Système de Détection D'intrusions Informatiques et la selection des caractéristiques

Abstract

The fast expanding of computer networks over the past decade has resulted in a dramatic increase in the number of attacks and intrusions. Security has become a crucial problem for computer systems. One of the important ways to achieve high security in computer networks is by intrusion detection systems. Several machine learning approaches have been proposed to develop intrusion detection systems that aim to increase accuracy and decrease the rate of false positives. These approaches, unfortunately don’t take the factor of time into account. This makes their systems unable to operate in real-time networks. The objective of our work is to achieve a network-based intrusion detection system while maximizing detection rates and reducing computing time without loss of information. In order to achieve this objective, we first apply the algorithm of the k Nearest Neighbours (KNN). This algorithm is time-consuming ; therefore, we apply in a second time the algorithm of the Condensed Nearest Neighbours (CNN). It consists mainly to reduce the learning data set which considerably reduces the computation time. To further contribute to reach our goal we reduced the number of attributes in the data sets packages by selecting the most relevant characteristics. In order to simulate our SDIRs, we used a Multi-agent system (MAS). This paradigm allows physical distribution and expertise, which in turn contributes to reducing execution time. Experimental test has been done on e NSL-KDD dataset, an improved version of the KDD 99 data set. The obtained results indicate that our proposed approaches MAS-KNN and MAS-CNN give a good detection rates. In terms of computation time, the MAS-CNN approach is faster than MAS-KNN. It is than more suitable for deployment in real-time network monitoring and intrusion detection analysis.