Advertisement

Using Feature Selection to Improve Performance of Three-Tier Intrusion Detection System

  • Yi-Jen SuEmail author
  • Pei-Yu Huang
  • Wu-Chih Hu
  • Hsuan-Yu Lin
  • Chen-Yu Kao
  • Shan-Hsiung Hsieh
  • Chun-Li Lin
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 927)

Abstract

Social media services have become an essential part of daily life. Once 5G services launch in the near future, the annual network IP flow can be expected to increase significantly. In case of security threats, network attacks will become more various and harder to detect. The intrusion detection system (IDS) in the network defense system is in charge of detecting malicious activities online. The research proposed an intelligent three-tier IDS that can process high-speed network flow and classify attack behaviors into nine kinds of attacks by seven machine learning methods. Based on the operation time, the detection process can be divided into the offline phase, which trains models by machine learning, and the online phase, which enhances the detection rate of network attacks by a three-tier filtering process. In the experiment, UNSW-NB15 was adopted as the dataset, where the accuracy of intrusion detection approached 98%.

References

  1. 1.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance (1980)Google Scholar
  2. 2.
    Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Hall, M.A.: Correlation-based feature selection for machine learning. Doctoral Dissertation, University of Waikato, Department of Computer Science (1999)Google Scholar
  4. 4.
    Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the International Joint Conference on Neural Networks. vol. 2, pp. 1702–1707 (2002)Google Scholar
  5. 5.
    Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of International Symposium on Applications and the Internet.vol. 217, pp. 209–216 (2003)Google Scholar
  6. 6.
    Kumar, K., Batth, J.S.: Network intrusion detection with feature selection techniques using machine-learning algorithms. Int. J. Comput. Appl. 150(12), 1–13 (2016)Google Scholar
  7. 7.
    Amiri, F., Yousefi, M.R., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34(4), 1184–1199 (2011)CrossRefGoogle Scholar
  8. 8.
    Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)CrossRefGoogle Scholar
  9. 9.
    Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication, 800-94 (2007)Google Scholar
  11. 11.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR), 41(3) (2009)Google Scholar
  12. 12.
    Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)CrossRefGoogle Scholar
  13. 13.
    Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014)MathSciNetCrossRefGoogle Scholar
  14. 14.
  15. 15.
    Blum, A.L., Langley, P.: Selection of relevant features and examples in machine learning. Artif. Intell. 97(1–2), 245–271 (1997)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Proceedings of Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015)Google Scholar
  17. 17.
    Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: Central points. In: Proceedings of the 16th Australian Information Warfare Conference, pp. 5–13 (2015)Google Scholar
  18. 18.
    Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: Proceedings of 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 25–31 (2015)Google Scholar
  19. 19.
    Weka 3: Data Mining Software in Java. https://www.cs.waikato.ac.nz/ml/weka/
  20. 20.
    Hall, M.A., Holmes, G.: Benchmarking attribute selection techniques for discrete class data mining. IEEE Trans. Knowl. Data Eng. 15(6), 1437–1447 (2003)CrossRefGoogle Scholar
  21. 21.
    Holte, R.C.: Very simple classification rules perform well on most commonly used datasets. Mach. Learn. 11(1), 63–90 (1993)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Kononenko I.: Estimating attributes: Analysis and extensions of RELIEF, Lecture Notes in Computer Science, vol. 784, pp. 171–182. Springer, Heidelberg (1994)Google Scholar
  23. 23.
    Prachi, C.: Usage of machine learning for intrusion detection in a network. Int. J. Comput. Netw. Appl. 3(6), 139–147 (2016)Google Scholar
  24. 24.
    Al-Jarrah, O.Y., Siddiqui, A., Elsalamouny, M., Yoo, P.D., Muhaidat, S., Kim, K.: Machine-learning-based feature selection techniques for large-scale network intrusion detection. IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 177–181 (2014)Google Scholar
  25. 25.
    Rathore, M.M., Ahmad, A., Paul, A.: Real time intrusion detection system for ultra-high-speed big data environments. J. Supercomput. 72(9), 3489–3510 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yi-Jen Su
    • 1
    Email author
  • Pei-Yu Huang
    • 1
  • Wu-Chih Hu
    • 2
  • Hsuan-Yu Lin
    • 3
  • Chen-Yu Kao
    • 3
  • Shan-Hsiung Hsieh
    • 3
  • Chun-Li Lin
    • 4
  1. 1.Department of Computer Science and Information EngineeringShu-Te UniversityKaohsiung CityTaiwan
  2. 2.Department of Computer Science and Information EngineeringNational Penghu University of Science and TechnologyPenghu CityTaiwan
  3. 3.Telecom Technology CenterKaohsiung CityTaiwan
  4. 4.National Center for Cyber Security TechnologyTaipei CityTaiwan

Personalised recommendations