Skip to main content
SpringerLink
Log in

A Novel Ensemble Method for Network-Based Anomaly Intrusion Detection System

  • Conference paper
  • First Online:
New Trends in Information and Communications Technology Applications (NTICT 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1764))

  • 135 Accesses

Abstract

Anomaly intrusion detection technologies are essential for network and computer security as the threat gets more serious yearly. Ensemble learning techniques are promising machine learning methods in anomaly detection that aim to produce multiple models and combine their output in a specific manner to obtain a perfect attack detection. However, it’s still difficult to choose an appropriate ensemble method for a particular dataset. This research is conducted on entry-disciplinary concept in which the knowledge is transferred between network security and machine learning. Thus, the problematic of anomaly detection in network traffic is considered, and two novel ensemble methods for anomaly detection is presented. In both methods, the decision rule (henceforth, Rule-set) which is extracted from two different families of classifiers Naïve Bayes and decision tree J48 will be used as an ensemble constitute classifiers. In the first method, a set of Rule Evaluation Metrics (henceforth, REMs) extracted from Rule-sets will be used for combining classifiers and solving rules conflict whenever occurred. While in the second method the paper presents a novel stacking approach as follows: a cover property of Rule-sets will be utilized to re-encode training instances and produce metadata set that is used for training a meta-level classifier which produces the ultimate result. The evaluation of the proposed methods will be conducted on CICIDS2017 dataset in a term of detection rate, execution time, false alarm rate, accuracy, and other interesting measures. The experimental results show attests their superiority of accuracy that reaches 99.8630% and 99.8642% for first and second methods respectively and lower execution time for both methods especially for the second proposed method, which is (0.25 s).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The proposed IDSs have been implemented using java with JDK.13 run on pc machine with intel processor Core™ i5 2410M,2.30 GZ, 4 GB RAM, and under Window7.

  2. 2.

    Weka [72] tool has been used to conduct the experiments of original Voting and Stacking methods.

References

  1. Lin, W.C., Ke, S.W., Tsai, C.F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based. Syst. 78(1), 13–21 (2015). https://doi.org/10.1016/j.knosys.2015.01.009

    Article  Google Scholar 

  2. Elbasiony, R.M., Sallam, E.A., Eltobely, T.E., Fahmy, M.M.: A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng. J. 4(4), 753–762 (2013). https://doi.org/10.1016/j.asej.2013.01.003

    Article  Google Scholar 

  3. Chen, Y., Abraham, A., Yang, B.: Hybrid flexible neural-tree-based intrusion detection systems. Int. J. Intell. Syst. 22(4), 337–352 (2007). https://doi.org/10.1002/int.20203

    Article  MATH  Google Scholar 

  4. Folino, G., Pizzuti, C., Spezzano, G.: An ensemble-based evolutionary framework for coping with distributed intrusion detection. Genet. Program Evolvable Mach. 11(2), 131–146 (2010). https://doi.org/10.1007/s10710-010-9101-6

    Article  Google Scholar 

  5. Garg, S., Batra, S.: A novel ensembled technique for anomaly detection. Int. J. Commun. Syst. 30(11), e3248 (2017). https://doi.org/10.1002/dac.3248

    Article  Google Scholar 

  6. Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms. Chapman and Hall/CRC (2012). https://doi.org/10.1201/b12207

  7. Kittler, J., Hatef, M., Duin, R.P.W., Matas, J.: On combining classifiers. IEEE Trans. Pattern Anal. Mach. Intell. 20(3), 226–239 (1998). https://doi.org/10.1109/34.667881

    Article  Google Scholar 

  8. Mohammad, M.N., Sulaiman, N., Muhsin, O.A.: A novel intrusion detection system by using intelligent data mining in WEKA environment. Procedia Comput. Sci. 3, 1237–1242 (2011). https://doi.org/10.1016/j.procs.2010.12.198

    Article  Google Scholar 

  9. Ni, X., He, D., Ahmad, F.: Practical network anomaly detection using data mining techniques. VFAST Trans. Softw. Eng. 9(2), 1 (2016). https://doi.org/10.21015/vtse.v9i2.403

    Article  Google Scholar 

  10. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007). https://doi.org/10.1016/j.comnet.2007.02.001

    Article  Google Scholar 

  11. Mannila, H., Smyth, P., Hand, D.J.: Principles of data mining MIT press. In: A Comprehensive, Highlytechnical Look at the Math and Science Behind Extracting Useful Information from Large Databases, vol. 546 (2000)

    Google Scholar 

  12. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network traffic anomaly detection techniques and systems. In: Network Traffic Anomaly Detection and Prevention. CCN, pp. 115–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65188-0_4

    Chapter  Google Scholar 

  13. Roesch, M.: Snort – lightweight intrusion detection for networks. Lisa 99(1), 229–238 (2015)

    Google Scholar 

  14. Folino, G., Sabatino, P.: Ensemble based collaborative and distributed intrusion detection systems: a survey. J. Netw. Comput. Appl. 66, 1–16 (2016). https://doi.org/10.1016/j.jnca.2016.03.011

    Article  Google Scholar 

  15. Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd ed. Elsevier (2012). https://doi.org/10.1016/C2009-0-61819-5

  16. Dasarathy, B.V., Sheela, B.V.: A composite classifier system design: concepts and methodology. Proc. IEEE 67(5), 708–713 (1979). https://doi.org/10.1109/PROC.1979.11321

    Article  Google Scholar 

  17. Hansen, P., Salamon, L.K.: Neural network ensembles. IEEE Trans. Pattern Anal. Mach. Intell. 12(10), 993–1001 (1990)

    Google Scholar 

  18. Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990). https://doi.org/10.1023/A:1022648800760

    Article  Google Scholar 

  19. Polikar, R.: Ensemble based systems in decision making. IEEE Circuits Syst. Mag. 6(3), 21–44 (2006). https://doi.org/10.1109/MCAS.2006.1688199

    Article  Google Scholar 

  20. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network Traffic Anomaly Detection and Prevention: Concepts, Techniques, and Tools. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65188-0

  21. Tan, P.-N., Steinbach, M., Kumar, V.: Pang-Ning Tan - Introduction to Data Mining (2006). https://doi.org/10.1152/ajpgi.1999.276.5.G1279

  22. Syarif, I., Zaluska, E., Prugel-Bennett, A., Wills, G.: Application of bagging, boosting and stacking to intrusion detection. In: Perner, P. (ed.) MLDM 2012. LNCS (LNAI), vol. 7376, pp. 593–602. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31537-4_46

    Chapter  Google Scholar 

  23. Woźniak Michałand Graña, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Inf. Fusion 16(1), 3–17 (2014). https://doi.org/10.1016/j.inffus.2013.04.006

  24. Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recogn. Lett. 24(12), 1795–1803 (2003). https://doi.org/10.1016/S0167-8655(03)00004-7

    Article  MATH  Google Scholar 

  25. Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009). https://doi.org/10.1016/j.comnet.2008.11.011

    Article  MATH  Google Scholar 

  26. Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004). https://doi.org/10.1023/B:AIRE.0000045502.10941.a9

    Article  MATH  Google Scholar 

  27. Markou, M., Singh, S.: Novelty detection: a review_part 1: statistical approaches. Signal Process. 83(12), 2481–2497 (2003)

    Article  MATH  Google Scholar 

  28. Song, J., Takakura, H., Okabe, Y., Kwon, Y.: Unsupervised anomaly detection based on clustering and multiple one-class SVM. IEICE Trans. Commun. E92-B(6), 1981–1990 (2009). https://doi.org/10.1587/transcom.E92.B.1981

  29. Chou, T.-S.S., Fan, J., Fan, S., Makki, K.: Ensemble of machine learning algorithms for intrusion detection. In: IEEE International Conference on Systems, Man and Cybernetics, pp. 3976–3980 (2009). https://doi.org/10.1109/ICSMC.2009.5346669

  30. Liu, G., Chen, W., Hu, F.: A neural network ensemble based method for detecting computer virus. In: 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering, CMCE 2010, vol. 1, pp. 391–393 (2010). https://doi.org/10.1109/CMCE.2010.5610520

  31. Govindarajan, M., Chandrasekaran, R.: Intrusion detection using neural based hybrid classification methods. Comput. Netw. 55(8), 1662–1671 (2011). https://doi.org/10.1016/j.comnet.2010.12.008

    Article  Google Scholar 

  32. Raj Kumar, P.A., Selvakumar, S.: Distributed denial of service attack detection using an ensemble of neural classifier. Comput. Commun. 34(11), 1328–1341 (2011). https://doi.org/10.1016/j.comcom.2011.01.012

  33. Sindhu, S.S.S., Geetha, S., Kannan, A.: Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst. Appl. 39(1), 129–141 (2012)

    Article  Google Scholar 

  34. Boro, D., Nongpoh, B., Bhattacharyya, D.K.: Anomaly based intrusion detection using meta ensemble classifier. In: Proceedings of the 5th International Conference on Security of Information and Networks, SIN 2012, pp. 143–147 (2012). https://doi.org/10.1145/2388576.2388596

  35. de la Hoz, E., Ortiz, A., Ortega, J., de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble and non-linear projection techniques. In: Pan, J.-S., Polycarpou, M.M., Woźniak, M., de Carvalho, A.C.P.L.F., Quintián, H., Corchado, E. (eds.) HAIS 2013. LNCS (LNAI), vol. 8073, pp. 103–111. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40846-5_11

    Chapter  Google Scholar 

  36. Balon-Perin, A., Gambäck, B.: Ensembles of decision trees for network intrusion detection systems. Int. J. Adv. Secur. 6(1 & 2) (2013)

    Google Scholar 

  37. Masarat, S., Taheri, H., Sharifian, S.: A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems. In: Proceedings of the 4th International Conference on Computer and Knowledge Engineering, ICCKE 2014, pp. 165–170 (2014). https://doi.org/10.1109/ICCKE.2014.6993345

  38. Chaurasia, S., Jain, A.: Ensemble neural network and k-NN classifiers for intrusion detection. Int. J. Comput. Sci. Inf. Technol. 5(2), 2481–2485 (2014)

    Google Scholar 

  39. Tama, B.A., Rhee, K.H.: A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems. In: Advances in Computer Science and Ubiquitous Computing, vol. 373, pp. 489–495. Springer, Heidelberg (2015). https://doi.org/10.1007/978-981-10-0281-6_71

  40. Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging with partial decision tree base classifier. Procedia Comput. Sci. 49(1), 92–98 (2015). https://doi.org/10.1016/j.procs.2015.04.231

    Article  Google Scholar 

  41. Aburomman, A.A., Bin Ibne Reaz, M.: A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. J. 38, pp. 360–372 (2016). https://doi.org/10.1016/j.asoc.2015.10.011

  42. Elekar, K.S.: Combination of data mining techniques for intrusion detection system. In: IEEE International Conference on Computer Communication and Control, IC4 2015, pp. 1–5 (2016). https://doi.org/10.1109/IC4.2015.7375727

  43. Jabbar, M.A., Aluvalu, R., Reddy, S.S.: RFAODE: a novel ensemble intrusion detection system. Procedia Comput. Sci. 115, 226–234 (2017). https://doi.org/10.1016/j.procs.2017.09.129

    Article  Google Scholar 

  44. Timčenko, V., Gajin, S.: Ensemble classifiers for supervised anomaly based network intrusion detection. In: Proceedings - 2017 IEEE 13th International Conference on Intelligent Computer Communication and Processing, ICCP 2017, pp. 13–19 (2017). https://doi.org/10.1109/ICCP.2017.8116977

  45. Pham, N.T., Foo, E., Suriadi, S., Jeffrey, H., Lahza, H.F.M.: Improving performance of intrusion detection system using ensemble methods and feature selection. In: ACM International Conference Proceeding Series, p. 2 (2018). https://doi.org/10.1145/3167918.3167951

  46. Vinutha, H.P., Poornima, B.: An ensemble classifier approach on different feature selection methods for intrusion detection. In: Bhateja, V., Nguyen, B.L., Nguyen, N.G., Satapathy, S.C., Le, D.-N. (eds.) Information Systems Design and Intelligent Applications. AISC, vol. 672, pp. 442–451. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7512-4_44

    Chapter  Google Scholar 

  47. Salo, F., Nassif, A.B., Essex, A.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019). https://doi.org/10.1016/j.comnet.2018.11.010

    Article  Google Scholar 

  48. Sahu, S.K., Katiyar, A., Kumari, K.M., Kumar, G., Mohapatra, D.P.: An SVM-based ensemble approach for intrusion detection. Int. J. Inf. Technol. Web. Eng. 14(1), 66–84 (2019). https://doi.org/10.4018/IJITWE.2019010104

    Article  Google Scholar 

  49. Kunal, Dua, M.: Attribute selection and ensemble classifier based novel approach to intrusion detection system. Procedia Comput. Sci. 167, 2191–2199 (2020). https://doi.org/10.1016/j.procs.2020.03.271

  50. Andalib, A., Vakili, V.T.: An autonomous intrusion detection system using an ensemble of advanced learners. In: 2020 28th Iranian Conference on Electrical Engineering (ICEE), pp. 1–5 (2020). https://doi.org/10.1109/ICEE50131.2020.9260808

  51. Andrews, R., Diederich, J., Tickle, A.B.: Survey and critique of techniques for extracting rules from trained artificial neural networks. Knowl. Based Syst. 8(6), 373–389 (1995). https://doi.org/10.1016/0950-7051(96)81920-4

    Article  Google Scholar 

  52. Al-Aaraji, N., Al-Mamory, S., Al-Shakarchi, A.: Constructing decision rules from naive Bayes model for robust and low complexity classification. Int. J. Adv. Intell. Inf. 7(1), 76–88 (2021). https://doi.org/10.26555/ijain.v7i1.578

    Article  Google Scholar 

  53. Śnieżyński, B.: Converting a naive Bayes model into a set of rules. In: Kłopotek, M.A., Wierzchoń, S.T., Trojanowski, K. (eds.) Intelligent Information Processing and Web Mining, pp. 221–229. Springer, Heidelberg (2006). https://doi.org/10.1007/3-540-33521-8_22

  54. Holland, P.W., Bishop, Y.M., Fienberg, S.E.: Discrete Multivariate Analysis: Theory and Practice. The MIT Press (1977)

    Google Scholar 

  55. Bruha, I., Kockova, S.: Quality of decision rules: empirical and statistical approaches. Informatica 17, 233–243 (1993)

    Google Scholar 

  56. Michalski, R.S.: Pattern recognition as rule-guided inductive inference. IEEE Trans. Pattern Anal. Mach. Intell. 4, 349–361 (1980)

    Article  MATH  Google Scholar 

  57. Torgo, L.: Controlled redundancy in incremental rule learning. In: European Conference on Machine Learning, pp. 185–195 (1993)

    Google Scholar 

  58. Torgo, L.: Knowledge integration. In: Current Trends in Knowledge Acquisition, vol. 8, p. 90 (1990)

    Google Scholar 

  59. An, A., Cercone, N.: Rule quality measures for rule induction systems: description and evaluation. Comput. Intell. 17(3), 409–424 (2001). https://doi.org/10.1111/0824-7935.00154

    Article  Google Scholar 

  60. Clark, P., Niblett, T.: The CN2 induction algorithm. Mach. Learn. 3(4), 261–283 (1989)

    Article  Google Scholar 

  61. Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 37–46 (1960)

    Article  Google Scholar 

  62. Kononenko, I., Bratko, I.: Information-based evaluation criterion for classifier’s performance. Mach. Learn. 6(1), 67–80 (1991)

    Article  Google Scholar 

  63. Yao, Y.Y., Zhong, N.: An analysis of quantitative measures associated with rules. In: Zhong, N., Zhou, L. (eds.) PAKDD 1999. LNCS (LNAI), vol. 1574, pp. 479–488. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48912-6_64

    Chapter  Google Scholar 

  64. An, A., Cercone, N.: Rule quality measures improve the accuracy of rule induction: an experimental approach. In: Raś, Z.W., Ohsuga, S. (eds.) ISMIS 2000. LNCS (LNAI), vol. 1932, pp. 119–129. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-39963-1_13

    Chapter  MATH  Google Scholar 

  65. An, A., Cercone, N.: ELEM2: a learning system for more accurate classifications. In: Conference of the Canadian Society for Computational Studies of Intelligence, pp. 426–441 (1998)

    Google Scholar 

  66. Clark, P., Boswell, R.: Rule induction with CN2: some recent improvements. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 482. LNAI, pp. 151–163 (1991). https://doi.org/10.1007/BFb0017011

  67. Džeroski, S., Cestnik, B., Petrovski, I.: Using the m-estimate in rule induction. J. Comput. Inf. Technol. 1(1), 37–46 (1993)

    Google Scholar 

  68. Bagui, S.C.: Combining Pattern Classifiers: Methods and Algorithms, vol. 47, no. 4 (2005). https://doi.org/10.1198/tech.2005.s320

  69. Ghorbani, A.A., Sharafaldin, I., Lashkari, A.H.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116 (2018)

    Google Scholar 

  70. Gharib, A., Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: An evaluation framework for intrusion detection dataset. In: ICISS 2016 - 2016 International Conference on Information Science and Security, pp. 1–6 (2017). https://doi.org/10.1109/ICISSEC.2016.7885840

  71. Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., Janicke, H.: A novel hierarchical intrusion detection system based on decision tree and rules-based models. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233 (2018). http://arxiv.org/abs/1812.09059

  72. Frank, E., Hall, M.A., Witten, I.H.: The WEKA Workbench. Online Appendix for “Data Mining: Practical Machine Learning Tools and Techniques”, Morgan Kaufmann, Fourth Edition (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Collage of Information Technology, Ninevah University, Mosul, Iraq

    Ali H. Al-Shakarchi

  2. University of Babylon, Hillah, Iraq

    Nabeel H. Al-A’araji

  3. Collage of Business Informatics, University of Information Technology and Communications, Baghdad, Iraq

    Safaa O. Al-mamory

Authors
  1. Ali H. Al-Shakarchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nabeel H. Al-A’araji
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Safaa O. Al-mamory
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali H. Al-Shakarchi .

Editor information

Editors and Affiliations

  1. University of Information Technology and Communications, Baghdad, Iraq

    Abbas M. Al-Bakry

  2. University of Information Technology and Communications, Baghdad, Iraq

    Safaa O. Al-Mamory

  3. University of Information Technology and Communications, Baghdad, Iraq

    Mouayad A. Sahib

  4. University of Information Technology and Communications, Baghdad, Iraq

    Loay E. George

  5. University of Information Technology and Communications, Baghdad, Iraq

    Jaafar A. Aldhaibani

  6. University of Information Technology and Communications, Baghdad, Iraq

    Haitham S. Hasan

  7. Open University of Tanzania, Dar es Salaam, Tanzania

    George S. Oreku

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Shakarchi, A.H., Al-A’araji, N.H., Al-mamory, S.O. (2023). A Novel Ensemble Method for Network-Based Anomaly Intrusion Detection System. In: Al-Bakry, A.M., et al. New Trends in Information and Communications Technology Applications. NTICT 2022. Communications in Computer and Information Science, vol 1764. Springer, Cham. https://doi.org/10.1007/978-3-031-35442-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35442-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35441-0

  • Online ISBN: 978-3-031-35442-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation