An Improved Malicious Behaviour Detection Via k-Means and Decision Tree
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2016, Vol 7, Issue 12
Abstract
Data Mining algorithm which is applied as an anomaly detection system has been considered as one of the essential techniques in malicious behaviour detection. Unfortunately, such detection system is known for its inclination in detecting a cyber-malicious activity more accurately (i.e. maximizing malicious and non-malicious behaviours detection) and has become a persistent limitation in the deployment of intrusion detection systems. Consequently, these constraints will affect a number of important performance factors such as the accuracy, detection rate and false alarms. In this research, KMDT proposed as an anomaly detection model that utilized k-means clustering and decision tree classifier to maximize the detection of malicious behaviours by scrutinizing packet headers. The k-means clustering employed for labelling and plots the whole behaviours into identical cluster, which characterized the behaviours into suspicious or non-suspicious composition. Subsequently, these dissimilar clustered behaviours are reordered within two classes of types such as malicious and non-malicious via decision tree classifier. KMDT is a profitable finding which improved the anomaly detection performance in identifying suspicious and non-suspicious behaviours as well as characterizes it into malicious and non-malicious behaviours more accurately. These criteria have been validated by the result from the experiments throughout banking system environment dataset 2016. KMDT have detected more malicious behaviours accurately as contrast to discrete and diversely combined methods.
Authors and Affiliations
Warusia Yassin, Siti Rahayu, Faizal Abdollah, Hazlin Zin
Keywords
Related Articles
- EP ID EP397312
- DOI 10.14569/IJACSA.2016.071227
- Views 77
- Downloads 0
NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications
A NoSQL injection attack targets interactive Web applications that employ NoSQL database services. These applications accept user inputs and use them to form query statements at runtime. During NoSQL injection attack, an...
OSPF vs EIGRP: A Comparative Analysis of CPU Utilization using OPNET
Routing is difficult in enterprise networks because a packet might have to traverse many intermediary nodes to reach the final destination. The selection of an appropriate routing protocol for a large network is difficul...
A Modified Feistel Cipher Involving Modular Arithmetic Addition and Modular Arithmetic Inverse of a Key Matrix
In this investigation, we have modified the Feistel cipher by taking the plaintext in the form of a pair of square matrices. Here we have introduced the operation multiplication with the key matrices and the modular arit...
A Novel Design for XOR Gate used for Quantum-Dot Cellular Automata (QCA) to Create a Revolution in Nanotechnology Structure
Novel digital technologies always lead to high density and very low power consumption. One of these concepts is Quantum-dot Cellular Automata (QCA), which is one of the new emerging nanotechnology-based on Coulomb repuls...
Secure user Authentication and File Transfer in Wireless Sensor Network using Improved AES Algorithm
The WSN technology is a highly efficient and effective way of gathering highly sensitive information and is often deployed in mission-critical applications, which makes the security of its data transmission of vital sign...