Real time intrusion detection system for ultra-high-speed big data environments

Real time intrusion detection system for ultra-high-speed big data environments

In recent years, the number of people using the Internet and network services is increasing day by day. On a daily basis, a large amount of data is generated over the Internet from zeta byte to petabytes with a very high speed. On the other hand, we see more security threats on the network, the Inte...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of supercomputing 2016-09, Vol.72 (9), p.3489-3510
Hauptverfasser: Rathore, M. Mazhar, Ahmad, Awais, Paul, Anand
Format: Artikel
Sprache:eng
Schlagworte:
Accuracy
Architecture
Artificial intelligence
Bayesian analysis
Big Data
Classifiers
Compilers
Computer Science
Cybersecurity
Data management
Decision making
Decision trees
High speed
Internet
Interpreters
Intrusion detection systems
Machine learning
Processor Architectures
Programming Languages
Real time
Websites
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 3510
container_issue 9
container_start_page 3489
container_title The Journal of supercomputing
container_volume 72
creator Rathore, M. Mazhar
Ahmad, Awais
Paul, Anand
description In recent years, the number of people using the Internet and network services is increasing day by day. On a daily basis, a large amount of data is generated over the Internet from zeta byte to petabytes with a very high speed. On the other hand, we see more security threats on the network, the Internet, websites, and the enterprise network. Therefore, detecting intrusion in such ultra-high-speed environment in real time is a challenging task. Many intrusion detection systems (IDSs) are proposed for various types of network attacks using machine learning approaches. Most of them are unable to detect recent unknown attacks, whereas the others do not provide a real-time solution to overcome the above-mentioned challenges. Therefore, to address these problems, we propose a real-time intrusion detection system for ultra-high-speed big data environment using Hadoop implementation. The proposed system includes four-layered IDS architecture, which consists of the capturing layer, filtration and load balancing layer, processing or Hadoop layer, and the decision-making layer. Furthermore, feature selection scheme is proposed that selects nine parameters for classification using (FSR) and (BER), as well as from the analysis of DARPA datasets. In addition, five major machine learning approaches are used to evaluate the proposed system including J48, REPTree, random forest tree, conjunctive rule, support vector machine, and Naïve Bayes classifiers. Results show that among all these classifiers, REPTree and J48 are the best classifiers in terms of accuracy as well as efficiency. The proposed system architecture is evaluated with respect to accuracy in terms of true positive (TP) and false positive (FP), with respect to efficiency in terms of processing time and by comparing results with traditional techniques. It has more than 99 % TP and less than 0.001 % FP on REPTree and J48. The system has overall higher accuracy than existing IDSs with the capability to work in real time in ultra-high-speed big data environment.
doi_str_mv 10.1007/s11227-015-1615-5
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1880879120</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1880879120</sourcerecordid><originalsourceid>FETCH-LOGICAL-c316t-742dbe74e9e3b5caa4087a76c5960de82856c9b92f2e9339d4f91505d5bf9c2c3</originalsourceid><addsrcrecordid>eNp1kE1LAzEQhoMoWKs_wFvAc3TytdkcpfgFhYLoOWSzs-2W7m5NUqH_3i3rwYuXmTk87zvwEHLL4Z4DmIfEuRCGAdeMF-PQZ2TGtZEMVKnOyQysAFZqJS7JVUpbAFDSyBlZvaPf0dx2SNs-x0Nqh57WmDHk05WOKWNHmyHSwy5HzzbtesPSHrGmVbumtc-eYv_dxqHvsM_pmlw0fpfw5nfPyefz08filS1XL2-LxyULkheZGSXqCo1Ci7LSwXsFpfGmCNoWUGMpSl0EW1nRCLRS2lo1lmvQta4aG0SQc3I39e7j8HXAlN12OMR-fOl4WY5llgsYKT5RIQ4pRWzcPradj0fHwZ28ucmbG725kzenx4yYMmlk-zXGP83_hn4A4SNwbw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1880879120</pqid></control><display><type>article</type><title>Real time intrusion detection system for ultra-high-speed big data environments</title><source>SpringerNature Journals</source><creator>Rathore, M. Mazhar ; Ahmad, Awais ; Paul, Anand</creator><creatorcontrib>Rathore, M. Mazhar ; Ahmad, Awais ; Paul, Anand</creatorcontrib><description>In recent years, the number of people using the Internet and network services is increasing day by day. On a daily basis, a large amount of data is generated over the Internet from zeta byte to petabytes with a very high speed. On the other hand, we see more security threats on the network, the Internet, websites, and the enterprise network. Therefore, detecting intrusion in such ultra-high-speed environment in real time is a challenging task. Many intrusion detection systems (IDSs) are proposed for various types of network attacks using machine learning approaches. Most of them are unable to detect recent unknown attacks, whereas the others do not provide a real-time solution to overcome the above-mentioned challenges. Therefore, to address these problems, we propose a real-time intrusion detection system for ultra-high-speed big data environment using Hadoop implementation. The proposed system includes four-layered IDS architecture, which consists of the capturing layer, filtration and load balancing layer, processing or Hadoop layer, and the decision-making layer. Furthermore, feature selection scheme is proposed that selects nine parameters for classification using (FSR) and (BER), as well as from the analysis of DARPA datasets. In addition, five major machine learning approaches are used to evaluate the proposed system including J48, REPTree, random forest tree, conjunctive rule, support vector machine, and Naïve Bayes classifiers. Results show that among all these classifiers, REPTree and J48 are the best classifiers in terms of accuracy as well as efficiency. The proposed system architecture is evaluated with respect to accuracy in terms of true positive (TP) and false positive (FP), with respect to efficiency in terms of processing time and by comparing results with traditional techniques. It has more than 99 % TP and less than 0.001 % FP on REPTree and J48. The system has overall higher accuracy than existing IDSs with the capability to work in real time in ultra-high-speed big data environment.</description><identifier>ISSN: 0920-8542</identifier><identifier>EISSN: 1573-0484</identifier><identifier>DOI: 10.1007/s11227-015-1615-5</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Accuracy ; Architecture ; Artificial intelligence ; Bayesian analysis ; Big Data ; Classifiers ; Compilers ; Computer Science ; Cybersecurity ; Data management ; Decision making ; Decision trees ; High speed ; Internet ; Interpreters ; Intrusion detection systems ; Machine learning ; Processor Architectures ; Programming Languages ; Real time ; Websites</subject><ispartof>The Journal of supercomputing, 2016-09, Vol.72 (9), p.3489-3510</ispartof><rights>Springer Science+Business Media New York 2016</rights><rights>Copyright Springer Science &amp; Business Media 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c316t-742dbe74e9e3b5caa4087a76c5960de82856c9b92f2e9339d4f91505d5bf9c2c3</citedby><cites>FETCH-LOGICAL-c316t-742dbe74e9e3b5caa4087a76c5960de82856c9b92f2e9339d4f91505d5bf9c2c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11227-015-1615-5$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11227-015-1615-5$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>Rathore, M. Mazhar</creatorcontrib><creatorcontrib>Ahmad, Awais</creatorcontrib><creatorcontrib>Paul, Anand</creatorcontrib><title>Real time intrusion detection system for ultra-high-speed big data environments</title><title>The Journal of supercomputing</title><addtitle>J Supercomput</addtitle><description>In recent years, the number of people using the Internet and network services is increasing day by day. On a daily basis, a large amount of data is generated over the Internet from zeta byte to petabytes with a very high speed. On the other hand, we see more security threats on the network, the Internet, websites, and the enterprise network. Therefore, detecting intrusion in such ultra-high-speed environment in real time is a challenging task. Many intrusion detection systems (IDSs) are proposed for various types of network attacks using machine learning approaches. Most of them are unable to detect recent unknown attacks, whereas the others do not provide a real-time solution to overcome the above-mentioned challenges. Therefore, to address these problems, we propose a real-time intrusion detection system for ultra-high-speed big data environment using Hadoop implementation. The proposed system includes four-layered IDS architecture, which consists of the capturing layer, filtration and load balancing layer, processing or Hadoop layer, and the decision-making layer. Furthermore, feature selection scheme is proposed that selects nine parameters for classification using (FSR) and (BER), as well as from the analysis of DARPA datasets. In addition, five major machine learning approaches are used to evaluate the proposed system including J48, REPTree, random forest tree, conjunctive rule, support vector machine, and Naïve Bayes classifiers. Results show that among all these classifiers, REPTree and J48 are the best classifiers in terms of accuracy as well as efficiency. The proposed system architecture is evaluated with respect to accuracy in terms of true positive (TP) and false positive (FP), with respect to efficiency in terms of processing time and by comparing results with traditional techniques. It has more than 99 % TP and less than 0.001 % FP on REPTree and J48. The system has overall higher accuracy than existing IDSs with the capability to work in real time in ultra-high-speed big data environment.</description><subject>Accuracy</subject><subject>Architecture</subject><subject>Artificial intelligence</subject><subject>Bayesian analysis</subject><subject>Big Data</subject><subject>Classifiers</subject><subject>Compilers</subject><subject>Computer Science</subject><subject>Cybersecurity</subject><subject>Data management</subject><subject>Decision making</subject><subject>Decision trees</subject><subject>High speed</subject><subject>Internet</subject><subject>Interpreters</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Processor Architectures</subject><subject>Programming Languages</subject><subject>Real time</subject><subject>Websites</subject><issn>0920-8542</issn><issn>1573-0484</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNp1kE1LAzEQhoMoWKs_wFvAc3TytdkcpfgFhYLoOWSzs-2W7m5NUqH_3i3rwYuXmTk87zvwEHLL4Z4DmIfEuRCGAdeMF-PQZ2TGtZEMVKnOyQysAFZqJS7JVUpbAFDSyBlZvaPf0dx2SNs-x0Nqh57WmDHk05WOKWNHmyHSwy5HzzbtesPSHrGmVbumtc-eYv_dxqHvsM_pmlw0fpfw5nfPyefz08filS1XL2-LxyULkheZGSXqCo1Ci7LSwXsFpfGmCNoWUGMpSl0EW1nRCLRS2lo1lmvQta4aG0SQc3I39e7j8HXAlN12OMR-fOl4WY5llgsYKT5RIQ4pRWzcPradj0fHwZ28ucmbG725kzenx4yYMmlk-zXGP83_hn4A4SNwbw</recordid><startdate>20160901</startdate><enddate>20160901</enddate><creator>Rathore, M. Mazhar</creator><creator>Ahmad, Awais</creator><creator>Paul, Anand</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20160901</creationdate><title>Real time intrusion detection system for ultra-high-speed big data environments</title><author>Rathore, M. Mazhar ; Ahmad, Awais ; Paul, Anand</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c316t-742dbe74e9e3b5caa4087a76c5960de82856c9b92f2e9339d4f91505d5bf9c2c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Accuracy</topic><topic>Architecture</topic><topic>Artificial intelligence</topic><topic>Bayesian analysis</topic><topic>Big Data</topic><topic>Classifiers</topic><topic>Compilers</topic><topic>Computer Science</topic><topic>Cybersecurity</topic><topic>Data management</topic><topic>Decision making</topic><topic>Decision trees</topic><topic>High speed</topic><topic>Internet</topic><topic>Interpreters</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Processor Architectures</topic><topic>Programming Languages</topic><topic>Real time</topic><topic>Websites</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Rathore, M. Mazhar</creatorcontrib><creatorcontrib>Ahmad, Awais</creatorcontrib><creatorcontrib>Paul, Anand</creatorcontrib><collection>CrossRef</collection><jtitle>The Journal of supercomputing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Rathore, M. Mazhar</au><au>Ahmad, Awais</au><au>Paul, Anand</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Real time intrusion detection system for ultra-high-speed big data environments</atitle><jtitle>The Journal of supercomputing</jtitle><stitle>J Supercomput</stitle><date>2016-09-01</date><risdate>2016</risdate><volume>72</volume><issue>9</issue><spage>3489</spage><epage>3510</epage><pages>3489-3510</pages><issn>0920-8542</issn><eissn>1573-0484</eissn><abstract>In recent years, the number of people using the Internet and network services is increasing day by day. On a daily basis, a large amount of data is generated over the Internet from zeta byte to petabytes with a very high speed. On the other hand, we see more security threats on the network, the Internet, websites, and the enterprise network. Therefore, detecting intrusion in such ultra-high-speed environment in real time is a challenging task. Many intrusion detection systems (IDSs) are proposed for various types of network attacks using machine learning approaches. Most of them are unable to detect recent unknown attacks, whereas the others do not provide a real-time solution to overcome the above-mentioned challenges. Therefore, to address these problems, we propose a real-time intrusion detection system for ultra-high-speed big data environment using Hadoop implementation. The proposed system includes four-layered IDS architecture, which consists of the capturing layer, filtration and load balancing layer, processing or Hadoop layer, and the decision-making layer. Furthermore, feature selection scheme is proposed that selects nine parameters for classification using (FSR) and (BER), as well as from the analysis of DARPA datasets. In addition, five major machine learning approaches are used to evaluate the proposed system including J48, REPTree, random forest tree, conjunctive rule, support vector machine, and Naïve Bayes classifiers. Results show that among all these classifiers, REPTree and J48 are the best classifiers in terms of accuracy as well as efficiency. The proposed system architecture is evaluated with respect to accuracy in terms of true positive (TP) and false positive (FP), with respect to efficiency in terms of processing time and by comparing results with traditional techniques. It has more than 99 % TP and less than 0.001 % FP on REPTree and J48. The system has overall higher accuracy than existing IDSs with the capability to work in real time in ultra-high-speed big data environment.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11227-015-1615-5</doi><tpages>22</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0920-8542
ispartof The Journal of supercomputing, 2016-09, Vol.72 (9), p.3489-3510
issn 0920-8542
1573-0484
language eng
recordid cdi_proquest_journals_1880879120
source SpringerNature Journals
subjects Accuracy
Architecture
Artificial intelligence
Bayesian analysis
Big Data
Classifiers
Compilers
Computer Science
Cybersecurity
Data management
Decision making
Decision trees
High speed
Internet
Interpreters
Intrusion detection systems
Machine learning
Processor Architectures
Programming Languages
Real time
Websites
title Real time intrusion detection system for ultra-high-speed big data environments
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T01%3A49%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Real%20time%20intrusion%20detection%20system%20for%20ultra-high-speed%20big%20data%20environments&rft.jtitle=The%20Journal%20of%20supercomputing&rft.au=Rathore,%20M.%20Mazhar&rft.date=2016-09-01&rft.volume=72&rft.issue=9&rft.spage=3489&rft.epage=3510&rft.pages=3489-3510&rft.issn=0920-8542&rft.eissn=1573-0484&rft_id=info:doi/10.1007/s11227-015-1615-5&rft_dat=%3Cproquest_cross%3E1880879120%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1880879120&rft_id=info:pmid/&rfr_iscdi=true