Smart Intrusion Detection System Comprised of Machine Learning and Deep Learning



Abstract Views
742

Downloads
629

Citations

Share

##plugins.themes.bootstrap3.article.sidebar##

Submitted Aug 30, 2020
Published Oct 8, 2020
10.24018/ejeng.2020.5.10.2128

Abstract viewed = 742 times

Table of Contents

##plugins.themes.bootstrap3.article.main##

In the present world, digital intruders can exploit the vulnerabilities of a network and are capable to collapse even a country. Attack in Estonia by digital intruders, attack in Iran's nuclear plant and intrusion of spyware in smart phone depicts the efficiency of attackers. Furthermore, centralized firewall system is not enough for ensuring a secured network. Hence, in the age of big data, where availability of data is huge and computation capability of PC is also high, there machine learning and network security have become two inseparable issues.

In this thesis, KDD Cup’99 intrusion detection dataset is used. Total 3, 11,030 numbers of records with 41 features are available in the dataset. For finding the anomalies of the network four machine learning methods are used like Classification and Regression Tree (CART), Random Forest, Naive Bayes and Multi-Layer Perception. Initially all 41 features are used to find out the accuracy. Among all the methods, Random Forest provides 98.547% accuracy in intrusion detection which is maximum, and CART shows maximum accuracy (99.086%) to find normal flow of data. Gradually selective 15 features were taken to test the accuracy and it was found that Random Forest is still efficient (accuracy 98.266%) in detecting the fault of the network. In both cases MLP found to be a stable method where accuracy regarding benign data and intrusion are always close to 95% (93.387%, 94.312% and 95.0075, 93.652% respectively).

Finally, an IDS model is proposed where Random Forest of ML method and MLP of DL method is incorporated, to handle the intrusion in a most efficient manner.

Keywords: Intrusion Detection System, CART, Random Forest, Naive Bayes, Back-Propagation based MLP

Downloads

Download data is not yet available.

References

  1. C. E. Land Wehr, A. R. Bull, J. P. McDermott, and W. S. Choi, “A taxonomy of computer program security flaws”, ACM Comput. Surv. vol. 26, no .3, pp. 211–254, 1994.
     Google Scholar
  2. Olanrewaju R F, Khan B U I, Anwar F, Khan AR, Shaikh FA, Mir MS. ''MANET– A cogitation of its design and security issues, ''Middle-East Journal of Scientific Research. 2016;24(10):3094−107.
     Google Scholar
  3. KhamphakdeeN, BenjamasN, SaiyodS. ''Network traffic data to ARFF converter for association rules technique of data mining,'' IEEE Conference on Open Systems (ICOS), IEEE;2014Oct.p.89−93.Crossref.
     Google Scholar
  4. Yu S C, Guo H, Yu G X, Jin X L, Zhang L N, Shao T J. ''The solution to how to select an optimal set of features from many features used to intrusion detection system in wireless sensor network.'' 2010 Second WRI Global Congress on Intelligent Systems (GCIS), IEEE; 2010 Dec.3.p.368−71.Crossref.
     Google Scholar
  5. Olanrewaju R F, Habaebi M H. ''Malicious behavior of node and its significant security techniques in MANET- A review,'' Australian Journal of Basic and Applied Sciences.2013;7(12):286−93.
     Google Scholar
  6. The history of intrusion detection systems (IDS) Part 1 Threat stack. Date accessed: 09/09/2015.https://www.threatstack.com/blog/the-history-of-intrusion-detection-systems-ids-part-1/.
     Google Scholar
  7. M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier, ”Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM03), pp. 172–179, 2003.
     Google Scholar
  8. Anderson, J. A. (1995). ''An introduction to Neural Networks,'' MIT Press.
     Google Scholar
  9. Rhodes, B. C., Mahaffey, J. A., &Cannady, J. D. (2000). ''Multiple self-organizing maps for intrusion detection.'' In Proceedings of the 23rdnational information systems security conference (pp. 16-19).
     Google Scholar
  10. Al-Yaseen, W. L., Othman, Z. A., & Nazri, M. Z. A. (2017). ''Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system.'' Expert Systems with Applications, 67, 296-303.
     Google Scholar
  11. Chen, C. M., Chen, Y. L., & Lin, H. C. (2010). ''An efficient network intrusion detection'', Computer Communications, 33(4), 477-484.
     Google Scholar
  12. Deepa, A. J., &Kavitha, V. (2012). ''A comprehensive survey on approaches to intrusion detection system.'' Procedia Engineering, 38,2063-2069.
     Google Scholar
  13. Thaseen, S., & Kumar, C. A. (2013). ''An analysis of supervised tree based classifiers for intrusion detection system.'' In Pattern Recognition, Informatics and Mobile Engineering (PRIME), 2013 International Conference on (pp. 294-299). IEEE.
     Google Scholar
  14. F. Iglesias, T. Zseby, ''Analysis of network traffic features for anomaly detection,'' Machine Learning 101 (1-3) (2015) 59–84. doi:10.1007/525 s10994-014-5473.
     Google Scholar
  15. N. Moustafa, J. Slay, ''The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set,'' Information Security Journal: A Global Perspective 25 (1-3) (2016) 18–31. doi:10.1080/19393555.2015.1125974.
     Google Scholar
  16. M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani, ''A detailed analysis of the kdd cup 99 data set,'' in: Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, IEEE,2009, pp. 1–6. doi:10.1109/CISDA.2009.5356528.
     Google Scholar
  17. J. McHugh, ''testing intrusion detection systems: a critique of the 1998 535 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory”, ACM Transactions on Information and System Security(TISSEC) 3 (4) (2000) 262–294. doi:10.1145/382912.382923.
     Google Scholar
  18. www.techopedia Space issue.
     Google Scholar
  19. Z. Tzermias, G. Sykiotakis, M. Polychronakis, and E. P. Markatos, “Combining Static and Dynamic Analysis for the Detection of Malicious Documents, in Proceeding of the fourth Workshop on European Workshop on System Security,'' (Salzburg, Austria),2011.
     Google Scholar
  20. P. Ratanaworabhan, B. Livshits, and B. Zorn, “NOZZLE: A Defense Against Heap spraying Code Injection Attacks, in SSYM’09 Proceeding soft the 18th conference on USENIX security symposium,'' (Berkeley, CAUSA), 2009.
     Google Scholar
  21. C. Willems, T. Holz, and F. Freiling, “Toward Automated Dynamic Malware Analysis Using CW Sandbox”.
     Google Scholar
  22. Huaibin Wang, Haiyun Zhou, ChundongWang “Virtual Machine-based Intrusion Detection System Framework in Cloud Computing Environment” JCP 2012 Vol.7(10): 2397-2403 ISSN: 1796-203Xdoi: 10.4304/jcp.7.10.2397-2403.
     Google Scholar
  23. I. Good Fellow, Y. Bengio, and A. Courville, ''Deep Learning,'' The MIT Press, 2016.
     Google Scholar
  24. T. Mitchell, ''Machine Learning,'' McGrawHill,1997.
     Google Scholar
  25. Vipin Kumar, Himadri Chauhan, Dheeraj Panwar, “K-Means Clustering Approach to Analyze NSL-KDD Intrusion Detection Dataset” International Journal of Soft Computing and Engineering (IJSCE)ISSN:2231-2307, Volume-3, Issue-4, September2013.
     Google Scholar
  26. Shilpalakhina, Sini Joseph and Bhupendraverma, “Feature Reductiousing Principal Component Analysis for Effective Anomaly–Based Intrusion Detection on NSL-KDD”, International Journal of Engineering Science and Technology, Vol.2(6),2010,1790-1799.
     Google Scholar
  27. Mohammadpour L, Hussain M, Aryanfar A, Raee VM, Sattar F. ''Evaluating performance of intrusion detection system using support vector machines,'' International Journal of Security and Its Applications. 2015 Sep; 9 (9): 225−34. Cross ref.
     Google Scholar
  28. Brindasri S, Saravanan K. ''Evaluation of network intrusion detection using Markov chain, ''International Journal on Cybernetics and Informatics (IJCI).2014Apr; 3 (2): 11−20. Crossref.
     Google Scholar
  29. Clarence Chio and David Freeman, ''Machine Learning and Security,'' O’REILLY, P.6.
     Google Scholar
  30. https://machinelearningmastery.com/classification-and-regression-trees-for-machine-learning/ Accessed on 25 Aug 2020.
     Google Scholar
  31. https://towardsdatascience.com/ understanding-random-forest-58381e0602d2Accessed on 25 Aug 2020.
     Google Scholar
  32. https://towardsdatascience.com/ naive-bayes-classifier-81d512f50a7c.
     Google Scholar
  33. https://medium.com/@xzz201920/multi-layer-perceptron-mlp-4e5c020fd28aAccessed on 25 Aug 2020.
     Google Scholar


Most read articles by the same author(s)