الملخص الإنجليزي
Computer networks are part of our daily life. They have brought different benefits to people in various areas of their daily lives, such as in business, e-education, e- commerce. At the same time, securing networks became very critical due to continuous appearance of attacks and increasing number of internet users. Therefore, network security is one of the most important topics in computer network, which involves detecting and preventing various attacks like viruses, worms, trojan horses, that may be harmful for network systems. Finding, classifying and preventing attacks are ensured by what is called Intrusion Detection System (IDS). Traditionally, IDS relies on the behavior of network patterns where the signatures of known attacks are stored in specified databases, and the process of intrusion detection is achieved by matching the traffic pattern against the stored signatures which is causing databases to be constantly updated. Alternatively, Anomaly-based IDS is mainly based on the use of machine learning to create a model of trustworthy (normal) activity, and then compares detected behavior against this model.
A number of models have been proposed in the literature to detect attacks in networks. In this thesis, we proposed and evaluated a new machine learning technique, a matched filter model, for network intrusion detection. We studied the performance of the matched filter in binary classification using NSL-KDD dataset. Moreover, the performance of the proposed matched filter model has been compared with other machine learning techniques proposed by researchers on the same benchmark dataset. The experimental results show that the matched filter model achieves high accuracy results and its performance outperforms many other traditional machine learning methods in binary classification. The filter model also consumes the least time in both training and testing phases among other classification models considered in this study.
