OCLEP+: One-Class Intrusion Detection Using Length of Patterns

Author

Sai Kiran Pentukar, Wright State University

Publication Date

2017

Document Type

Thesis

Committee Members

Guozhu Dong (Advisor), Bin Wang (Committee Member), Junjie Zhang (Committee Member)

Degree Name

Master of Science in Cyber Security (M.S.C.S.)

Abstract

In an earlier paper, a method called One-class Classification using Length statistics of (jumping) Emerging Patterns (OCLEP) was introduced for masquerader detection. Jumping emerging patterns (JEPs) for a test instance are minimal patterns that match the test instance but they do not match any normal instances. OCLEP was based on the observation that one needs long JEPs to differentiate an instance of one class from instances of the same class, but needs short JEPs to differentiate an instance of one class from instances of a different class. In this thesis, we present OCLEP+, One-class Classification using Length statistics of Emerging Patterns Plus by adding several new ideas to OCELP. OCLEP+ retains the one-class training feature of OCELP, hence it only requires the normal class data for training. Moreover, OCELP+ has the advantage of being not model or signature based, making it hard to evade. OCLEP+ uses only length statistics of JEPs, making it a robust method. Experiments show that OCELP+ is more accurate than OCLEP and one-class SVM, on the NSL-KDD datasets.

Page Count

35

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2017

Copyright

Copyright 2017, all rights reserved. My ETD will be available under the "Fair Use" terms of copyright law.