Anomaly Detection Using Gaussian Mixture Probability Model to Implement Intrusion Detection System | SpringerLink
Skip to main content
Springer Nature Link
Log in

Anomaly Detection Using Gaussian Mixture Probability Model to Implement Intrusion Detection System

  • Conference paper
  • First Online:
Hybrid Artificial Intelligent Systems (HAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11734))

Included in the following conference series:

Abstract

Network intrusion detection systems (NIDS) detect attacks or anomalous network traffic patterns in order to avoid cybersecurity issues. Anomaly detection algorithms are used to identify unusual behavior or outliers in the network traffic in order to generate alarms. Traditionally, Gaussian Mixture Models (GMMs) have been used for probabilistic-based anomaly detection NIDS. We propose to use multiple simple GMMs to model each individual feature, and an asymmetric voting scheme that aggregates the individual anomaly detectors to provide. We test our approach using the NSL dataset. We construct the normal behavior models using only the samples labelled as normal in this dataset and evaluate our proposal using the official NSL testing set. As a result, we obtain a F1-score over 0.9, outperforming other supervised and unsupervised proposals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Chalmers University of Technology, Tech. rep. (2000)

    Google Scholar 

  2. Bahrololum, M., Khaleghi, M.: Anomaly intrusion detection system using Gaussian mixture model. In: 2008 Third International Conference on Convergence and Hybrid Information Technology, November 2008, vol. 1, pp. 1162–1167. https://doi.org/10.1109/ICCIT.2008.17

  3. Barkan, O., Averbuch, A.: Robust mixture models for anomaly detection. In: 2016 IEEE 26th International Workshop on Machine Learning for Signal Processing (MLSP), September 2016, pp. 1–6. https://doi.org/10.1109/MLSP.2016.7738885

  4. Breunig, M.M., Kriegel, H., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers. In: Chen, W., Naughton, J.F., Bernstein, P.A. (eds.) Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, 16–18 May 2000, Dallas, Texas, USA, pp. 93–104. ACM (2000). https://doi.org/10.1145/342009.335388

  5. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987). https://doi.org/10.1109/TSE.1987.232894

    Article  Google Scholar 

  6. Domingues, R., Filippone, M., Michiardi, P., Zouaoui, J.: A comparative evaluation of outlier detection algorithms: experiments and analyses. Pattern Recogn. 74, 406–421 (2018)

    Article  Google Scholar 

  7. Dromard, J., Roudière, G., Owezarski, P.: Online and scalable unsupervised network anomaly detection method. IEEE Trans. Netw. Serv. Manage. 14(1), 34–47 (2017). https://doi.org/10.1109/TNSM.2016.2627340

    Article  Google Scholar 

  8. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Tech. rep., Los Alamos National Lab., NM, United States, New Mexico University, Albuquerque (1990)

    Google Scholar 

  9. Hock, D., Kappes, M.: A self-learning network anomaly detection system using majority voting. In: Dowland, P., Furnell, S., Ghita, B.V. (eds.) Proceedings Tenth International Network Conference, INC 2014, Plymouth, UK, 8–10 July 2014, pp. 59–69. Plymouth University (2014). http://www.cscan.org/openaccess/?paperid=225

  10. Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004). https://doi.org/10.1007/s10462-004-4304-y

    Article  MATH  Google Scholar 

  11. Kdd cup 1999, October 2007. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  12. Kim, J., Scott, C.D.: Robust kernel density estimation. J. Mach. Learn. Res. 13(1), 2529–2565 (2012). http://dl.acm.org/citation.cfm?id=2503308.2503323

    MathSciNet  MATH  Google Scholar 

  13. Kukielka, P., Kotulski, Z.: Analysis of neural networks usage for detection of a new attack in IDS. Ann. UMCS Inf. 10(1), 51–59 (2010)

    Google Scholar 

  14. Liu, D., Lung, C., Lambadaris, I., Seddigh, N.: Network traffic anomaly detection using clustering techniques and performance comparison. In: 2013 26th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), May 2013, pp. 1–4. https://doi.org/10.1109/CCECE.2013.6567739

  15. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE Stream (2015)

    Google Scholar 

  16. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. A Global Perspect. 25(1–13), 1–14 (2016)

    Google Scholar 

  17. NSL-KDD data set for network-based intrusion detection systems, March 2009. http://nsl.cs.unb.ca/NSL-KDD/

  18. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  19. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Tech. 2(12), 1848–1853 (2013)

    Google Scholar 

  20. Reynolds, D.D.: Gaussian Mixture Models. In: Li, S.Z., Jain, A. (eds.) Encyclopedia of Biometrics. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-73003-5

    Chapter  Google Scholar 

  21. Shahreza, M.L., Moazzami, D., Moshiri, B., Delavar, M.: Anomaly detection using a self-organizing map and particle swarm optimization. Scientia Iranica 18(6), 1460–1468 (2011). https://doi.org/10.1016/j.scient.2011.08.025

    Article  Google Scholar 

  22. Zhang, R., Zhang, S., Muthuraman, S., Jiang, J.: One class support vector machine for anomaly detection in the communication network performance data. In: Proceedings of the 5th Conference on Applied Electromagnetics, Wireless and Optical Communications, pp. 31–37. ELECTROSCIENCE’07, World Scientific and Engineering Academy and Society (WSEAS), Stevens Point (2007)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the Spanish Ministry of Economy and Competitiveness under contracts TIN-2015-65277-R, AYA2015-65973-C3-3-R and RTC-2016-5434-8.

Author information

Authors and Affiliations

  1. LSI-Universidad Politecnica de Madrid, Madrid, Spain

    Roberto Blanco, Pedro Malagón, Samira Briongos & José M. Moya

  2. CCS-Center for Computational Simulation, Madrid, Spain

    Roberto Blanco, Pedro Malagón, Samira Briongos & José M. Moya

Authors
  1. Roberto Blanco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pedro Malagón
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Samira Briongos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José M. Moya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pedro Malagón .

Editor information

Editors and Affiliations

  1. University of León, León, Spain

    Hilde Pérez García

  2. University of León, León, Spain

    Lidia Sánchez González

  3. University of León, León, Spain

    Manuel Castejón Limas

  4. University of A Coruña, Ferrol, Spain

    Héctor Quintián Pardo

  5. University of Salamanca, Salamanca, Spain

    Emilio Corchado Rodríguez

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Blanco, R., Malagón, P., Briongos, S., Moya, J.M. (2019). Anomaly Detection Using Gaussian Mixture Probability Model to Implement Intrusion Detection System. In: Pérez García, H., Sánchez González, L., Castejón Limas, M., Quintián Pardo, H., Corchado Rodríguez, E. (eds) Hybrid Artificial Intelligent Systems. HAIS 2019. Lecture Notes in Computer Science(), vol 11734. Springer, Cham. https://doi.org/10.1007/978-3-030-29859-3_55

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29859-3_55

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29858-6

  • Online ISBN: 978-3-030-29859-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation