The Journal of Supercomputing

, Volume 74, Issue 11, pp 5797–5812 | Cite as

An efficient cascaded method for network intrusion detection based on extreme learning machines

  • Yuanlong Yu
  • Zhifan Ye
  • Xianghan ZhengEmail author
  • Chunming Rong


Machine learning techniques are widely used for network intrusion detection (NID). However, it has to face the unbalance of training samples between classes as it is hard to collect samples of some intrusion classes. This would produce false positives for these intrusion classes. Meanwhile, since there are various types of intrusions, classification boundaries between different classes are seriously nonlinear. Due to the huge amount of training data, computational efficiency is also required. This paper therefore proposes an efficient cascaded classifier for NID. This classifier consists of a collection of binary base classifiers which are serially connected. Each base classifier corresponds to a type of intrusion. The order of these base classifiers is automatically determined based on the number of false positives to cope with the unbalance of training samples. Extreme learning machine algorithm, which has low computational cost, is used to train these base classifiers to delineate the nonlinear boundaries between classes. This proposed NID method is evaluated on the KDD99 data set. Experimental results have shown that this proposed method outperforms other state-of-the-art methods including decision tree, back-propagation neural network and support vector machines.


Network intrusion detection Cascaded classifier Extreme learning machine 


  1. 1.
  2. 2.
    Bartlett PL (1998) The sample complexity of pattern classification with neural networks: the size of the weights is more important than the size of the network. IEEE Trans Inform Theory 44(2):525–536MathSciNetCrossRefGoogle Scholar
  3. 3.
    Beghdad R (2008) Critical study of neural networks in detecting intrusions. Comp Security 27(5–6):168–175CrossRefGoogle Scholar
  4. 4.
    Burges C (1998) A tutorial on support vector machines for pattern recognition. Data Mining Know Dis 2(2):121–167CrossRefGoogle Scholar
  5. 5.
    Chen T (2010) Stuxnet, the real start of cyber warfare. IEEE Network 24(4):2–3CrossRefGoogle Scholar
  6. 6.
    Creech G, Hu J (2014) A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans Comp 63(4):807–819MathSciNetCrossRefGoogle Scholar
  7. 7.
    He J, Zheng S (2014) Intrusion detection model with twin support vector machines. J Shang Jiaotong Univ (Sci) 19(4):448–454CrossRefGoogle Scholar
  8. 8.
    Huang GB, Chen L (2007) Convex incremental extreme learning machine. Neurocomputing 70(16–18):3056–3062CrossRefGoogle Scholar
  9. 9.
    Huang GB, Chen L, Siew C (2006) Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Networks 17(4):879–892CrossRefGoogle Scholar
  10. 10.
    Huang GB, Zhou H, Ding X, Zhang R (2012) Extreme learning machine for regression and multiclass classification. IEEE Trans Syst Man Cyber B Cyber 42(2):513–529CrossRefGoogle Scholar
  11. 11.
    Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430CrossRefGoogle Scholar
  12. 12.
    Quinlan J (1986) Induction of decision trees. Mach Learn 1(1):81–106Google Scholar
  13. 13.
    Rong H, Huang G, Ong Y (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141CrossRefGoogle Scholar
  14. 14.
    Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Networks 61:85–117CrossRefGoogle Scholar
  15. 15.
    Wang H, Chen B (2013) Intrusion detection system based on multi-strategy pruning algorithm of the decision tree. In: IEEE International Conference on Grey Systems and Intelligent Services :445–447Google Scholar
  16. 16.
    Weller-Fahy D, Borghetti B, Sodemann A (2015) A survey of distance and similarity measures used within network intrusion anomaly detection. Commun Surv Tutorials 17:70–91CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Yuanlong Yu
    • 1
  • Zhifan Ye
    • 1
  • Xianghan Zheng
    • 1
    Email author
  • Chunming Rong
    • 2
  1. 1.College of Mathematics and Computer ScienceFuzhou UniversityFuzhouChina
  2. 2.Department of Electrical Engineering and Computer ScienceUniversity of StavangerStavangerNorway

Personalised recommendations