Advertisement

A new hybrid approach for intrusion detection using machine learning methods

  • Ünal ÇavuşoğluEmail author
Article
  • 35 Downloads

Abstract

In this study, a hybrid and layered Intrusion Detection System (IDS) is proposed that uses a combination of different machine learning and feature selection techniques to provide high performance intrusion detection in different attack types. In the developed system, firstly data preprocessing is performed on the NSL-KDD dataset, then by using different feature selection algorithms, the size of the dataset is reduced. Two new approaches have been proposed for feature selection operation. The layered architecture is created by determining appropriate machine learning algorithms according to attack type. Performance tests such as accuracy, DR, TP Rate, FP Rate, F-Measure, MCC and time of the proposed system are performed on the NSL-KDD dataset. In order to demonstrate the performance of the proposed system, it is compared with the studies in the literature and performance evaluation is done. It has been shown that the proposed system has high accuracy and a low false positive rates in all attack types.

Keywords

Intrusion detection system Machine learning algorithm Hybrid system Feature selection NSL-KDD 

Notes

References

  1. 1.
    Deng R, Zhuang P, Liang H (2017) CCPA: Coordinated Cyber-physical attacks and countermeasures in smart grid. IEEE Trans Smart Grid 8(5):2420–2430Google Scholar
  2. 2.
    Qi L, Dou W, Zhou Y, Yu J, Hu C (2015) A context-aware service evaluation approach over big data for cloud applications. IEEE Transactions on Cloud Computing.  https://doi.org/10.1109/TCC.2015.2511764
  3. 3.
    Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722Google Scholar
  4. 4.
    Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng SE-13(2):222–232Google Scholar
  5. 5.
    Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv (CSUR) 48(1):12Google Scholar
  6. 6.
    Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):15Google Scholar
  7. 7.
    Ertoz L, Kumar V, Lazarevic A, Srivastava J, Tan PN (2002) Data mining for network intrusion detection. In: Proceedings NSF workshop on next generation data mining, pp 21–30Google Scholar
  8. 8.
    Liao HJ, Lin CHR, Lin YC, Tung KY (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24Google Scholar
  9. 9.
    Wazid M, Das AK (2016) An efficient hybrid anomaly detection scheme using K-means clustering for wireless sensor networks. Wirel Pers Commun 90(4):1971–2000Google Scholar
  10. 10.
    Aljawarneh S, Yassein MB, Aljundi M (2017) An enhanced j48 classification algorithm for the anomaly intrusion detection systems. Clust Comput:1–17.  https://doi.org/10.1007/s10586-017-1109-8
  11. 11.
    Guo C, Ping Y, Liu N, Luo SS (2016) A two-level hybrid approach for intrusion detection. Neurocomputing 214:391–400Google Scholar
  12. 12.
    Singh R, Kumar H, Singla RK (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst Appl 42(22):8609–8624Google Scholar
  13. 13.
    Chahal JK, Kaur A (2016) A hybrid approach based on classification and clustering for intrusion detection system. Int J Math Sci Comput 2(4):34–40Google Scholar
  14. 14.
    Saleh AI, Talaat FM, Labib LM (2017) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev:1–41.  https://doi.org/10.1007/s10462-017-9567-1
  15. 15.
    Elbasiony RM, Sallam EA, Eltobely TE, Fahmy MM (2013) A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng J 4(4):753– 762Google Scholar
  16. 16.
    Ji SY, Jeong BK, Choi S, Jeong DH (2016) A multi-level intrusion detection method for abnormal network behaviors. J Netw Comput Appl 62:9–17Google Scholar
  17. 17.
    Kim G, Lee S, Kim S (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41(4):1690–1700MathSciNetGoogle Scholar
  18. 18.
    Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Procedia Comput Sci 45:428–435Google Scholar
  19. 19.
    Laftah Al-Yaseen W, Ali Othman Z, Nazri A, Zakree M (2015) Hybrid modified-means with C4. 5 for intrusion detection systems in Multiagent Systems. The Scientific World JournalGoogle Scholar
  20. 20.
    Parsaei MR, Rostami SM, Javidan R (2016) A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset. Int J Adv Comput Sci Appl 7(6):20–25Google Scholar
  21. 21.
    Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058Google Scholar
  22. 22.
    Yao H, Wang Q, Wang L, Zhang P, Li M, Liu Y (2017) An intrusion detection framework based on hybrid multi-level data mining. Int J Parallel Prog:1–19.  https://doi.org/10.1007/s10766-017-0537-7
  23. 23.
    Farid DM, Zhang L, Rahman CM, Hossain MA, Strachan R (2014) Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks. Expert Syst Appl 41(4):1937–1946Google Scholar
  24. 24.
    Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303Google Scholar
  25. 25.
    Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27(6):1669–1676Google Scholar
  26. 26.
    Harb HM, Desuky AS (2011) Adaboost ensemble with genetic algorithm post optimization for intrusion detection. Int J Comput Sci Issues (IJCSI) 8(5):28Google Scholar
  27. 27.
    Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184Google Scholar
  28. 28.
    Manickam M, Rajagopalan SP (2018) A hybrid multi-layer intrusion detection system in cloud. Clust Comput:1–9.  https://doi.org/10.1007/s10586-018-2557-5
  29. 29.
    Vimala S, Khanaa V, Nalini C (2018) A study on supervised machine learning algorithm to improvise intrusion detection systems for mobile ad hoc networks. Clust Comput:1–10.  https://doi.org/10.1007/s10586-018-2686-x
  30. 30.
    Ashfaq RAR, Wang XZ, Huang JZ, Abbas H, He YL (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci 378:484–497Google Scholar
  31. 31.
    Ghosh P, Debnath C, Metia D, Dutta DR (2014) An efficient hybrid multilevel intrusion detection system in cloud environment. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN, 2278-0661Google Scholar
  32. 32.
    Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34(18):2227–2235Google Scholar
  33. 33.
    Balamurugan V, Saravanan R (2017) Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation. Clust Comput:1–13.  https://doi.org/10.1007/s10586-017-1187-7
  34. 34.
    Benmessahel I, Xie K, Chellal M (2017) A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl Intell 48:2315–2327.  https://doi.org/10.1007/s10489-017-1085-y Google Scholar
  35. 35.
    Yang C (2018) Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Clust Comput:1–9.  https://doi.org/10.1007/s10586-018-1755-5  https://doi.org/10.1007/s10586-018-1755-5
  36. 36.
    Feng W, Zhang Q, Hu G, Huang JX (2014) Mining network data for intrusion detection through combining SVMs with ant colony networks. Futur Gener Comput Syst 37:127–140Google Scholar
  37. 37.
    Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424–430Google Scholar
  38. 38.
    Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232Google Scholar
  39. 39.
    Wang Y, Feng L (2018) Hybrid feature selection using component co-occurrence based feature relevance measurement. Expert Syst Appl 102:83–99Google Scholar
  40. 40.
    Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128Google Scholar
  41. 41.
    Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34(4):1184–1199Google Scholar
  42. 42.
    Manzoor I, Kumar N (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249–257Google Scholar
  43. 43.
    Madbouly AI, Gody AM, Barakat TM (2014) Relevant feature selection model using data mining for intrusion detection system. arXiv:1403.7726
  44. 44.
    Zhang F, Wang D (2013) An effective feature selection approach for network intrusion detection. In: 2013 IEEE eighth international conference on networking, architecture and storage (NAS). IEEE, pp 307–311Google Scholar
  45. 45.
    Pervez MS, Farid DM (2014) Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: 2014 8th international conference on software, knowledge, information management and applications (SKIMA). IEEE, pp 1–6Google Scholar
  46. 46.
    Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65(10):2986–2998MathSciNetzbMATHGoogle Scholar
  47. 47.
    Kang SH, Kim KJ (2016) A feature selection approach to find optimal feature subsets for the network intrusion detection system. Clust Comput 19(1):325–333Google Scholar
  48. 48.
    Beulah JR, Punithavathani DS (2018) A hybrid feature selection method for improved detection of Wired/Wireless network intrusions. Wirel Pers Commun 98(2):1853–1869Google Scholar
  49. 49.
    Bhattacharya S, Selvakumar S (2016) Multi-measure multi-weight ranking approach for the identification of the network features for the detection of DoS and Probe attacks. The Comput J 59(6):923–943Google Scholar
  50. 50.
    Bajaj K, Arora A (2013) Dimension reduction in intrusion detection features using discriminative machine learning approach. Int J Comput Sci Issues (IJCSI) 10(4):324Google Scholar
  51. 51.
    Osanaiye O, Cai H, Choo KKR, Dehghantanha A, Xu Z, Dlodlo M (2016) Ensemble-based multi-filter feature selection method for DDos detection in cloud computing. EURASIP J Wirel Commun Netw 2016 (1):130Google Scholar
  52. 52.
    Sethuramalingam S, Naganathan ER (2011) Hybrid feature selection for network intrusion. Int J Comput Sci Eng 3(5):1773–1780Google Scholar
  53. 53.
    Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21(6):1185–1190Google Scholar
  54. 54.
    De la Hoz E, de la Hoz E, Ortiz A, Ortega J, Martínez-Álvarez A (2014) Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps. Knowl-Based Syst 71:322–338Google Scholar
  55. 55.
    Eesa AS, Orman Z, Brifcani AMA (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 42(5):2670–2679Google Scholar
  56. 56.
    Lin SW, Ying KC, Lee CY, Lee ZJ (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12(10):3285–3290Google Scholar
  57. 57.
    Online The KDD CUP 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed July 2018
  58. 58.
    Online KDD-NSL Dataset (2009). http://nsl.cs.unb.ca/NSL-KDD/. Accessed July 2018
  59. 59.
    Scott SL (2004) A Bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45 (1):69–83MathSciNetzbMATHGoogle Scholar
  60. 60.
    Mladenic D, Grobelnik M (1999) Feature selection for unbalanced class distribution and naive bayes. In: ICML, vol 99, pp 258–267Google Scholar
  61. 61.
    Breiman L (2001) Random forests. Mach L 45(1):5–32zbMATHGoogle Scholar
  62. 62.
    Alsubhi K, Aib I, Boutaba R (2012) FuzMet: A fuzzy-logic based alert prioritization engine for intrusion detection systems. Int J Netw Manag 22(4):263–284Google Scholar
  63. 63.
    Quinlan RC (1993) 4.5: Programs For machine learning. Morgan Kaufmann Publishers Inc, San FranciscoGoogle Scholar
  64. 64.
    Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, vol 26, pp 368–381Google Scholar
  65. 65.
    Zhang Z, Shen H (2005) Application of online-training SVMs for real-time intrusion detection with different considerations. Comput Commun 28(12):1428–1442Google Scholar
  66. 66.
    Denoeux T (1995) A k-nearest neighbor classification rule based on Dempster-Shafer theory. IEEE Trans Syst Man Cybern 25(5):804–813Google Scholar
  67. 67.
    Hartigan JA, Wong MA (1979) Algorithm AS 136: a k-means clustering algorithm. J Royal Stat Soc Ser C (Appl Stat) 28(1):100–108zbMATHGoogle Scholar
  68. 68.
    Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier, New YorkzbMATHGoogle Scholar
  69. 69.
    Alpaydin E (2014) Introduction to machine learning. MIT Press, CambridgezbMATHGoogle Scholar
  70. 70.
    Rodriguez-Galiano VF, Ghimire B, Rogan J, Chica-Olmo M, Rigol-Sanchez JP (2012) An assessment of the effectiveness of a random forest classifier for land-cover classification. ISPRS J Photogramm Remote Sens 67:93–104Google Scholar
  71. 71.
    Malekipirbazari M, Aksakalli V (2015) Risk assessment in social lending via random forests. Expert Syst Appl 42(10):4621–4631Google Scholar
  72. 72.
    Kotsiantis SB, Zaharakis ID, Pintelas PE (2006) Machine learning: a review of classification and combining techniques. Artif Intell Rev 26(3):159–190Google Scholar
  73. 73.
    Sill J, Takács G, Mackey L, Lin D (2009) Feature-weighted linear stacking. arXiv:http://arXiv.org/abs/0911.0460
  74. 74.
    Opitz D, Maclin R (1999) Popular ensemble methods: an empirical study. J Artif Intell Res 11:169–198zbMATHGoogle Scholar
  75. 75.
    Wang G, Hao J, Ma J, Jiang H (2011) A comparative assessment of ensemble learning for credit scoring. Expert Syst Appl 38(1):223–230Google Scholar
  76. 76.
    Hall MA, Smith LA (1998) Practical feature subset selection for machine learning. In Computer science’98 proceedings of the 21st Australasian computer science conference ACSC, vol 98, pp 181–191Google Scholar
  77. 77.
    Almuallim H, Dietterich TG (1991) Efficient algorithms for identifying relevant features. In: Proceedings of the 9th Canadian conference on artificial intelligence, pp 38–45Google Scholar
  78. 78.
    Kira K, Rendell LA (1992) The feature selection problem: Traditional methods and a new algorithm. In: AAAI, vol 2, pp 129–134Google Scholar
  79. 79.
    Das S (2001) Filters, wrappers and a boosting-based hybrid for feature selection. In: Icml, vol 1, pp 74–81Google Scholar
  80. 80.
    Liu H, Yu L (2005) Toward integrating feature selection algorithms for classification and clustering. IEEE Trans Knowl Data Eng 17(4):491–502Google Scholar
  81. 81.
    Chandrashekar G, Sahin F (2014) A survey on feature selection methods. Comput Electr Eng 40(1):16–28Google Scholar
  82. 82.
    Jantawan B, Tsai CF (2014) A comparison of filter and wrapper approaches with data mining techniques for categorical variables selection. Int J Innov Res Comput Commun Eng 2(6):4501–4508Google Scholar
  83. 83.
    Naseriparsa M, Bidgoli AM, Varaee T (2014) A hybrid feature selection method to improve performance of a group of classification algorithms. arXiv:1403.2372
  84. 84.
    John GH, Kohavi R, Pfleger K (1994) Irrelevant features and the subset selection problem. In: Machine learning proceedings, vol 1994, pp 121–129Google Scholar
  85. 85.
    Chou TS, Yen KK, Luo J (2008) Network intrusion detection design using feature selection of soft computing paradigms. Int J Comput Intell 4(3):196–208Google Scholar
  86. 86.
    Selvakuberan K, Indradevi M, Rajaram R (2008) Combined Feature Selection and classification–A novel approach for the categorization of web pages. J Inf Comput Sci 3(2):083–089Google Scholar
  87. 87.
    Kohavi R, John GH (1997) Wrappers for feature subset selection. Artif Intell 97(1-2):273–324zbMATHGoogle Scholar
  88. 88.
    Rodriguez JD, Perez A, Lozano JA (2010) Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Trans Pattern Anal Mach Intell 32(3):569–575Google Scholar
  89. 89.
    Kittler J, Hatef M, Duin RP, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Intell 20(3):226–239Google Scholar
  90. 90.
    Japkowicz N, Shah M (2011) Evaluating learning algorithms: a classification perspective. Cambridge University Press, CambridgezbMATHGoogle Scholar
  91. 91.
    Patil TR, Sherekar SS (2013) Performance analysis of Naive Bayes and J48 classification algorithm for data classification. Int J Comput Sci Appl 6(2):256–261Google Scholar
  92. 92.
    Deng X, Liu Q, Deng Y, Mahadevan S (2016) An improved method to construct basic probability assignment based on the confusion matrix for classification problem. Inf Sci 340:250– 261Google Scholar
  93. 93.
    Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems—A survey. Appl Soft Comput 11(7):4349–4365Google Scholar
  94. 94.
    Liu Y, Cheng J, Yan C, Wu X, Chen F (2015) Research on the Matthews correlation coefficients metrics of personalized recommendation algorithm evaluation. Int J Hybrid Inf Technol 8(1):163–172Google Scholar
  95. 95.
    Online.Weka Data Mining Tool. https://www.cs.waikato.ac.nz/ml/weka/. Accessed July 2018
  96. 96.
    Holmes G, Donkin A, Witten IH (1994) Weka: A machine learning workbench. In: 1994. Proceedings of the 1994 second Australian and New Zealand conference on intelligent information systems. IEEE, pp 357–361Google Scholar
  97. 97.
    Luo B, Xia J (2014) A novel intrusion detection system based on feature generation with visualization strategy. Expert Syst Appl 41(9):4139–4147MathSciNetGoogle Scholar
  98. 98.
    Lin WC, Ke SW, Tsai CF (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl-Based Syst 78:13–21Google Scholar
  99. 99.
    Liang H (2014) An improved intrusion detection based on neural network and fuzzy algorithm. J Netw 9 (5):1274Google Scholar
  100. 100.
    Hoque MS, Mukit M, Bikas M, Naser A (2012) An implementation of intrusion detection system using genetic algorithm. arXiv:1204.1336
  101. 101.
    Horng SJ, Su MY, Chen YH, Kao TW, Chen RJ, Lai JL, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38(1):306–313Google Scholar
  102. 102.
    Hwang TS, Lee TJ, Lee YJ (2007) A three-tier IDS via data mining approach. In: Proceedings of the 3rd annual ACM workshop on mining network data. ACM, pp 1–6Google Scholar
  103. 103.
    Kuang L, Zulkernine M (2008) An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings of the 2008 ACM symposium on applied computing. ACM, pp 921–926Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer EngineeringSakarya UniversitySerdivanTurkey

Personalised recommendations