Abstract:
This research presents Intrusion Detection Technique using Hypothesis Testing method with the aim of developing hypothesis system to classify various Denial of Service (DoS) attacks and normal traffic on Knowledge Discovery and Data Mining 1999 (KDD ’99) dataset. Gain Ratio and Principal Component Analysis (PCA) were used to extract significant attributes among the forty-one (41) attributes of KDD ’99 dataset to thirteen (13).
The Decision Tree Algorithm was adopted in this research work and the training data were run on it to generate rules. The rules generated when the training data were passed into the algorithm were coded and the mean of each rule was determined. The computed mean was later used to develop statistical hypothesis testing system to classify the attacks. The performance of Hypothesis Testing System was measured based on the result generated from the Test data using the following metrics: Classification Rate, Average Accuracy, Average Reliability, Overall Accuracy, Detection Rate and False Alarm Rate.
The performance comparison of this approach and other approach was also carried out. The result clearly showed that the Classification Rate (CR) of Decision Tree method and Decision Tree combined with Hypothesis Testing method were 93.57 and 99.90 respectively. The Detection Rate (DR) of Decision Tree method was 91.73 while that of Decision Tree method with Hypothesis Testing method was 97.93. Also, the False Alarm Rate (FAR) of Decision Rate and Decision Tree combined with Hypothesis Testing method was 10.74 and 10.78 respectively. Experimental results show that Hypothesis testing show better classification. It was observed that few hypotheses were eliminated because they were never used, some hypotheses had few evidences to support them and were rejected while those with reasonable evidences were accepted; this led to reduction in the rules for forming hypotheses.Tools for implementation include C-Sharp and DotNet framework.
This work has showed that using than more one extraction techniques and also combining two techniques would not only improve the detection rate but also lead to proper monitoring within a network
