Intrusion detection system in commands sequences applying one versus rest methodology

Abstract

The main objective of this work is to develop an intrusion detection algorithm in commands sequences. These sequences are based on user behavior applying in several classification techniques. This algorithm allows obtaining a precision in the identification of fraudulent activities. To develop this algorithm, we have worked with a public database called Unix Commands. In addition, the model applies multiple machine learning techniques such as decision tree C4.5, UCS, and Multilayer Neural Network. In this paper we use two forms for data classification, the first form will be to use the entire dataset with the 7 users, but the difference is that the model applies 5 commands or 16 commands. The model identifies the information of a user and the labeled as normal, otherwise, the user is labeled as an intruder (5 commands - 2 classes, 16 commands - 2 classes). The second form uses the dataset by sequential discrimination (discrimination in form of a decision tree). This methodology is used in the multiclass classification called one versus rest (OVR) (5 commands-OVR, 16 commands-OVR). The algorithm has obtained optimal results in the classification and a low false positive rate. © 2018 AISTI.