DNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm

The dependability of an Intrusion Detection System (IDS) relies on two factors: ability to detect intrusions and survivability in hostile environments. Machine learningbased anomaly detection approaches are gaining increasing attention in the network intrusion detection community because of their intrinsic ability to discover novel attacks. This ability has become critical since the number of new attacks has kept growing in recent years. However, most of today’s anomaly-based IDSs generate high false positive rates and miss many attacks because of a deficiency in their ability to discriminate attacks from legitimate behaviors. These unreliable results damage the dependability of IDSs. In addition, even if the detection method is sound and effective, the IDS might still be unable to deliver detection service when under attack. With the increasing importance of the IDS, some attackers attempt to disable the IDS before they launch a thorough attack. In this thesis, we propose a Dependable Network Intrusion Detection System (DNIDS) based on the Combined Strangeness and Isolation measure K-Nearest Neighbor (CSI-KNN) algorithm. The DNIDS can effectively detect network intrusions while providing continued service even under attacks. The intrusion detection algorithm analyzes different characteristics of network data by employing two measures: