Abstract
Intrusion Detection Systems (IDSs) are efficient applications that monitor activities of specific network or system to detect any abnormal activity and then send alarms for a defined management station. However, the current IDSs generate a high number of false alarms; False Positives (FP) and False Negatives (FN), which decreases the accuracy of distinguishing attacks from normal activities. Therefore, this thesis introduces the implementation of enhanced IDS using two classifiers: PCA-SVM and PCA-KNN. The performance of the system with using these classifiers is compared using the NSL-KDD dataset to determine the optimal classifier in terms of detection rate and the number of generated false alarms. This is performed based on dividing the dataset into training and testing sets, where the Control Chart is then applied on the training set to improve the results, where it filters the data to remove the out-bound data and keep the data in the range from Mean-3sigma to Mean+3sigma.
Six evaluation metrics; FP, FN, True Positive (TP), True Negative (TN), Detection Rate (DR) and Classification Rate (CR) are computed for both classifiers for three sets of features; with and without applying a control chart. The obtained results demonstrate that the PCA-KNN based IDS with control chart offers the best detection rate with minimum number of generated false alarms for sets F2 and F3, while the PCA-SVM based IDS with control chart offers the best detection rate with minimum number of generated false alarms for F1. The average achieved detection rate for the PCA-KNN based IDS is 98.17% with control chart and 88.7738% without control chart. On the other hand, the average achieved detection rate for the PCA-SVM based IDS is 97.62% with control chart and 96.63587% without control chart. Based on these outcomes, the application of control chart enhances the detection rate and decreases the number of false alarms for both classifiers. In addition, the PCA-KNN is the best classifier to be applied on the IDS with minimum number of false alarms and highest security and detection rate. Our proposed IDSs are implemented and tested in MATLAB 2014.