive,School of Journalism and Mass Communication,OM330B,San Marcos, TX 78666 Dr. Paul Koltun Senior Research ScientistLCA and Industrial Ecology Group,Metallic& Ceramic Materials CSIRO Process Science & Engineering Dr.Sumeer Gul Assistant Professor,Department of Library and Information Science,University of Kashmir,India Dr. ChutimaBoonthum-Denecke, Ph.D Department of Computer Science,Science& Technology Bldg., Rm 120,Hampton University,Hampton, VA 23688
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018 Dr. Renato J. Orsato Professor at FGV-EAESP,Getulio Vargas Foundation,São Paulo Business School,RuaItapeva, 474 (8° andar)01332-000, São Paulo (SP), Brazil Dr. Wael M. G. Ibrahim Department Head-Electronics Engineering Technology Dept.School of Engineering Technology ECPI College of Technology 5501 Greenwich Road Suite 100,Virginia Beach, VA 23462 Dr. Messaoud Jake Bahoura Associate Professor-Engineering Department and Center for Materials Research Norfolk State University,700 Park avenue,Norfolk, VA 23504 Dr. V. P. Eswaramurthy M.C.A., M.Phil., Ph.D., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 007, India. Dr. P. Kamakkannan,M.C.A., Ph.D ., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 007, India. Dr. V. Karthikeyani Ph.D., Assistant Professor of Computer Science, Government Arts College(Autonomous), Salem-636 008, India. Dr. K. Thangadurai Ph.D., Assistant Professor, Department of Computer Science, Government Arts College ( Autonomous ), Karur - 639 005,India. Dr. N. Maheswari Ph.D., Assistant Professor, Department of MCA, Faculty of Engineering and Technology, SRM University, Kattangulathur, Kanchipiram Dt - 603 203, India. Mr. Md. Musfique Anwar B.Sc(Engg.) Lecturer, Computer Science & Engineering Department, Jahangirnagar University, Savar, Dhaka, Bangladesh. Mrs. Smitha Ramachandran M.Sc(CS)., SAP Analyst, Akzonobel, Slough, United Kingdom. Dr. V. Vallimayil Ph.D., Director, Department of MCA, Vivekanandha Business School For Women, Elayampalayam, Tiruchengode - 637 205, India. Mr. M. Moorthi M.C.A., M.Phil., Assistant Professor, Department of computer Applications, Kongu Arts and Science College, India PremaSelvarajBsc,M.C.A,M.Phil Assistant Professor,Department of Computer Science,KSR College of Arts and Science, Tiruchengode Mr. G. Rajendran M.C.A., M.Phil., N.E.T., PGDBM., PGDBF., Assistant Professor, Department of Computer Science, Government Arts College, Salem, India. Dr. Pradeep H Pendse B.E.,M.M.S.,Ph.d Dean - IT,Welingkar Institute of Management Development and Research, Mumbai, India Muhammad Javed Centre for Next Generation Localisation, School of Computing, Dublin City University, Dublin 9, Ireland Dr. G. GOBI Assistant Professor-Department of Physics,Government Arts College,Salem - 636 007 Dr.S.Senthilkumar Post Doctoral Research Fellow, (Mathematics and Computer Science & Applications),UniversitiSainsMalaysia,School of Mathematical Sciences, Pulau Pinang-11800,[PENANG],MALAYSIA. Manoj Sharma Associate Professor Deptt. of ECE, PrannathParnami Institute of Management & Technology, Hissar, Haryana, India RAMKUMAR JAGANATHAN Asst-Professor,Dept of Computer Science, V.L.B Janakiammal college of Arts & Science, Coimbatore,Tamilnadu, India
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND CREATIVE ENGINEERING (ISSN:2045-8711) VOL.8 NO.3 MARCH 2018 Dr. S. B. Warkad Assoc. Professor, Priyadarshini College of Engineering, Nagpur, Maharashtra State, India Dr. Saurabh Pal Associate Professor, UNS Institute of Engg. & Tech., VBS Purvanchal University, Jaunpur, India Manimala Assistant Professor, Department of Applied Electronics and Instrumentation, St Joseph’s College of Engineering & Technology, Choondacherry Post, Kottayam Dt. Kerala -686579 Dr. Qazi S. M. Zia-ul-Haque Control Engineer Synchrotron-light for Experimental Sciences and Applications in the Middle East (SESAME),P. O. Box 7, Allan 19252, Jordan Dr. A. Subramani, M.C.A.,M.Phil.,Ph.D. Professor,Department of Computer Applications, K.S.R. College of Engineering, Tiruchengode - 637215 Dr. SeraphinChallyAbou Professor, Mechanical & Industrial Engineering Depart. MEHS Program, 235 Voss-Kovach Hall, 1305 Ordean Court Duluth, Minnesota 55812-3042 Dr. K. Kousalya Professor, Department of CSE,Kongu Engineering College,Perundurai-638 052 Dr. (Mrs.) R. Uma Rani Asso.Prof., Department of Computer Science, Sri Sarada College For Women, Salem-16, Tamil Nadu, India. MOHAMMAD YAZDANI-ASRAMI Electrical and Computer Engineering Department, Babol"Noshirvani" University of Technology, Iran. Dr. Kulasekharan, N, Ph.D Technical Lead - CFD,GE Appliances and Lighting, GE India,John F Welch Technology Center,Plot # 122, EPIP, Phase 2,Whitefield Road,Bangalore – 560066, India. Dr. Manjeet Bansal Dean (Post Graduate),Department of Civil Engineering,Punjab Technical University,GianiZail Singh Campus,Bathinda -151001 (Punjab),INDIA Dr. Oliver Jukić Vice Dean for education,Virovitica College,MatijeGupca 78,33000 Virovitica, Croatia Dr. Lori A. Wolff, Ph.D., J.D. Professor of Leadership and Counselor Education,The University of Mississippi,Department of Leadership and Counselor Education, 139 Guyton University, MS 38677
Contents An Hybrid Approach for Classification of KDD Data N.Raghavendra Sai & Dr. K.Satya Rajesh
An Hybrid Approach for Classification of KDD Data N.Raghavendra Sai Research Scholar, Department of Computer Science, Bharathiar University, Coimbatore, Tamil Nadu, India. email@example.com Dr.K.Satya Rajesh HOD, Department of Computer Science & Engineering, SRR & CVR Degree College, Vijayawada, AP, India. firstname.lastname@example.org Abstract- The one-class order has been effectively (SVs), and lying outside or on the sphere. In one-class SVM as connected in numerous correspondence, flag preparing, defined in [9, 2], the resulting convex optimization problem is and machine learning undertakings. This issue, as often solved using a quadratic programming technique. Several characterized by the one class SVM approach, comprises efforts have been made in order to derive one-class in distinguishing a circle encasing all (or the most) of the classification machines with low computational complexity information. The established technique to take care of the . In the same sense as least-squares SVM is derived from issue considers a synchronous estimation of both the the classical SVM method [12, 13], some attempts have been inside and the span of the circle. In this paper, we think about the effect of isolating the estimation issue. For made to derive from the one-class SVM a least-squares variant, reasons unknown basic one-class grouping techniques such as in . However, unlike the former, the latter do not can be effectively inferred, by thinking about a slightest have a decision function, thus inappropriate for novelty squares plan. The proposed system enables us to infer detection. In this paper, we propose to solve the one-class some hypothetical outcomes, for example, an upper problem by decoupling the estimation of the center and the bound on the likelihood of false recognition. The radius of the sphere englobing all (or most of) the training significance of this work is shown on surely understood samples. In the same spirit as the classical one-class SVM datasets. machines, we consider a sparse solution with SVs lying outside Keywords- KDD, IDS, SVM, Data. or on the sphere. It turns our that the optimal sparse solution can be defined using a least-squares optimization problem, thus leading to a low computational complexity problem. This 1. INTRODUCTION The one-class classification machines has become a framework allows us to derive some theoretical results. We give very active research domain in machine learning [1, 2] an upper bound on the probability of false detection, i.e., providing a detection rule based on recent advances in learning probability that a new sample is outside the sphere defined by theory. In one-class classification, the problem consists in the sparse solution. covering a single target class of samples, represented by a training set, and separate it from any novel sample not belonging to the same class, i.e., an outlier sample. It has been successfully applied in many novelty detection and classification tasks, including communication network performance , wireless sensor networks , forensic science , detection of handwritten digits  and objet recognition , only to name a few. Moreover, it has been extended naturally to binary and multiclass classification tasks, by applying a single one-class classifier to each class and subsequently combining the decision rules . Since only a single class is identified, it is essentially a data domain description or a class density estimation problem, while it provides a novelty detection rule. Different methods to solve the one-class problem have been developed, initiated from the so-called one-class support vector machines (SVM) [9, 2]. The one-class classification task consists in identifying a sphere of minimum volume that englobes all (or most of) the training data, by estimating jointly its center and its radius. These methods exploit many features from conventional SVM , including a nonlinear extension thanks to the concept of reproducing kernels. They also inherit the robustness to outliers in the training set, by providing a sparse solution of the center. This sparse solution explores a small fraction of the training samples, called support vectors
2. RELATED WORKS Several metrics are used to evaluate and compare the performance of Intrusion Detection Systems (IDSs). The most basic metrics are the detection and false alarm rates. The detection rate is equal to the number of intrusions detected divided by the total number of intrusions in a data set, while the false alarm rate is equal to the number of normal instances detected as intrusions divided by the number of normal instances in a data set. False alarms are also referred to as false positives . The diagnosis rate (or recall), meaning the number of correctly classified intrusions divided by the total number of intrusions, is also a relevant metric and we refer to it across this paper. In the KDD Cup 1999 the criteria utilized for assessment of the member passages is the ACTE processed utilizing the disarray framework and a given cost lattice. The disarray lattice is gotten while characterizing the occurrences in the test dataset. Every segment of the perplexity framework speaks to the occasions in an anticipated class, while each line speaks to the cases in a real class. The cost network is given in Table 1.
3. DATASET The KDD Cup 1999 utilizations an adaptation of the information on which the 1998 DARPA Intrusion Detection Evaluation Program was performed. The preparation dataset was gained in a seven week time allotment of checking the system and was handled into very nearly 5 million occurrences. The test dataset was procured amid a two week time allotment and contains 311029 occasions. Both preparing and test datasets are marked with the name of the assault write or as being ordinary movement . There are 38 diverse assault writes in preparing and test information together and these assault composes fall into four principle classifications: test, disavowal of administration (DoS), remote to neighborhood (R2L) and client to root (U2R) . The dataset is extremely unbalanced; most instances are DoS traffic (79%), while the other three attack types together make less than 2% of the instances. Around 19% of the instances correspond to normal traffic. The test dataset has different distribution than the training dataset and contains several new attacks (17 new attacks out of 38 possible attacks). Figure 1 depicts the distribution of the full training dataset, 10% of the full training dataset and of the testing dataset. It can be noticed that the normal, probe and DoS connections keep their distribution across the three datasets while the same is not valid for U2R and R2L connections. For U2R connections a slight increase in number of instances in the test dataset versus the training dataset can be noticed. U2R instances represent 0.01% of the 10% training dataset and 0.2% of the test dataset. On th other hand, the proportion of the R2L connections dramatically increases in the test dataset (5.2%) comparing to the training one (0.2%). Furthermore, the R2L connections are spread in space posing real challenge for determining an accurate model for classification.
4. SVM The machine learning method used in this paper is the support vector machines (SVMs) . SVMs are a set of related supervised learning methods used for classification and regression. The examinations in this paper utilize direct SVM as actualized in Text Garden . One-to-all, one-to-one and one-to-all-3categ IDSs The one-to-all IDS utilize the 10% preparing dataset and pre-processes it as portrayed in Section 4.1. Subsequent
to pre-processing, five preparing documents are made. In every one of the records, one assault write speaks to the positive class and the various assaults speak to the negative class. The SVM is trained on these five files and for each input file, it builds an output model that distinguishes between the positive class and all the other classes in the input, this is why the name one-to-all. Each connection in the test data is then fed to the models, each model decides if the connection belongs or not to a class with a certain degree of confidence. The connection is classified as belonging to the class that classified it with highest confidence. Figure 2 presents the workflow of the one-to-all IDS. The outcome of the voting is summarized into a confusion matrix and finally the average cost per text example is computed.
The one-to-one IDS works similarly as the oneto-all IDS with two exceptions: the training files and the voting method. Each training files contains only two types of attacks: one represents the positive class and the other represents the negative class. This way 10 training files are prepared and 10 models are built. When a new connection has to be classified, each model decides for one of the two classes the connection belongs to. The connection is classified as belonging to the class to which the majority of the models assigned it to. Figure 3 presents the workflow of the one-toone IDS. The third IDS tries to adapt to the nature of the training data. Given the unbalanced nature of the data, it attempts to build a better model for classifying minority classes. In order to achieve this, two sets of one-to-all training files are used. The first set is formed of two files in which the positive class is represented by normal and DoS connections respectively, and the negative class is represented by all other types of connections (one-to-all test files). The second set of training files contains only three types of connections: probe, R2L and U2R filtered from the full dataset, resulting in three one-to-all files (one-to-all 3categ files since the â€œallâ€? stands for the other two minority categories). SVM is trained on all five files and a two level voting is applied to the new instances. The one-to-all IDS uses the 10% getting ready dataset and pre-processes it as depicted in Section 4.1.
Resulting to pre-processing, five getting ready reports are made. In each one of the records, one attack compose addresses the positive class and the different ambushes address the negative class.
Figure 3 One-to-one IDS
5. Results When dealing with such large and unbalanced datasets as the one provided for the KDD Cup 1999, an important step is to understand the data and find a suitable model for it. Our approach was to build models on a 100.000 instance dataset obtained as explained in Section 4.1 and classify the test dataset using the three IDSs described in Section 4.3. Table 2 presents the results obtained at this stage. The one-to-one IDS has the poorest ACTE, the one-to-all3categ IDS has the best ACTE while the results for one-toall IDS are somewhere in between. The one-to-all IDS has a high detection rate, a good diagnosis rate but a very high false alarm rate meaning that it classifies most of the normal traffic as intrusion. This framework doesn't recognize test, R2L and U2R interruptions by any stretch of the imagination. All the movement is delegated DoS or typical, however it appears that it mistakes DoS for ordinary frequently. This might be due to the SVM cost parameters that are not optimized for this dataset or to the nature of the dataset. The one-to-one
scenario has lower false alarm rate, but has poor diagnosis performance, meaning that it detects most of the alarms, but it doesnâ€™t classify them correctly. The high ACTE appears to originate from misclassifying DoS assaults (more than 220.000 occurrences out of 311.000) for R2L assaults. At last, the one-to-all3categ IDS gives the best outcomes: great ACTE, great location and determination rates and low false alert rate. In any case, this outcome may be additionally enhanced by parameter tuning or expanding the measure of the preparation dataset.
The next step in the approach was to tune SVM parameters in order to build more accurate models. The 10% training dataset (494021 instances) with 10 fold cross validation were used to build the models and the three resulting IDSs were then tested. The results are listed in Table 3.
The one-to-all IDS improved the overall performance as well as the detection, diagnosis and false alarm rates. Both detection and diagnosis rates are quite good and false alarm rate is low, meaning the system detects and correctly determines the class of over 90% of connections and has a small false alarm rate (1.6%). The one-to-one IDS also improved: it has the smallest ACTE and good detection and diagnosis rate. The false alarm rate is slightly higher than for the one-to-all IDS. The most unexpected result comes from the one-to-all-3categ IDS: there is no improvement in the detection, diagnosis and false alarm rates. The ACTE slightly increases, due to more expensive (see the cost matrix) misclassifications. We can go more into detail with the analysis of the performance of the three IDSs by comparing the output confusion matrices listed in Table 4, Table 5 and Table 6. Rows represent the labels of the connections and columns represent the class attributed by the IDS. The last row displays the rate of true positives (e.g. 71.0% of the connections classified as normal are normal) and the last column displays the accuracy (e.g. 98.3% of normal traffic was classified as normal).
signatures could be used. 6. Conclusion In this paper we studied the performance of linear SVM in classifying normal and attack connections sniffed from a computer network. We proposed a two level voting IDS that proved to perform well on a small training set but performed relatively poor when the training dataset increased. In the context of intrusion detection in a computer network, attacks such as R2L and U2R that result in small number of traffic packets seem to pose a real challenge for detection and diagnosis. A good, simple and fast classifier that is able to detect novel attacks is hard to build. Usually simplicity and speed are traded for accuracy and machine learning methods are complemented by traditional signature based methods.
It can be seen in Table 4 that the one-to-all IDS performs well on normal and DoS connections, on probe it has a rather poor performance (70.1% diagnosis) and misclassifies most of U2R (15.7% diagnosis) and R2L (2.2% diagnosis) connections. Most of the misclassified probe, U2R and R2L connections are classified as normal. The models for normal and DoS traffic are fairly accurate since they had a large set of training instances to build on. The one-to-one IDS performs better than one-to-all IDS as can be seen in Table 5. This IDS performs significantly better than one-to-all IDS on classifying U2R and R2L connections: it classifies 45.7% of U2R connections and 9.3% of R2L connections. The R2L connections are spread in space so that linear SVM proves to be inefficient for building a good model for classifying these instances. We noticed a tradeoff: the more accurate the SVM model for classifying R2L connections, the poorest in classifying normal connections and the other way around. The one-to-all-3categ IDS performs worse than the other two IDSs in classifying R2L and U2R attacks, and performs slightly better on classifying probe attacks. It seems indeed that linear SVM is limited in building a good model for separating normal traffic from R2L due to the spread of these connections. Even though we introduced the one-to-all-3categ IDS in order to perform better at separating the three minority classes from the two major ones (normal and DoS), it seems like the model built using SVM is not accurate enough so that this voting system proves efficient. Most of the R2L connections do not pass the first level voting, being classified as normal. Comparing to relevant results in the literature, the IDSs studied in the paper are less accurate. The one-to-one IDS with 0.2479 ACTE would rank 8th in the KDD Cup 1999 contest. Higher accuracy can be obtained by increasing the complexity of the system. SVMs with different kernels can be used for building better models, but with this approach, classification speed would decrease , this is undesired in real time IDSs. Hybrid systems that combine several machine learning methods or that combine machine learning methods with the more classical ones based on
  
REFERENCES KDD Cup 1999 Task Description, http://kdd.ics.uci.edu/databases/kddcup99/task.html Bernhard Pfahringer, Winning the KDD99 Classification Cup: Bagged Boosting, ACM SIGKDD Explorations Newsletter, Volume 1, Issue 2, p. 65-66 January 2000. Itzhak Levin, KDD-99 Classifier Learning Contest LLSoft’s Results Overview, ACM SIGKDD Explorations Newsletter, Volume 1, Issue 2, p. 67-75 January 2000. Vladimir Miheev, Alexei Vopilov, Ivan Shabalin, The MP13 Approach to the KDD'99 Classifier Learning Contest, SIGKDD Explorations Newsletter, Volume 1, Issue 2, p76-77 January 2000. Tsong Song Hwang, Tsung-Ju Lee, Yuh-Jye Lee, A Three-tier IDS via Data Mining Approach, MineNet’07, June 12, 2007, San Diego, California, USA W. Lee. A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD thesis, Columbia University, 1999. Computer Security and Intrusion Detection, http://www.acm.org/crossroads/xrds11-1/csid.html H. Gunes Kayacik, Nur Zincir-Heywood, Malcolm I. Heywood, Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD ’99 Benchmark,http://www.unb.ca/pstnet/pst2005/Shaug hnessy%20Room/Oct13/GK_FeatRelevance.ppt#256 ,1,Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark Results of the KDD Cup 1999 Classifier Learning Contest,http://wwwcse.ucsd.edu/users/elkan/clresults .html TextGarden–Text Mining Tools, http://kt.ijs.si/Dunja/textgarden/ C. Cortes and V. Vapnik, Support-Vector Networks, Machine Learning, 20(3):273-297, September 1995. Y.-J. Lee and O. L. Mangasarian. SSVM: A smooth support vector machine. Computational Optimization and Applications, 20:5–22, 2001. Data Mining Institute, University of Wisconsin, Technical Report 99-03.
International Journal of Innovative Technology and Creative Engineering (ISSN:2045-8711)