Skip to main content

An improved ensemble approach for effective intrusion detection

Abstract

Nowadays, one critical challenge of cybersecurity administrators is the protection of online resources from network intrusions. Despite several academic and industry research initiatives, full protection of online resources from these network intrusions is not feasible. Therefore, several techniques have been developed that use network audit data for accurate detection of network intrusions effectively and efficiently and are used in network intrusion detection systems (NIDSs). But, most of NIDSs reported low detection accuracy with high false alarm rate and provide a single solution that lacks in classification trade-offs. In this paper, the authors present a hybrid approach of multi-objective genetic algorithm and neural networks for creating a set of ensemble solutions for detecting network intrusions effectively. The proposed approach works in two phases that initially creates a set of non-dominating solutions or Pareto optimal solutions of base techniques and then creates ensemble solutions. In the outcome of individual solutions or models in the ensemble are aggregated using most popular method of majority voting. The proposed hybrid approach is evaluated using benchmark datasets of NSL_KDD and ISCX-2012 datasets for intrusion detection. The evaluation results using benchmark datasets demonstrate that the proposed hybrid approach enables detecting network intrusions effectively as compared to conventional ensemble approaches, namely bagging and boosting. The resultant ensemble solutions are non-dominating and provide classification trade-offs for cybersecurity administrators. The results also show that the proposed hybrid approach detects both minority and majority intrusion types accurately. The proposed hybrid approach demonstrated a detection accuracy of 97% and 88% with FPR of 2.4% and 2% for ISCX-2012 and NSL_KDD datasets, respectively.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. Ahmadian K, Golestani A, Analoui M, Jahed M (2007) Evolving ensemble of classifiers in low-dimensional spaces using multi-objective evolutionary approach. In: Proceedings of 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS). IEEE, pp 217–222

  2. Ahmadian K, Golestani A, Mozayani N, Kabiri P (2007) A new multi-objective evolutionary approach for creating ensemble of classifiers. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics (ISIC). IEEE, pp 1031–1036

  3. Breiman L (1996) Bias, variance, and arcing classifiers (technical report 460). Department of Statistics, University of California at Berkeley

  4. Brown C, Cowperthwaite A, Hijazi A, Somayaji A (2009) Analysis of the 1999 Darpa/Lincoln Laboratory IDS evaluation data with NetADHICT. In: Proceedings of IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA). IEEE, pp 1–7

  5. Chebrolu S, Abraham A, Thomas J (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307

    Article  Google Scholar 

  6. Corne D, Jerram N, Knowles J, Oates M et al (2001) PESA-II: region-based selection in evolutionary multiobjective optimization. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2001). Citeseer

  7. Deb K, Agrawal S, Pratap A, Meyarivan T (2000) A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: NSGA-II. Lect Notes Comput Sci 1917:849–858

    Article  Google Scholar 

  8. Deb K, Anand A, Joshi D (2002) A computationally efficient evolutionary algorithm for real-parameter optimization. Evolut Comput 10(4):371–395

    Article  Google Scholar 

  9. Dietterich T (2000) Ensemble methods in machine learning. In: Multiple classifier systems, pp 1–15

  10. Dos Santos EM (2008) Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms. PhD thesis, Montreal

  11. Elhag S, Fernandez A, Alshomrani S, Herrera F (2019) Evolutionary fuzzy systems: a case study for intrusion detection systems. In: Bansal JC, Singh PK, Pal NR (eds) Evolutionary and swarm intelligence algorithms. Springer, Berlin, pp 169–190

    Chapter  Google Scholar 

  12. Elhag S, Fernández A, Altalhi A, Alshomrani S, Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23(4):1321–1336

    Article  Google Scholar 

  13. Engen V (2010) Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the KDD CUP’99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data. PhD thesis, Bournemouth University

  14. Fan W, Stolfo SJ (2002) Ensemble-based adaptive intrusion detection. In: Proceedings of the 2002 SIAM International Conference on Data Mining. SIAM, pp 41–58

  15. Folino G, Pizzuti C, Spezzano G (2005) GP ensemble for distributed intrusion detection systems. In: International Conference on Pattern Recognition and Image Analysis. Springer, pp 54–62

  16. Gu G, Fogla P, Dagon D, Lee W, Skorić B (2006) Measuring intrusion detection capability: an information-theoretic approach. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security. ACM, pp 90–101

  17. Hamamoto AH, Carvalho LF, Sampaio LDH, Abrao T, Proenca ML Jr (2018) Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst Appl 92:390–402

    Article  Google Scholar 

  18. Imperva: cyber threat defense report (2019). https://www.imperva.com/resources/reports/CyberEdge-2019-CDR-Report-v1.1.pdf. Accessed 30 May 2019

  19. Ishibuchi H, Nojima Y (2006) Evolutionary multiobjective optimization for the design of fuzzy rule-based ensemble classifiers. Int J Hybrid Intell Syst 3(3):129–145

    Article  Google Scholar 

  20. Jain A, Tripathi K (2019) A novel hybrid KH-PSO algorithm for ransomware attack identification in intrusion detection system. Available at SSRN 3351009

  21. KDD: KDD CUP 1999 dataset (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 30 May 2019

  22. Khreich W, Granger E, Miri A, Sabourin R (2010) Iterative boolean combination of classifiers in the ROC space: an application to anomaly detection with HMMs. Pattern Recognit 43(8):2732–2752

    Article  Google Scholar 

  23. Khreich W, Granger E, Miri A, Sabourin R (2012) Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recognit 45(1):208–230

    Article  Google Scholar 

  24. Kumar G, Kumar K (2012) The use of multi-objective genetic algorithm based approach to create ensemble of ANN for intrusion detection. Int J Intell Sci 2(24):115–127. https://doi.org/10.4236/ijis.2012.224016

    Article  Google Scholar 

  25. Kumar G, Kumar K, Sachdeva M (2010) An empirical comparative analysis of feature reduction methods for intrusion detection. Int J Inf Telecommun Technol 1(1):44–51

    Google Scholar 

  26. Kumar G, Kumar K, Sachdeva M (2010) The use of artificial intelligence based techniques for intrusion detection: a review. Artif Intell Rev 34(4):369–387

    Article  Google Scholar 

  27. Kuncheva LI (2007) Combining pattern classifiers: methods and algorithms (Kuncheva, Li; 2004) [book review]. IEEE Trans Neural Netw 18(3):964–964

    Article  Google Scholar 

  28. Lu W, Traore I (2004) Detecting new forms of network intrusion using genetic programming. Comput Intell 20(3):475–494

    MathSciNet  Article  Google Scholar 

  29. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans Inf Syst Secur 3(4):262–294

    Article  Google Scholar 

  30. Mukkamala S, Sung A, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182

    Article  Google Scholar 

  31. Ozgur A, Erdem H (2018) Feature selection and multiple classifier fusion using genetic algorithms in intrusion detection systems. J Fac Eng Archit Gazi Univ 33(1):75–87

    Google Scholar 

  32. Papamartzivanos D, Marmol FG, Kambourakis G (2018) Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener Comput Syst 79:558–574

    Article  Google Scholar 

  33. Parrott D, Li X, Ciesielski V (2005) Multi-objective techniques in genetic programming for evolving classifiers. In: Proceedings of IEEE Congress on Evolutionary Computation, vol 2. IEEE, pp 1141–1148

  34. Raman MG, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Sriram VS (2019) An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev. https://doi.org/10.1007/s10462-019-09762-z

    Article  Google Scholar 

  35. Re M, Valentini G (2010) Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines. Neurocomputing 73(7–9):1533–1537

    Article  Google Scholar 

  36. Reddy SSS, Chatterjee P, Mamatha C (2019) Intrusion detection in wireless network using fuzzy logic implemented with genetic algorithm. In: Peng S-L, Dey N, Bundele M (eds) Computing and network sustainability. Springer, Berlin, pp 425–432

    Chapter  Google Scholar 

  37. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374

    Article  Google Scholar 

  38. Song D, Heywood MI, Zincir-Heywood AN (2003) A linear genetic programming approach to intrusion detection. In: Genetic and Evolutionary Computation Conference. Springer, pp 2325–2336

  39. Srivastava HM, Zhang Y, Wang L, Shen P, Zhang J (2014) A local fractional integral inequality on fractal space analogous to Anderson’s inequality. Abstr Appl Anal 46(8):5218–5229

    MathSciNet  MATH  Google Scholar 

  40. Suman C, Tripathy S, Saha S (2019) Building an effective intrusion detection system using unsupervised feature selection in multi-objective optimization framework. arXiv preprint arXiv:1905.06562

  41. Tavallaee M (2011) An adaptive hybrid intrusion detection system. PhD thesis, University of New Brunswick

  42. Tavallaee M, Stakhanova N, Ghorbani A (2010) Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern Part C Appl Rev 40(5):516–524

    Article  Google Scholar 

  43. Tiwari S, Fadel G, Deb K (2011) AMGA2: improving the performance of the archive-based micro-genetic algorithm for multi-objective optimization. Eng Optim 43(4):377–401

    Article  Google Scholar 

  44. Tsoumakas G, Angelis L, Vlahavas I (2005) Selective fusion of heterogeneous classifiers. Intell Data Anal 9(6):511–525

    Article  Google Scholar 

  45. Vaca FD, Niyaz Q (2018) An ensemble learning based Wi-Fi network intrusion detection system (WNIDS). In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA). IEEE, pp 1–5

  46. Vijayanand R, Devaraj D, Kannapiran B (2018) Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection. Comput Secur 77:304–314

    Article  Google Scholar 

  47. Wankhade KK, Jondhale KC (2019) An ensemble clustering method for intrusion detection. Int J Intell Eng Inform 7(2–3):112–140

    Google Scholar 

  48. Wei W, Qiang Y, Zhang J (2013) A bijection between lattice-valued filters and lattice-valued congruences in residuated lattices. Math Probl Eng. https://doi.org/10.1155/2013/908623

    MathSciNet  Article  MATH  Google Scholar 

  49. Wei W, Yang XL, Zhou B, Feng J, Shen PY (2012) Combined energy minimization for image reconstruction from few views. Math Probl Eng. https://doi.org/10.1155/2012/154630

    MathSciNet  Article  MATH  Google Scholar 

  50. Witten I, Frank E, Hall M (2011) Data mining: practical machine learning tools and techniques. Morgan Kaufmann, Burlington

    Google Scholar 

  51. Wu S, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35

    Article  Google Scholar 

  52. Zitzler E, Deb K, Thiele L (2000) Comparison of multiobjective evolutionary algorithms: empirical results. Evolut Comput 8(2):173–195

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gulshan Kumar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kumar, G. An improved ensemble approach for effective intrusion detection. J Supercomput 76, 275–291 (2020). https://doi.org/10.1007/s11227-019-03035-w

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-019-03035-w

Keywords

  • Genetic algorithm
  • Intrusion
  • Intrusion detection system
  • Machine learning
  • MOGA
  • Neural networks