Anomaly Detection Using Gaussian Mixture Probability Model to Implement Intrusion Detection System

Roberto Blanco; Pedro José Malagón Marzo; Samira Briongos Herrero; José Manuel Moya Fernández

Ayuda

Anomaly Detection Using Gaussian Mixture Probability Model to Implement Intrusion Detection System

Roberto Blanco ^[1] ^[2] ; Pedro Malagón ^[1] ^[2] ; Samira Briongos ^[1] ^[2] ; Moya, José M. ^[1] ^[2]
1. [1] Universidad Politécnica de Madrid
  
  Universidad Politécnica de Madrid
  
  Madrid, España
2. [2] Center for Computational Simulation (CCS, Madrid)
Localización: Hybrid Artificial Intelligent Systems. 14th International Conference, HAIS 2019: León, Spain, September 4–6, 2019. Proceedings / coord. por Hilde Pérez García, Lidia Sánchez González, Manuel Castejón Limas, Héctor Quintián Pardo, Emilio Santiago Corchado Rodríguez, 2019, ISBN 978-3-030-29858-6, págs. 648-659
Idioma: inglés
Enlaces
- Texto completo
Resumen
- Network intrusion detection systems (NIDS) detect attacks or anomalous network traffic patterns in order to avoid cybersecurity issues. Anomaly detection algorithms are used to identify unusual behavior or outliers in the network traffic in order to generate alarms. Traditionally, Gaussian Mixture Models (GMMs) have been used for probabilistic-based anomaly detection NIDS. We propose to use multiple simple GMMs to model each individual feature, and an asymmetric voting scheme that aggregates the individual anomaly detectors to provide. We test our approach using the NSL dataset. We construct the normal behavior models using only the samples labelled as normal in this dataset and evaluate our proposal using the official NSL testing set. As a result, we obtain a F1-score over 0.9, outperforming other supervised and unsupervised proposals.