Reduce the False Positive and False Negative from Real Traffic with Intrusion Detection

ABSTRACT - In a typical network, the traffic through the network is heterogeneous and consists of flows from<br>multiple applications and utilities. Considering today threats in network there is yet not a single solution to<br>solve all the issues because the traditional methods of port-based and payload-based with machine learning<br>algorithm suffers from dynamic ports and encrypted application. Many international network equipment<br>manufactures like cisco, juniper also working to reduce these issues in the hardware side. Here this paper<br>presents a new approach considering the idea of service-based. This method is, in some sense, orthogonal to<br>current approaches and it can be used as an efficient complement to existing methods to reduce computation<br>and memory requirements. Experimental results on real traffic confirm that this method is extremely effective<br>and may improve considerably the accuracy of traffic classification, while it is suitable to a large number of<br>applications. Finally, it is also possible to adopt a service database built offline, possibly provided by a third<br>party and modeled after the signature database of antivirus programs, which in term reduce the work of<br>training procedure and over fitting of parameters in case of parametric classifier of supervised traffic<br>classification.<br>Index terms – network operations, security, traffic classification.