Browse > Article
http://dx.doi.org/10.3837/tiis.2018.11.022

Intrusion Detection System Modeling Based on Learning from Network Traffic Data  

Midzic, Admir (Faculty of Electrical Engineering, Campus of the University of Sarajevo)
Avdagic, Zikrija (Faculty of Electrical Engineering, Campus of the University of Sarajevo)
Omanovic, Samir (Faculty of Electrical Engineering, Campus of the University of Sarajevo)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.12, no.11, 2018 , pp. 5568-5587 More about this Journal
Abstract
This research uses artificial intelligence methods for computer network intrusion detection system modeling. Primary classification is done using self-organized maps (SOM) in two levels, while the secondary classification of ambiguous data is done using Sugeno type Fuzzy Inference System (FIS). FIS is created by using Adaptive Neuro-Fuzzy Inference System (ANFIS). The main challenge for this system was to successfully detect attacks that are either unknown or that are represented by very small percentage of samples in training dataset. Improved algorithm for SOMs in second layer and for the FIS creation is developed for this purpose. Number of clusters in the second SOM layer is optimized by using our improved algorithm to minimize amount of ambiguous data forwarded to FIS. FIS is created using ANFIS that was built on ambiguous training dataset clustered by another SOM (which size is determined dynamically). Proposed hybrid model is created and tested using NSL KDD dataset. For our research, NSL KDD is especially interesting in terms of class distribution (overlapping). Objectives of this research were: to successfully detect intrusions represented in data with small percentage of the total traffic during early detection stages, to successfully deal with overlapping data (separate ambiguous data), to maximize detection rate (DR) and minimize false alarm rate (FAR). Proposed hybrid model with test data achieved acceptable DR value 0.8883 and FAR value 0.2415. The objectives were successfully achieved as it is presented (compared with the similar researches on NSL KDD dataset). Proposed model can be used not only in further research related to this domain, but also in other research areas.
Keywords
intrusion detection; learning from data; clustering; classification;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 A. Lazarevic, V. Kumar, J. Srivastava , "Intrusion Detection: A Survey," Managing Cyber Threats-Issues, Approaches, and Challenges, Springer: pp. 19-80, 2005.
2 W. Lee, S. Stolfo, K. Mok, "Adaptive Intrusion Detection: A Data Mining Approach," Artificial Intelligence Review , vol. 14, no. 6, pp. 533-567, 2000.   DOI
3 AK Jones, RS Sielken, "Computer system intrusion detection: A survey," University of Virginia. Technical Report, p. 25, 2000.
4 J.P. Anderson, "Computer security threat monitoring and surveillance," James P. Anderson Co. Fort Washington, PA, 1980.
5 D. E. Denning, "An Intrusion-Detection Model," IEEE Transactions on Software Engineering, IEEE, vol. 13, no. 2, 1986.
6 T. F. Lunt, R. Jagannathan, R. Lee, S. Listgarten, D. L. Edwards, P. G. Neumann, et. al. "IDES: The enhanced prototype a real-time intrusion-detection expert system," Computer Science Laboratory SRI INTERNATIONAL, p. 88, 1988.
7 G. Pang, K M. Ting, D. Albrecht, H. Jin., " ZERO++: Harnessing the Power of Zero Appearances to Detect Anomalies in Large-Scale Data Sets," Journal of Artificial Intelligence Research, vol. 57, pp. 593-620, 2016.   DOI
8 J. Z. Lei, A. Ghorbani, "Network intrusion detection using an improved competitive learning neural network," in Proc. of IEEE Proceedings Second Annual Conference on Communication Networks and Services Research, IEEE, pp. 190-197, 2004.
9 F. Geramiraz, A.S. Memaripour, M. Abbaspour, "Adaptive anomaly-based intrusion detection system using fuzzy controller," International Journal of Network Security, vol. 14, no. 6, pp.352-361, 2012.
10 T. Kohonen, "Essentials of the self-organizing map," Neural Networks, Elsevier, vol. 37, pp. 52-65, 2013.   DOI
11 H. G. Kayacik, A. Zincir-Heywood, M. I. Heywood "A hierarchical SOM based intrusion detection system," Engineering Applications of Artificial Intelligence, Elsevier, vol. 20, no. 4, pp. 439-451, 2007.   DOI
12 Y. Yang, D. Jiang, M. Xia, "Using improved GHSOM for intrusion detection," Journal of Information Assurance and Security, vol. 5, pp. 232-239, 2010.
13 A. N. Toosi, M. Kahani, "A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers," Computer Communications, Elsevier, vol. 30, no. 10, pp. 2201-2212, 2007.   DOI
14 B. Kavitha, S. Karthikeyan, P. S. Maybell "An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier," Knowledge-Based Systems, Elsevier, vol. 28, pp. 88-96, 2011.
15 G. Wang, J. Hao, J. Ma, L. Huang "A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering," Expert Systems with Applications, Elsevier, vol. 37, no. 9, pp. 6225-6232, 2010.   DOI
16 L. DeLooze, J. Kalita, "Applying soft computing techniques to intrusion detection," Cyber Security and Information Infrastructure Research Workshop, pp. 70-99, 2006.
17 L. Dhanabal, S. P. Shantharajah "A study on NSL-KDD dataset for intrusion detection system based on classification algorithms," International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-552, 2015.
18 M. Jazzar, A. Jantan "A novel soft computing inference engine model for intrusion detection", IJCSNS International Journal of Computer Science and Network Security, vol. 8, no. 4, pp. 1-9, 2008.
19 M. Pandaa, A. Abraham, M. R. Patra "A hybrid intelligent approach for network intrusion detection," Procedia Engineering, Elsevier, vol. 30, pp. 1-9, 2012.
20 R. A. R. Ashfaq, X. Wang , J. Z. Huang, H. Abbas , Y. L. He "Fuzziness based semi-supervised learning approach for intrusion detection system," Information Sciences, Elsevier, vol. 378, pp. 484-497, 2017.   DOI
21 S. Elhag, A. Fernandez, A. Bawakid, S. Alshomrani, F. Herrera "On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems," Expert Systems with Applications, Elsevier, vol. 42, no.1, pp. 193-202, 2015.   DOI
22 Z. Jian-Hua, LI Wei-Hua, "Intrusion detection based on improved SOM with optimized GA," JOURNAL OF COMPUTERS, vol. 8, no. 6, pp. 1456-1463, 2013.
23 V. Venkatachalam, S.Selvan, "Intrusion detection using an improved competitive learning lamstar neural network," International Journal of Computer Science and Network Security, vol. 7, no. 2, pp. 255-26, 2007.
24 P. Aggarwal, S. K. Sharma, "Analysis of KDD dataset attributes - class wise for intrusion detection," in Proc. of 3rd International Conference on Recent Trends in Computing 2015 Procedia Computer Science, Elsevier, vol. 57, pp. 842-851, 2015.
25 P. Lichodzijewski, A. Nur Zincir-Heywood, M. I. Heywood, "Host-based intrusion detection using Self-Organizing Maps," in Proc. of IJCNN '02. Proceedings of the International Joint Conference on Neural Networks, IEEE, vol. 2, pp. 1714-1719, 2002.
26 A. Midzic, Z. Avdagic and S. Omanovic, "Intrusion detection system modeling based on neural networks and fuzzy logic," in Proc. of 2016 IEEE 20th Jubilee International Conference on Intelligent Engineering Systems (INES), IEEE, pp. 189-194, 2016.
27 I. Levin, "KDD-99 Classifier Learning Contest LLSoft's Results Overview," SIGKDD Explorations, vol. 1, no. 2, pp. 67-75, 2000.   DOI
28 Z. Avdagic, A. Midzic, "The effects of combined application of SOM, ANFIS and Subtractive Clustering in detecting intrusions in computer networks," MIPRO 2014, IEEE,. pp. 1582-1587., 2014.
29 J. McHugh, "Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science," Springer, Berlin, pp. 145-161, 2000.
30 S. Revathi, A. Malathi "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection," International Journal of Engineering Research & Technology (IJERT) 2(12):pp. 1848-1853. 2013.
31 S. Duque, M. N. Omar. "Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS)," Procedia Computer Science, Elsevier, vol. 61, pp. 46-51, 2015.   DOI
32 J. Lee, D. Park and C. Lee, "Feature Selection Algorithm for Intrusions Detection System using Sequential Forward Search and Random Forest Classifier," KSII Transactions on Internet and Information systems, vol. 11, no. 10, pp.5132-5148, 2017.   DOI
33 N. V. Chawla, K. W. Bowyer, L. O., W. P. Kegelmeyer. "SMOTE: Synthetic Minority Over-sampling Technique," Journal of Artificial Intelligence Research, vol. 16, pp. 321-357 2002.   DOI
34 J. Vesanto, E. Alhoniemi, "Clustering of the Self Organizing Map," IEEE Transactions on Neural Networks, IEEE, vol. 11, no. 3, pp. 556 - 500, 2000
35 G. M. Weiss, F. Provost "Learning When Training Data are Costly: The Effect of Class Distribution on Tree Induction," Journal of Artificial Intelligence Research, vol. 19, pp. 315-354, 2003.   DOI
36 NSL KDD Dataset [Internet]:
37 P. Nagarajan, G. Perumal, "A Neuro Fuzzy Based Intrusion Detection System for a Cloud Data Center Using Adaptive Learning," The Journal of Institute of Information and Communication Technologies of Bulgarian Academy of Sciences, vol. 15, no. 3, pp. 88-103, 2015.
38 B. Mukherjee, L. T. Heberlein, Karl N. Levitt "Network intrusion detection," IEEE Network, May/June: pp. 26-41, 1994.
39 J. McHugh, "Intrusion and intrusion detection," International Journal of Information Security, vol. 1, no. 1, pp. 14-35, 2001.   DOI
40 E. H. Spafford, D. Zamboni, "Intrusion detection using autonomous agents," Computer Networks, Elsevier, vol. 34, no. 4, pp. 547-570, 2000.   DOI
41 S. Chebrolu, A. Abraham, J. P. Thomas, "Feature deduction and ensemble design of intrusion detection systems," Journal Computers and Security, Elsevier, vol. 24, no. 4, pp. 295-307. 2005.   DOI
42 C. Modi, D. Patel, H. Patel, B. Borisaniya, H. Patel, A. Patel, M. Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications, Elsevier, vol. 36, no. 1, pp. 42-57, 2013.   DOI
43 K. A. Scarfone, P. M. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)," Recommendations of the National Institute of Standards and Technology, 2007.
44 H. Debar, M. Dacier, A. Wespi "Towards a taxonomy of intrusion detection systems," Computer Networks, Elsevier, vol. 31, no. 8., pp. 805-822, 1999.   DOI