Skip to main content

A Multi-objective Genetic Algorithm Based Approach for Effective Intrusion Detection Using Neural Networks

Part of the Studies in Computational Intelligence book series (SCI,volume 563)

Abstract

In this paper, a novel multi-objective genetic algorithm (MOGA) based approach is proposed for effective intrusion detection based on benchmark datasets. The proposed approach can generate a pool of non-inferior individual solutions and ensemble solutions thereof. The generated ensembles can be used to detect the intrusions accurately. For intrusion detection problem, the proposed MOGA based approach could consider conflicting objectives simultaneously like detection rate of each attack class, error rate, accuracy, diversity etc. The proposed approach can generate a pool of non-inferior solutions and their ensemble thereof having optimized trade-offs values of multiple conflicting objectives. In this paper, a three phase MOGA based approach is proposed to generate solutions with a simple chromosome design in first phase. In first phase, a Pareto front of non-inferior individual solutions is approximated. In the second phase of the proposed approach, entire solution set is further refined to determine effective ensemble solutions considering solution interaction. In this phase, another improved Pareto front of ensemble solutions over that of individual solutions is approximated. The ensemble solutions in improved Pareto front reported improved detection results based on benchmark datasets for intrusion detection. In third phase, a combination method like majority voting method is used to fuse the predictions of individual solutions for determining prediction of ensemble solution. Benchmark datasets namely KDD cup 1999 and ISCX 2012 dataset are used to demonstrate and validate the performance of the proposed approach for intrusion detection. The proposed approach can discover individual solutions and ensemble solutions thereof with good support and detection rate from benchmark datasets (in comparison with well-known ensemble methods like bagging and boosting). In addition, the proposed approach is a generalized classification approach that is applicable to the problem of any field having multiple conflicting objectives and a dataset can be represented in the form of labeled instances in terms of its features.

Keywords

  • False Positive Rate
  • Pareto Front
  • Intrusion Detection
  • Base Classifier
  • Benchmark Dataset

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-08624-8_8
  • Chapter length: 28 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   99.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-08624-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   129.99
Price excludes VAT (USA)
Hardcover Book
USD   169.99
Price excludes VAT (USA)
Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. Abraham, A., Thomas, J.: Distributed intrusion detection systems: a computational intelligence approach. Applications of Information Systems to Homeland Security and Defense, pp. 105–135. Idea Group Inc., Publishers, USA (2005)

    Google Scholar 

  2. Ahmadian, K., Golestani, A., Analoui, M., Jahed, M.: Evolving ensemble of classifiers in low-dimensional spaces using multi-objective evolutionary approach. In: Proceedings of 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS), pp. 217–222. IEEE (2007)

    Google Scholar 

  3. Ahmadian, K., Golestani, A., Mozayani, N., Kabiri, P.: A new multi-objective evolutionary approach for creating ensemble of classifiers. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics (ISIC), pp. 1031–1036. IEEE (2007)

    Google Scholar 

  4. Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Technical report (2000)

    Google Scholar 

  5. Bishop, C.: Pattern Recognition and Machine Learning, vol. 4. Springer, New York (2006)

    Google Scholar 

  6. Breiman, L.: Bias, variance, and arcing classifiers (technical report 460). Department of statistics. University of California at Berkeley (1996)

    Google Scholar 

  7. Brown, C., Cowperthwaite, A., Hijazi, A., Somayaji, A.: Analysis of the 1999 darpa/lincoln laboratory ids evaluation data with netadhict. In: Proceedings of IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp. 1–7. IEEE (2009)

    Google Scholar 

  8. Brugger, S.: Data mining methods for network intrusion detection. University of California at Davis (2004). www.citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.88.3127&rep=rep1&type=pdf

  9. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)

    CrossRef  Google Scholar 

  10. Chawla, N.: C4. 5 and imbalanced data sets: investigating the effect of sampling method, probabilistic estimate, and decision tree structure. In: Proceedings of the ICML Workshop on Learning from Imbalanced Datasets II, vol. 3 (2003)

    Google Scholar 

  11. Chebrolu, S., Abraham, A., Thomas, J.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)

    CrossRef  Google Scholar 

  12. Chen, Y., Abraham, A., Yang, B.: Hybrid flexible neural-tree-based intrusion detection systems. Int. J. Intell. Syst. 22(4), 337–352 (2007)

    CrossRef  MATH  Google Scholar 

  13. Coello, C.: An updated survey of ga-based multiobjective optimization techniques. ACM Comput. Surv. (CSUR) 32(2), 109–143 (2000)

    CrossRef  Google Scholar 

  14. Coello, C., et al.: A comprehensive survey of evolutionary-based multiobjective optimization techniques. Knowl. Inf. syst. 1(3), 129–156 (1999)

    Google Scholar 

  15. Corne, D., Jerram, N., Knowles, J., Oates, M., et al.: Pesa-ii: Region-based selection in evolutionary multiobjective optimization. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO’2001). Citeseer (2001)

    Google Scholar 

  16. Deb, K.: Multi-objective optimization. Multi-objective Optimization using Evolutionary Algorithms, pp. 13–46. Wiley, New York (2001)

    Google Scholar 

  17. Deb, K., Agrawal, S., Pratap, A., Meyarivan, T.: A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: Nsga-ii. Lect. Notes Comput. Sci. 1917, 849–858 (2000)

    CrossRef  Google Scholar 

  18. Deb, K., Anand, A., Joshi, D.: A computationally efficient evolutionary algorithm for real-parameter optimization. Evol. Comput. 10(4), 371–395 (2002)

    CrossRef  Google Scholar 

  19. Dietterich, T.: Ensemble methods in machine learning. Multiple Classifier Systems, pp. 1–15. Springer, Heidelberg (2000)

    Google Scholar 

  20. Dietterich, T., Bakiri, G.: Error-correcting output codes: a general method for improving multiclass inductive learning programs. In: Proceedings of Santa fe Institute Studies in the Sciences of Complexity, vol. 20, pp. 395–395. Citeseer (1994)

    Google Scholar 

  21. Dos Santos, E.M.: Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms. Ph.D. thesis, Montreal (2008)

    Google Scholar 

  22. Engen, V.: Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the kdd cup’99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data. Ph.D. thesis, Bournemouth University (2010)

    Google Scholar 

  23. Fung, K., Kwong, C., Siu, K., Yu, K.: A multi-objective genetic algorithm approach to rule mining for affective product design. Expert Syst. Appl. 39(8), 7411–7419 (2012)

    CrossRef  Google Scholar 

  24. Giacinto, G., Roli, F.: An approach to the automatic design of multiple classifier systems. Pattern Recogn. Lett. 22(1), 25–33 (2001)

    CrossRef  MATH  Google Scholar 

  25. Giannopoulos, N., Moulianitis, V., Nearchou, A.: Multi-objective optimization with fuzzy measures and its application to flow-shop scheduling. Eng. Appl. Artif. Intell. 25, 1381–1394 (2012)

    Google Scholar 

  26. Govindarajan, M., Chandrasekaran, R.: Intrusion detection using neural based hybrid classification methods. Comput. Netw. 55(8), 1662–1671 (2011)

    CrossRef  Google Scholar 

  27. Gu, G., Fogla, P., Dagon, D., Lee, W., Skorić, B.: Measuring intrusion detection capability: An information-theoretic approach. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 90–101. ACM (2006)

    Google Scholar 

  28. Hu, R., Damper, R.: A no panacea theorem for classifier combination. Pattern Recogn. 41(8), 2665–2673 (2008)

    CrossRef  MATH  Google Scholar 

  29. Ishibuchi, H., Nojima, Y.: Evolutionary multiobjective optimization for the design of fuzzy rule-based ensemble classifiers. Int. J. Hybrid Intell. Syst. 3(3), 129–145 (2006)

    MATH  Google Scholar 

  30. Jain, A., Duin, R., Mao, J.: Statistical pattern recognition: a review. IEEE Trans. Pattern Anal. Mach. Intell. 22(1), 4–37 (2000). doi:10.1109/34.824819

    CrossRef  Google Scholar 

  31. Jo, T., Japkowicz, N.: Class imbalances versus small disjuncts. ACM SIGKDD Explor. Newsl. 6(1), 40–49 (2004)

    CrossRef  MathSciNet  Google Scholar 

  32. KDD: Kdd cup 1999 dataset (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  33. Khreich, W., Granger, E., Miri, A., Sabourin, R.: Iterative boolean combination of classifiers in the roc space: an application to anomaly detection with hmms. Pattern Recogn. 43(8), 2732–2752 (2010)

    CrossRef  MATH  Google Scholar 

  34. Khreich, W., Granger, E., Miri, A., Sabourin, R.: Adaptive roc-based ensembles of hmms applied to anomaly detection. Pattern Recogn. 45(1), 208–230 (2012)

    CrossRef  Google Scholar 

  35. Kumar, G., Kumar, K.: Ai based supervised classifiers: an analysis for intrusion detection. In: Proceedings of International Conference on Advances in Computing and Artificial Intelligence, pp. 170–174. ACM (2011)

    Google Scholar 

  36. Kumar, G., Kumar, K.: A novel evaluation function for feature selection based upon information theory. In: Proceedings of 24th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 000,395–000,399. IEEE (2011)

    Google Scholar 

  37. Kumar, G., Kumar, K.: An information theoretic approach for feature selection. Secur. Commun. Networks 5(2), 178–185 (2012). doi:10.1002/sec.303

    CrossRef  Google Scholar 

  38. Kumar, G., Kumar, K.: The use of artificial-intelligence-based ensembles for intrusion detection: a review. Appl. Comput. Intell. Soft Comput. 2012, 1–20 (2012). doi:10.1155/2012/850160

    CrossRef  Google Scholar 

  39. Kumar, G., Kumar, K.: The use of multi-objective genetic algorithm based approach to create ensemble of ann for intrusion detection. Int. J. Intell. Sci. 2(24), 115–127 (2012). doi:10.4236/ijis.2012.224016

    CrossRef  Google Scholar 

  40. Kumar, G., Kumar, K., Sachdeva, M.: An empirical comparative analysis of feature reduction methods for intrusion detection. Int. J. Inf. Telecommun. Technol. 1(1), 44–51 (2010)

    Google Scholar 

  41. Kumar, G., Kumar, K., Sachdeva, M.: The use of artificial intelligence based techniques for intrusion detection: a review. Artif. Intell. Rev. 34(4), 369–387 (2010)

    CrossRef  Google Scholar 

  42. Kuncheva, L.I.: Combining pattern classifiers: methods and algorithms (kuncheva, li; 2004)[bibbookreview]. IEEE Trans. Neural Netw. 18(3), 964–964 (2007)

    CrossRef  Google Scholar 

  43. Lee, W., Stolfo, S., Mok, K.: Adaptive intrusion detection: a data mining approach. Artif. Intell. Rev. 14(6), 533–567 (2000)

    CrossRef  MATH  Google Scholar 

  44. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000)

    CrossRef  Google Scholar 

  45. Muda, Z., Yassin, W., Sulaiman, M., Udzir, N., et al.: A k-means and naive bayes learning approach for better intrusion detection. Inf. Technol. J. 10(3), 648–655 (2011)

    CrossRef  Google Scholar 

  46. Parrott, D., Li, X., Ciesielski, V.: Multi-objective techniques in genetic programming for evolving classifiers. In: Proceedings of IEEE Congress on Evolutionary Computation, vol. 2, pp. 1141–1148. IEEE (2005)

    Google Scholar 

  47. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007). doi:10.1016/j.comnet.2007.02.001. http://www.sciencedirect.com/science/article/pii/S138912860700062X

  48. Perdisci, R., Giacinto, G., Roli, F.: Alarm clustering for intrusion detection systems in computer networks. Eng. Appl. Artif. Intell. 19(4), 429–438 (2006)

    CrossRef  Google Scholar 

  49. Re, M., Valentini, G.: Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines. Neurocomputing 73(7–9), 1533–1537 (2010)

    CrossRef  Google Scholar 

  50. Sabhnani, M., Serpen, G.: Application of machine learning algorithms to kdd intrusion detection dataset within misuse detection context. In: Proceedings of International Conference on Machine Learning: Models, Technologies, and Applications, vol. 1, pp. 2009–215 (2003)

    Google Scholar 

  51. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)

    CrossRef  Google Scholar 

  52. Tavallaee, M.: An adaptive hybrid intrusion detection system. Ph.D. thesis, University of new brunswick (2011)

    Google Scholar 

  53. Tiwari, S.: Development and integration of geometric and optimization algorithms for packing and layout design. Ph.D. thesis, Clemson University (2009)

    Google Scholar 

  54. Tiwari, S., Fadel, G., Deb, K.: Amga2: improving the performance of the archive-based micro-genetic algorithm for multi-objective optimization. Eng. Optim. 43(4), 377–401 (2011)

    CrossRef  Google Scholar 

  55. Tiwari, S., Koch, P., Fadel, G., Deb, K.: Amga: an archive-based micro genetic algorithm for multi-objective optimization. In: Proceedings of Genetic and Evolutionary Computation conference (GECCO-2008), Atlanta, USA, pp. 729–736 (2008)

    Google Scholar 

  56. Toosi, A.N., Kahani, M.: A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput. Commun. 30(10), 2201–2212 (2007). doi:10.1016/j.comcom.2007.05.002. http://www.sciencedirect.com/science/article/pii/S0140366407001855

  57. Tsoumakas, G., Angelis, L., Vlahavas, I.: Selective fusion of heterogeneous classifiers. Intell. Data Anal. 9(6), 511–525 (2005)

    Google Scholar 

  58. Wang, G., Hao, J., Ma, J., Huang, L.: A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst. Appl. 37(9), 6225–6232 (2010)

    CrossRef  Google Scholar 

  59. Witten, I., Frank, E., Hall, M.: Data Mining: Practical Machine Learning Ttools and Techniques. Morgan Kaufmann, San Francisco (2011)

    Google Scholar 

  60. Wu, S., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)

    CrossRef  MATH  Google Scholar 

  61. Xiang, C., Yong, P., Meng, L.: Design of multiple-level hybrid classifier for intrusion detection system using bayesian clustering and decision trees. Pattern Recogn. Lett. 29(7), 918–924 (2008)

    CrossRef  Google Scholar 

  62. Zainal, A., Maarof, M., Shamsuddin, S., et al.: Ensemble classifiers for network intrusion detection system. J. Inf. Assur. Secur. 4, 217–225 (2009)

    Google Scholar 

  63. Zitzler, E., Deb, K., Thiele, L.: Comparison of multiobjective evolutionary algorithms: empirical results. Evol. Comput. 8(2), 173–195 (2000)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gulshan Kumar .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Kumar, G., Kumar, K. (2015). A Multi-objective Genetic Algorithm Based Approach for Effective Intrusion Detection Using Neural Networks. In: Yager, R., Reformat, M., Alajlan, N. (eds) Intelligent Methods for Cyber Warfare. Studies in Computational Intelligence, vol 563. Springer, Cham. https://doi.org/10.1007/978-3-319-08624-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08624-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08623-1

  • Online ISBN: 978-3-319-08624-8

  • eBook Packages: EngineeringEngineering (R0)