New Distributed Framework for Cyber Attack Detection and Classification
Abstract
With the fast growing cyber activity day by day, the threat from cyber attacks has increased enormously. The timely detection of these cyber attacks has been a major concern to many governments and organizations all over the world. A number of cyber attack detection systems have been developed in the past decade. However, most of them tend to suffer from two main issues: high computational complexity and low detection accuracy. In this thesis, a new distributed framework is proposed for cyber attack detection. Besides detecting the attacks, the proposed system also classifies the attacks into different categories so that corresponding proper counteraction can be taken in time. The proposed system uses multiple sensors which are deployed at various parts of the network, thus providing a complete view of the network. The traditional centralized processing approach, in which all the sensors transmit their entire data to a central decision making unit, has high computational complexity and requires huge bandwidth. Hence, the proposed system employs distributed processing, where each sensor processes the observed data and generates a local decision. All the local decisions from all the sensors are then transmitted to the fusion center, which generates a final decision based on all the available local decisions. At each sensor, multiple supervised binary classifiers are employed. Support vector machines, which are one of the best, are used as the classifiers. A new fast and efficient training approach for support vector machines is proposed, which greatly reduces the computational complexity of training the support vector machines without significantly affecting the classification performance. Effective fusion rules, at each sensor and at the fusion center, are proposed using the Dempster-Shafer theory. The proposed cyber attack detection system is evaluated using the popular 1999 KDD intrusion detection dataset, which is a version of the 1998 DARPA intrusion detection evaluation program data.
Collections
- OSU Theses [15752]