An intrusion detection system for network security situational awareness using conditional random fields

Abstract

The huge proliferation of cyber economy, social media usage and online transactions has resulted in large volumes of data in the cyber space. This has led to an increase in concern over the security of confidential data in the cyber space. Network security situational awareness systems helps in effectively monitoring a network for suspicious activities and thwarting any attacks on the information stored in the network. In this paper, an intrusion detection system for network security situational awareness using conditional random field has been proposed. Conditional random fields being conditional models are capable of modeling inter relationships between the observed features. This results in greater accuracy in classification. Conditional random field's complexity increases with the number of features in the observation. To reduce this complexity, a feature selection method using oneR algorithm has been proposed. The ability of oneR algorithm to find the best attribute that result in optimal classification has been used for ranking the features in the observation. The proposed system was trained and tested using the bench mark NSLKDD dataset. The proposed system on experimentation, exhibited higher accuracy (98%) in identifying an attack in general and also showed better performance (> 93%) in identifying individual attack categories specifically.