DOI QR코드

DOI QR Code

Anomaly-Based Network Intrusion Detection: An Approach Using Ensemble-Based Machine Learning Algorithm

  • Received : 2024.01.05
  • Published : 2024.01.30

Abstract

With the seamless growth of the technology, network usage requirements are expanding day by day. The majority of electronic devices are capable of communication, which strongly requires a secure and reliable network. Network-based intrusion detection systems (NIDS) is a new method for preventing and alerting computers and networks from attacks. Machine Learning is an emerging field that provides a variety of ways to implement effective network intrusion detection systems (NIDS). Bagging and Boosting are two ensemble ML techniques, renowned for better performance in the learning and classification process. In this paper, the study provides a detailed literature review of the past work done and proposed a novel ensemble approach to develop a NIDS system based on the voting method using bagging and boosting ensemble techniques. The test results demonstrate that the ensemble of bagging and boosting through voting exhibits the highest classification accuracy of 99.98% and a minimum false positive rate (FPR) on both datasets. Although the model building time is average which can be a tradeoff by processor speed.

Keywords

Acknowledgement

I would like to express my special thanks to my supervisor Dr. Syed Nadeem Ahsan as well as our Dean FEST Dr. Syed Kamran Raza, who gave me the golden opportunity to do this research, and I am very thankful specially to my parents and family members who always supported me.

References

  1. Ponemon Institute and Hewlett Packard Enterprise "2015 Cost of Cyber Crime Study: Global" Research Department 2308 US 31 North Traverse City, Michigan 49629 USA 2015. Retrieved from http://www8. hp.com/us/en/softwaresolutions/ponemon-cyber-security-report/ (accessed 26 June, 2017)
  2. Heady, Richard, George Luger, Arthur Maccabe, and Mark Sevilla. "The architecture of a network-level intrusion detection system". No. LA-SUB-93-219. Los Alamos National Lab., NM (United States); New Mexico Univ., Albuquerque, NM (United States). Dept. of Computer Science, 1990. syst.
  3. M. N. Mohammad, N. Sulaiman, and O. A. Muhsin, "A novel intrusion detection system by using intelligent data mining in weka environment," Procedia Computer Science, vol. 3, pp. 1237-1242, 2011. https://doi.org/10.1016/j.procs.2010.12.198
  4. T. Shon and J. Moon, "A hybrid machine learning approach to network anomaly detection," Information Sciences, vol. 177, no. 18, pp. 3799-3821, 2007. https://doi.org/10.1016/j.ins.2007.03.025
  5. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems, and challenges," computers and security, vol. 28, no. 1-2, pp. 18-28, 2009. https://doi.org/10.1016/j.cose.2008.08.003
  6. Y. Bai and H. Kobayashi, "Intrusion detection systems: technology and development," in 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003., 2003: IEEE, pp. 710-715.
  7. V. Jyothsna, V. R. Prasad, and K. M. Prasad, "A review of anomaly-based intrusion detection systems," International Journal of Computer Applications, vol. 28, no. 7, pp. 26-35, 2011. https://doi.org/10.5120/3399-4730
  8. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009: IEEE, pp. 1-6.
  9. C.-H. Su, F. Tu, X. Zhang, B.-C. Shia, and T.-S. Lee, "A ensemble machine learning based system for merchant credit risk detection in merchant mcc misuse," Journal of Data Science, vol. 17, no. 1, 2019.
  10. Dietterich, Thomas G. "Ensemble methods in machine learning." In International workshop on multiple classifier systems, pp. 1-15. Springer, Berlin, Heidelberg, 2000.
  11. N. Sultana, N. Chilamkurti, W. Peng, and R. Alhadad, "Survey on SDN based network intrusion detection system using machine learning approaches," Peer-to-Peer Networking and Applications, vol. 12, no. 2, pp. 493-501, 2019. https://doi.org/10.1007/s12083-017-0630-0
  12. S. Zander, T. Nguyen, and G. Armitage, "Automated traffic classification and application identification using machine learning," in The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05) l, 2005: IEEE, pp. 250-257.
  13. D. Gaikwad and R. C. Thool, "Intrusion detection system using bagging ensemble method of machine learning," in 2015 International Conference on Computing Communication Control and Automation, 2015: IEEE, pp. 291-295.
  14. A. Tajbakhsh, M. Rahmati, and A. Mirzaei, "Intrusion detection using fuzzy association rules," Applied Soft Computing, vol. 9, no. 2, pp. 462-469, 2009. https://doi.org/10.1016/j.asoc.2008.06.001
  15. O. Al-Jarrah and A. Arafat, "Network Intrusion Detection System using attack behavior classification," in 2014 5th International Conference on Information and Communication Systems (ICICS), 2014: IEEE, pp. 1-6.
  16. S. K. Jonnalagadda and R. P. Reddy, "A literature survey and comprehensive study of intrusion detection," International Journal of Computer Applications, vol. 81, no. 16, pp. 40-47, 2013. https://doi.org/10.5120/14210-2458
  17. B. Biggio, G. Fumera, and F. Roli, "Security evaluation of pattern classifiers under attack," IEEE transactions on knowledge and data engineering, vol. 26, no. 4, pp. 984-996, 2013. https://doi.org/10.1109/TKDE.2013.57
  18. Y. Wang, Y. Shen, and G. Zhang, "Research on Intrusion Detection Model using ensemble learning methods," in 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2016: IEEE, pp. 422-425.
  19. P. Gogoi, B. Borah, and D. K. Bhattacharyya, "Network Anomaly identification using supervised classifier," Informatica, vol. 37, no. 1, 2013.
  20. Z. Liu, "A method of SVM with normalization in intrusion detection," Procedia Environmental Sciences, vol. 11, pp. 256-262, 2011. https://doi.org/10.1016/j.proenv.2011.12.040
  21. S. Peddabachigari, A. Abraham, and J. Thomas, "Intrusion detection systems using decision trees and support vector machines," International Journal of Applied Science and Computations, USA, vol. 11, no. 3, pp. 118-134, 2004.
  22. S. S. Dongre and K. K. Wankhade, "Intrusion detection system using new ensemble boosting approach," International Journal of Modeling and Optimization, vol. 2, no. 4, p. 488, 2012.
  23. J. Hu, X. Yu, D. Qiu, and H.-H. Chen, "A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection," IEEE network, vol. 23, no. 1, pp. 42-47, 2009. https://doi.org/10.1109/MNET.2009.4804323
  24. V. Timcenko and S. Gajin, "Ensemble classifiers for supervised anomaly based network intrusion detection," in the 2017 13th IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), 2017: IEEE, pp. 13-19.
  25. Salo, Fadi, Mohammad Noor Injadat, Abdallah Moubayed, Ali Bou Nassif, and Aleksander Essex. "Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection." In 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 276-281. IEEE, 2019.
  26. J. Brownlee. "Supervised and Unsupervised Machine Learning Algorithms." https://machinelearningmastery.com/supervised-andunsupervised-machine-learning-algorithms/ (accessed 20 June 2017).
  27. E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R. Atkinson, "Shallow and deep networks intrusion detection system: A taxonomy and survey," arXiv preprint arXiv:1701.02145, 2017.
  28. M. Zamani and M. Movahedi, "Machine learning techniques for intrusion detection," arXiv preprint arXiv:1312.2177, 2013.
  29. C. Chen, Y. Gong, and Y. Tian, "Semi-supervised learning methods for network intrusion detection," in 2008 IEEE International Conference on Systems, Man and Cybernetics, 2008: IEEE, pp. 2603-2608.
  30. L. Breiman, "Bagging predictors," Machine learning, vol. 24, no. 2, pp. 123-140, 1996. https://doi.org/10.1007/BF00058655
  31. J. A. Aslam, R. A. Popa, and R. L. Rivest, "On Estimating the Size and Confidence of a Statistical Audit," EVT, vol. 7, p. 8, 2007.
  32. Y. Freund and R. E. Schapire, "Experiments with a new boosting algorithm," in icml, 1996, vol. 96: Citeseer, pp. 148-156.
  33. E. Bauer and R. Kohavi, "An empirical comparison of voting classification algorithms: Bagging, boosting, and variants," Machine learning, vol. 36, no. 1-2, pp. 105-139, 1999. https://doi.org/10.1023/A:1007515423169
  34. Witten, Ian H., Eibe Frank, Mark A. Hall, and Christopher J. Pal. Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann, 2016.
  35. M. Aloqaily, S. Otoum, I. Al Ridhawi, and Y. Jararweh, "An intrusion detection system for connected vehicles in smart cities," Ad Hoc Networks, vol. 90, p. 101842, 2019.
  36. Amoozadeh, Mani, Arun Raghuramu, Chen-Nee Chuah, Dipak Ghosal, H. Michael Zhang, Jeff Rowe, and Karl Levitt. "Security vulnerabilities of connected vehicle streams and their impact on cooperative driving." IEEE Communications Magazine 53, no. 6 (2015): 126-132. https://doi.org/10.1109/MCOM.2015.7120028
  37. Sharma, Prinkle, Hong Liu, Honggang Wang, and Shelley Zhang. "Securing wireless communications of connected vehicles with artificial intelligence." In 2017 IEEE international symposium on technologies for homeland security (HST), pp. 1-7. IEEE, 2017.
  38. Rivoirard, Lucas, Martine Wahl, Patrick Sondi, Marion Berbineau, and Dominique Gruyer. "Chain-Branch-Leaf: A clustering scheme for vehicular networks using only V2V communications." Ad Hoc Networks 68 (2018): 70-84.  https://doi.org/10.1016/j.adhoc.2017.10.007