Abstract
Anomaly intrusion detection technologies are essential for network and computer security as the threat gets more serious yearly. Ensemble learning techniques are promising machine learning methods in anomaly detection that aim to produce multiple models and combine their output in a specific manner to obtain a perfect attack detection. However, it’s still difficult to choose an appropriate ensemble method for a particular dataset. This research is conducted on entry-disciplinary concept in which the knowledge is transferred between network security and machine learning. Thus, the problematic of anomaly detection in network traffic is considered, and two novel ensemble methods for anomaly detection is presented. In both methods, the decision rule (henceforth, Rule-set) which is extracted from two different families of classifiers Naïve Bayes and decision tree J48 will be used as an ensemble constitute classifiers. In the first method, a set of Rule Evaluation Metrics (henceforth, REMs) extracted from Rule-sets will be used for combining classifiers and solving rules conflict whenever occurred. While in the second method the paper presents a novel stacking approach as follows: a cover property of Rule-sets will be utilized to re-encode training instances and produce metadata set that is used for training a meta-level classifier which produces the ultimate result. The evaluation of the proposed methods will be conducted on CICIDS2017 dataset in a term of detection rate, execution time, false alarm rate, accuracy, and other interesting measures. The experimental results show attests their superiority of accuracy that reaches 99.8630% and 99.8642% for first and second methods respectively and lower execution time for both methods especially for the second proposed method, which is (0.25 s).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The proposed IDSs have been implemented using java with JDK.13 run on pc machine with intel processor Core™ i5 2410M,2.30 GZ, 4 GB RAM, and under Window7.
- 2.
Weka [72] tool has been used to conduct the experiments of original Voting and Stacking methods.
References
Lin, W.C., Ke, S.W., Tsai, C.F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based. Syst. 78(1), 13–21 (2015). https://doi.org/10.1016/j.knosys.2015.01.009
Elbasiony, R.M., Sallam, E.A., Eltobely, T.E., Fahmy, M.M.: A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng. J. 4(4), 753–762 (2013). https://doi.org/10.1016/j.asej.2013.01.003
Chen, Y., Abraham, A., Yang, B.: Hybrid flexible neural-tree-based intrusion detection systems. Int. J. Intell. Syst. 22(4), 337–352 (2007). https://doi.org/10.1002/int.20203
Folino, G., Pizzuti, C., Spezzano, G.: An ensemble-based evolutionary framework for coping with distributed intrusion detection. Genet. Program Evolvable Mach. 11(2), 131–146 (2010). https://doi.org/10.1007/s10710-010-9101-6
Garg, S., Batra, S.: A novel ensembled technique for anomaly detection. Int. J. Commun. Syst. 30(11), e3248 (2017). https://doi.org/10.1002/dac.3248
Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms. Chapman and Hall/CRC (2012). https://doi.org/10.1201/b12207
Kittler, J., Hatef, M., Duin, R.P.W., Matas, J.: On combining classifiers. IEEE Trans. Pattern Anal. Mach. Intell. 20(3), 226–239 (1998). https://doi.org/10.1109/34.667881
Mohammad, M.N., Sulaiman, N., Muhsin, O.A.: A novel intrusion detection system by using intelligent data mining in WEKA environment. Procedia Comput. Sci. 3, 1237–1242 (2011). https://doi.org/10.1016/j.procs.2010.12.198
Ni, X., He, D., Ahmad, F.: Practical network anomaly detection using data mining techniques. VFAST Trans. Softw. Eng. 9(2), 1 (2016). https://doi.org/10.21015/vtse.v9i2.403
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007). https://doi.org/10.1016/j.comnet.2007.02.001
Mannila, H., Smyth, P., Hand, D.J.: Principles of data mining MIT press. In: A Comprehensive, Highlytechnical Look at the Math and Science Behind Extracting Useful Information from Large Databases, vol. 546 (2000)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network traffic anomaly detection techniques and systems. In: Network Traffic Anomaly Detection and Prevention. CCN, pp. 115–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65188-0_4
Roesch, M.: Snort – lightweight intrusion detection for networks. Lisa 99(1), 229–238 (2015)
Folino, G., Sabatino, P.: Ensemble based collaborative and distributed intrusion detection systems: a survey. J. Netw. Comput. Appl. 66, 1–16 (2016). https://doi.org/10.1016/j.jnca.2016.03.011
Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd ed. Elsevier (2012). https://doi.org/10.1016/C2009-0-61819-5
Dasarathy, B.V., Sheela, B.V.: A composite classifier system design: concepts and methodology. Proc. IEEE 67(5), 708–713 (1979). https://doi.org/10.1109/PROC.1979.11321
Hansen, P., Salamon, L.K.: Neural network ensembles. IEEE Trans. Pattern Anal. Mach. Intell. 12(10), 993–1001 (1990)
Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990). https://doi.org/10.1023/A:1022648800760
Polikar, R.: Ensemble based systems in decision making. IEEE Circuits Syst. Mag. 6(3), 21–44 (2006). https://doi.org/10.1109/MCAS.2006.1688199
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network Traffic Anomaly Detection and Prevention: Concepts, Techniques, and Tools. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65188-0
Tan, P.-N., Steinbach, M., Kumar, V.: Pang-Ning Tan - Introduction to Data Mining (2006). https://doi.org/10.1152/ajpgi.1999.276.5.G1279
Syarif, I., Zaluska, E., Prugel-Bennett, A., Wills, G.: Application of bagging, boosting and stacking to intrusion detection. In: Perner, P. (ed.) MLDM 2012. LNCS (LNAI), vol. 7376, pp. 593–602. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31537-4_46
Woźniak Michałand Graña, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Inf. Fusion 16(1), 3–17 (2014). https://doi.org/10.1016/j.inffus.2013.04.006
Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recogn. Lett. 24(12), 1795–1803 (2003). https://doi.org/10.1016/S0167-8655(03)00004-7
Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009). https://doi.org/10.1016/j.comnet.2008.11.011
Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004). https://doi.org/10.1023/B:AIRE.0000045502.10941.a9
Markou, M., Singh, S.: Novelty detection: a review_part 1: statistical approaches. Signal Process. 83(12), 2481–2497 (2003)
Song, J., Takakura, H., Okabe, Y., Kwon, Y.: Unsupervised anomaly detection based on clustering and multiple one-class SVM. IEICE Trans. Commun. E92-B(6), 1981–1990 (2009). https://doi.org/10.1587/transcom.E92.B.1981
Chou, T.-S.S., Fan, J., Fan, S., Makki, K.: Ensemble of machine learning algorithms for intrusion detection. In: IEEE International Conference on Systems, Man and Cybernetics, pp. 3976–3980 (2009). https://doi.org/10.1109/ICSMC.2009.5346669
Liu, G., Chen, W., Hu, F.: A neural network ensemble based method for detecting computer virus. In: 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering, CMCE 2010, vol. 1, pp. 391–393 (2010). https://doi.org/10.1109/CMCE.2010.5610520
Govindarajan, M., Chandrasekaran, R.: Intrusion detection using neural based hybrid classification methods. Comput. Netw. 55(8), 1662–1671 (2011). https://doi.org/10.1016/j.comnet.2010.12.008
Raj Kumar, P.A., Selvakumar, S.: Distributed denial of service attack detection using an ensemble of neural classifier. Comput. Commun. 34(11), 1328–1341 (2011). https://doi.org/10.1016/j.comcom.2011.01.012
Sindhu, S.S.S., Geetha, S., Kannan, A.: Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst. Appl. 39(1), 129–141 (2012)
Boro, D., Nongpoh, B., Bhattacharyya, D.K.: Anomaly based intrusion detection using meta ensemble classifier. In: Proceedings of the 5th International Conference on Security of Information and Networks, SIN 2012, pp. 143–147 (2012). https://doi.org/10.1145/2388576.2388596
de la Hoz, E., Ortiz, A., Ortega, J., de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble and non-linear projection techniques. In: Pan, J.-S., Polycarpou, M.M., Woźniak, M., de Carvalho, A.C.P.L.F., Quintián, H., Corchado, E. (eds.) HAIS 2013. LNCS (LNAI), vol. 8073, pp. 103–111. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40846-5_11
Balon-Perin, A., Gambäck, B.: Ensembles of decision trees for network intrusion detection systems. Int. J. Adv. Secur. 6(1 & 2) (2013)
Masarat, S., Taheri, H., Sharifian, S.: A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems. In: Proceedings of the 4th International Conference on Computer and Knowledge Engineering, ICCKE 2014, pp. 165–170 (2014). https://doi.org/10.1109/ICCKE.2014.6993345
Chaurasia, S., Jain, A.: Ensemble neural network and k-NN classifiers for intrusion detection. Int. J. Comput. Sci. Inf. Technol. 5(2), 2481–2485 (2014)
Tama, B.A., Rhee, K.H.: A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems. In: Advances in Computer Science and Ubiquitous Computing, vol. 373, pp. 489–495. Springer, Heidelberg (2015). https://doi.org/10.1007/978-981-10-0281-6_71
Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging with partial decision tree base classifier. Procedia Comput. Sci. 49(1), 92–98 (2015). https://doi.org/10.1016/j.procs.2015.04.231
Aburomman, A.A., Bin Ibne Reaz, M.: A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. J. 38, pp. 360–372 (2016). https://doi.org/10.1016/j.asoc.2015.10.011
Elekar, K.S.: Combination of data mining techniques for intrusion detection system. In: IEEE International Conference on Computer Communication and Control, IC4 2015, pp. 1–5 (2016). https://doi.org/10.1109/IC4.2015.7375727
Jabbar, M.A., Aluvalu, R., Reddy, S.S.: RFAODE: a novel ensemble intrusion detection system. Procedia Comput. Sci. 115, 226–234 (2017). https://doi.org/10.1016/j.procs.2017.09.129
Timčenko, V., Gajin, S.: Ensemble classifiers for supervised anomaly based network intrusion detection. In: Proceedings - 2017 IEEE 13th International Conference on Intelligent Computer Communication and Processing, ICCP 2017, pp. 13–19 (2017). https://doi.org/10.1109/ICCP.2017.8116977
Pham, N.T., Foo, E., Suriadi, S., Jeffrey, H., Lahza, H.F.M.: Improving performance of intrusion detection system using ensemble methods and feature selection. In: ACM International Conference Proceeding Series, p. 2 (2018). https://doi.org/10.1145/3167918.3167951
Vinutha, H.P., Poornima, B.: An ensemble classifier approach on different feature selection methods for intrusion detection. In: Bhateja, V., Nguyen, B.L., Nguyen, N.G., Satapathy, S.C., Le, D.-N. (eds.) Information Systems Design and Intelligent Applications. AISC, vol. 672, pp. 442–451. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7512-4_44
Salo, F., Nassif, A.B., Essex, A.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019). https://doi.org/10.1016/j.comnet.2018.11.010
Sahu, S.K., Katiyar, A., Kumari, K.M., Kumar, G., Mohapatra, D.P.: An SVM-based ensemble approach for intrusion detection. Int. J. Inf. Technol. Web. Eng. 14(1), 66–84 (2019). https://doi.org/10.4018/IJITWE.2019010104
Kunal, Dua, M.: Attribute selection and ensemble classifier based novel approach to intrusion detection system. Procedia Comput. Sci. 167, 2191–2199 (2020). https://doi.org/10.1016/j.procs.2020.03.271
Andalib, A., Vakili, V.T.: An autonomous intrusion detection system using an ensemble of advanced learners. In: 2020 28th Iranian Conference on Electrical Engineering (ICEE), pp. 1–5 (2020). https://doi.org/10.1109/ICEE50131.2020.9260808
Andrews, R., Diederich, J., Tickle, A.B.: Survey and critique of techniques for extracting rules from trained artificial neural networks. Knowl. Based Syst. 8(6), 373–389 (1995). https://doi.org/10.1016/0950-7051(96)81920-4
Al-Aaraji, N., Al-Mamory, S., Al-Shakarchi, A.: Constructing decision rules from naive Bayes model for robust and low complexity classification. Int. J. Adv. Intell. Inf. 7(1), 76–88 (2021). https://doi.org/10.26555/ijain.v7i1.578
Śnieżyński, B.: Converting a naive Bayes model into a set of rules. In: Kłopotek, M.A., Wierzchoń, S.T., Trojanowski, K. (eds.) Intelligent Information Processing and Web Mining, pp. 221–229. Springer, Heidelberg (2006). https://doi.org/10.1007/3-540-33521-8_22
Holland, P.W., Bishop, Y.M., Fienberg, S.E.: Discrete Multivariate Analysis: Theory and Practice. The MIT Press (1977)
Bruha, I., Kockova, S.: Quality of decision rules: empirical and statistical approaches. Informatica 17, 233–243 (1993)
Michalski, R.S.: Pattern recognition as rule-guided inductive inference. IEEE Trans. Pattern Anal. Mach. Intell. 4, 349–361 (1980)
Torgo, L.: Controlled redundancy in incremental rule learning. In: European Conference on Machine Learning, pp. 185–195 (1993)
Torgo, L.: Knowledge integration. In: Current Trends in Knowledge Acquisition, vol. 8, p. 90 (1990)
An, A., Cercone, N.: Rule quality measures for rule induction systems: description and evaluation. Comput. Intell. 17(3), 409–424 (2001). https://doi.org/10.1111/0824-7935.00154
Clark, P., Niblett, T.: The CN2 induction algorithm. Mach. Learn. 3(4), 261–283 (1989)
Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 37–46 (1960)
Kononenko, I., Bratko, I.: Information-based evaluation criterion for classifier’s performance. Mach. Learn. 6(1), 67–80 (1991)
Yao, Y.Y., Zhong, N.: An analysis of quantitative measures associated with rules. In: Zhong, N., Zhou, L. (eds.) PAKDD 1999. LNCS (LNAI), vol. 1574, pp. 479–488. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48912-6_64
An, A., Cercone, N.: Rule quality measures improve the accuracy of rule induction: an experimental approach. In: Raś, Z.W., Ohsuga, S. (eds.) ISMIS 2000. LNCS (LNAI), vol. 1932, pp. 119–129. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-39963-1_13
An, A., Cercone, N.: ELEM2: a learning system for more accurate classifications. In: Conference of the Canadian Society for Computational Studies of Intelligence, pp. 426–441 (1998)
Clark, P., Boswell, R.: Rule induction with CN2: some recent improvements. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 482. LNAI, pp. 151–163 (1991). https://doi.org/10.1007/BFb0017011
Džeroski, S., Cestnik, B., Petrovski, I.: Using the m-estimate in rule induction. J. Comput. Inf. Technol. 1(1), 37–46 (1993)
Bagui, S.C.: Combining Pattern Classifiers: Methods and Algorithms, vol. 47, no. 4 (2005). https://doi.org/10.1198/tech.2005.s320
Ghorbani, A.A., Sharafaldin, I., Lashkari, A.H.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116 (2018)
Gharib, A., Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: An evaluation framework for intrusion detection dataset. In: ICISS 2016 - 2016 International Conference on Information Science and Security, pp. 1–6 (2017). https://doi.org/10.1109/ICISSEC.2016.7885840
Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., Janicke, H.: A novel hierarchical intrusion detection system based on decision tree and rules-based models. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233 (2018). http://arxiv.org/abs/1812.09059
Frank, E., Hall, M.A., Witten, I.H.: The WEKA Workbench. Online Appendix for “Data Mining: Practical Machine Learning Tools and Techniques”, Morgan Kaufmann, Fourth Edition (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Al-Shakarchi, A.H., Al-A’araji, N.H., Al-mamory, S.O. (2023). A Novel Ensemble Method for Network-Based Anomaly Intrusion Detection System. In: Al-Bakry, A.M., et al. New Trends in Information and Communications Technology Applications. NTICT 2022. Communications in Computer and Information Science, vol 1764. Springer, Cham. https://doi.org/10.1007/978-3-031-35442-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-35442-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35441-0
Online ISBN: 978-3-031-35442-7
eBook Packages: Computer ScienceComputer Science (R0)