Machine Learning Techniques for Anomalies Detection and Classification

  • Amira Sayed Abdel-Aziz
  • Aboul Ella Hassanien
  • Ahmad Taher Azar
  • Sanaa El-Ola Hanafi
Part of the Communications in Computer and Information Science book series (CCIS, volume 381)


Malicious users are always trying to intrude the information systems, taking advantage of different system vulnerabilities. As the Internet grows, the security limitations are becoming more crucial, facing such threats. Intrusion Detection Systems (IDS) are a common protecting systems that is used to detect malicious activity from inside and outside users of a system. It is very important to increase detection accuracy rate as possible, and get more information about the detected attacks, as one of the drawbacks of an anomaly IDS is the lack of detected attacks information. In this paper, an IDS is built using Genetic Algorithms (GA) and Principal Component Analysis (PCA) for feature selection, then some classification techniques are applied on the detected anomalies to define their classes. The results show that J48 mostly give better results than other classifiers, but for certain attacks Naive Bayes give the best results.


Intrusion Detection Intrusion Detection System Network Intrusion Detection Decision Tree Learning Minkowski Distance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Murali, A., Roa, M.: A survey on intrusion detection approaches. In: First International Conference on Information and Communication Technologies, ICICT, pp. 233–240 (2005)Google Scholar
  2. 2.
    Garcia-Teodora, P., Díaz-Verdejo, J., Maciá–Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28(1-2), 18–28 (2009)CrossRefGoogle Scholar
  3. 3.
    Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafi, S.E.O.: Continuous Features Discretizaion for Anomaly Intrusion Detectors Generation. In: WSC17 2012 Online Conference on Soft Computing in Industrial Applications (2012)Google Scholar
  4. 4.
    Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proceedings of the Third SIAM International Conference on Data Mining, vol. 3, pp. 25–36. SIAM (2003)Google Scholar
  5. 5.
    Brown, D.J., Suckow, B., Wang, T.: A Survey of Intrusion Detection Systems. TU Vienna, Austria (2000)Google Scholar
  6. 6.
    Jolliffe, I.T.: Principal component analysis, p. 487. Springer, New York (1986)CrossRefGoogle Scholar
  7. 7.
    Lindsay, I.S.: A tutorial on principal components analysis. Cornell University, Ithaca (2002)Google Scholar
  8. 8.
    Tang, D.H., Cao, Z.: Machine Learning-based Intrusion Detection Algorithms. Journal of Computational Information Systems 5(6), 1825–1831 (2009)Google Scholar
  9. 9.
    Tran, T.P., Tsai, P., Jan, T., He, X.: Machine Learning Techniques for Network Intrusion Detection. Dynamic and Advanced Data Mining for Progressing Technological Development: Innovations and Systemic Approaches (2010)Google Scholar
  10. 10.
    Khoshgoftaar, T.M., Gao, K., Ibrahim, N.H.: Evaluating indirect and direct classification techniques for network intrusion detection. Intelligent Data Analysis 9(3), 309–326 (2005)Google Scholar
  11. 11.
    Kotsiantis, S.B.: Supervised Machine Learning: A Review of Classification Techniques. Informatica 31, 249–268 (2007)MathSciNetzbMATHGoogle Scholar
  12. 12.
    Joshi, M.: Classification, Clustering, and Intrusion Detection Systems. International Journal of Engineering Research and Applications (IHERA) 2(2), 961–964 (2012)Google Scholar
  13. 13.
    Zhang, H.: The optimality of naive Bayes. In: Proceedings of the FLAIRS Conference, vol. 1(2), pp. 3–9 (2004)Google Scholar
  14. 14.
    Caruana, R., Niculescu-Mizil, A.: An empirical comparison of supervised learning algorithms. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 161–168. ACM (2006)Google Scholar
  15. 15.
    Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Mitchell, T.M.: Machine learning. McGraw Hill, Burr Ridge (1997)Google Scholar
  17. 17.
    Shi, H.: Best-first decision tree learning. PhD dissertation, The University of Waikato (2007)Google Scholar
  18. 18.
    Michie, D., Spiegelhalter, D.J., Taylor, C.C.: Machine learning, neural and statistical classification (1994)Google Scholar
  19. 19.
    NSL-KDD Intrusion Detection data set,
  20. 20.
    Aziz, A.S.A., Salama, M.A., Hassanien, A.E., Hanafi, S.E.O.: Artificial Immune System Inspired Intrusion Detection System Using Genetic Algorithm. In: Chojnacki, A. (Guest ed.): Special Issue: Advances in Network Systems, vol. 36, pp. 347–357 (2012)Google Scholar
  21. 21.
    Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Genetic Algorithm with Different Feature Selection Techniques for Anomaly Detectors Generation. In: Federated Conference on Computer Science and Information Systems (FedCSIS 2013). IEEE (submitted, 2013)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Amira Sayed Abdel-Aziz
    • 1
  • Aboul Ella Hassanien
    • 2
  • Ahmad Taher Azar
    • 3
  • Sanaa El-Ola Hanafi
    • 2
  1. 1.Université Française d’ÉgypteCairoEgypt
  2. 2.Faculty of Computers and InformationCairo UniversityEgypt
  3. 3.Faculty of Computers and InformationBenha UniversityEgypt

Personalised recommendations