Skip to main content
SpringerLink
Log in

A new hybrid approach for intrusion detection using machine learning methods

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

In this study, a hybrid and layered Intrusion Detection System (IDS) is proposed that uses a combination of different machine learning and feature selection techniques to provide high performance intrusion detection in different attack types. In the developed system, firstly data preprocessing is performed on the NSL-KDD dataset, then by using different feature selection algorithms, the size of the dataset is reduced. Two new approaches have been proposed for feature selection operation. The layered architecture is created by determining appropriate machine learning algorithms according to attack type. Performance tests such as accuracy, DR, TP Rate, FP Rate, F-Measure, MCC and time of the proposed system are performed on the NSL-KDD dataset. In order to demonstrate the performance of the proposed system, it is compared with the studies in the literature and performance evaluation is done. It has been shown that the proposed system has high accuracy and a low false positive rates in all attack types.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Deng R, Zhuang P, Liang H (2017) CCPA: Coordinated Cyber-physical attacks and countermeasures in smart grid. IEEE Trans Smart Grid 8(5):2420–2430

    Article  Google Scholar 

  2. Qi L, Dou W, Zhou Y, Yu J, Hu C (2015) A context-aware service evaluation approach over big data for cloud applications. IEEE Transactions on Cloud Computing. https://doi.org/10.1109/TCC.2015.2511764

  3. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722

    Article  Google Scholar 

  4. Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng SE-13(2):222–232

    Article  Google Scholar 

  5. Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv (CSUR) 48(1):12

    Article  Google Scholar 

  6. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):15

    Article  Google Scholar 

  7. Ertoz L, Kumar V, Lazarevic A, Srivastava J, Tan PN (2002) Data mining for network intrusion detection. In: Proceedings NSF workshop on next generation data mining, pp 21–30

  8. Liao HJ, Lin CHR, Lin YC, Tung KY (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24

    Article  Google Scholar 

  9. Wazid M, Das AK (2016) An efficient hybrid anomaly detection scheme using K-means clustering for wireless sensor networks. Wirel Pers Commun 90(4):1971–2000

    Article  Google Scholar 

  10. Aljawarneh S, Yassein MB, Aljundi M (2017) An enhanced j48 classification algorithm for the anomaly intrusion detection systems. Clust Comput:1–17. https://doi.org/10.1007/s10586-017-1109-8

  11. Guo C, Ping Y, Liu N, Luo SS (2016) A two-level hybrid approach for intrusion detection. Neurocomputing 214:391–400

    Article  Google Scholar 

  12. Singh R, Kumar H, Singla RK (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst Appl 42(22):8609–8624

    Article  Google Scholar 

  13. Chahal JK, Kaur A (2016) A hybrid approach based on classification and clustering for intrusion detection system. Int J Math Sci Comput 2(4):34–40

    Google Scholar 

  14. Saleh AI, Talaat FM, Labib LM (2017) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev:1–41. https://doi.org/10.1007/s10462-017-9567-1

  15. Elbasiony RM, Sallam EA, Eltobely TE, Fahmy MM (2013) A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng J 4(4):753– 762

    Article  Google Scholar 

  16. Ji SY, Jeong BK, Choi S, Jeong DH (2016) A multi-level intrusion detection method for abnormal network behaviors. J Netw Comput Appl 62:9–17

    Article  Google Scholar 

  17. Kim G, Lee S, Kim S (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41(4):1690–1700

    Article  MathSciNet  Google Scholar 

  18. Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Procedia Comput Sci 45:428–435

    Article  Google Scholar 

  19. Laftah Al-Yaseen W, Ali Othman Z, Nazri A, Zakree M (2015) Hybrid modified-means with C4. 5 for intrusion detection systems in Multiagent Systems. The Scientific World Journal

  20. Parsaei MR, Rostami SM, Javidan R (2016) A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset. Int J Adv Comput Sci Appl 7(6):20–25

    Google Scholar 

  21. Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058

    Article  Google Scholar 

  22. Yao H, Wang Q, Wang L, Zhang P, Li M, Liu Y (2017) An intrusion detection framework based on hybrid multi-level data mining. Int J Parallel Prog:1–19. https://doi.org/10.1007/s10766-017-0537-7

  23. Farid DM, Zhang L, Rahman CM, Hossain MA, Strachan R (2014) Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks. Expert Syst Appl 41(4):1937–1946

    Article  Google Scholar 

  24. Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303

    Article  Google Scholar 

  25. Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27(6):1669–1676

    Article  Google Scholar 

  26. Harb HM, Desuky AS (2011) Adaboost ensemble with genetic algorithm post optimization for intrusion detection. Int J Comput Sci Issues (IJCSI) 8(5):28

    Google Scholar 

  27. Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184

    Article  Google Scholar 

  28. Manickam M, Rajagopalan SP (2018) A hybrid multi-layer intrusion detection system in cloud. Clust Comput:1–9. https://doi.org/10.1007/s10586-018-2557-5

  29. Vimala S, Khanaa V, Nalini C (2018) A study on supervised machine learning algorithm to improvise intrusion detection systems for mobile ad hoc networks. Clust Comput:1–10. https://doi.org/10.1007/s10586-018-2686-x

  30. Ashfaq RAR, Wang XZ, Huang JZ, Abbas H, He YL (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci 378:484–497

    Article  Google Scholar 

  31. Ghosh P, Debnath C, Metia D, Dutta DR (2014) An efficient hybrid multilevel intrusion detection system in cloud environment. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN, 2278-0661

  32. Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34(18):2227–2235

    Article  Google Scholar 

  33. Balamurugan V, Saravanan R (2017) Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation. Clust Comput:1–13. https://doi.org/10.1007/s10586-017-1187-7

  34. Benmessahel I, Xie K, Chellal M (2017) A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl Intell 48:2315–2327. https://doi.org/10.1007/s10489-017-1085-y

    Article  Google Scholar 

  35. Yang C (2018) Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Clust Comput:1–9. https://doi.org/10.1007/s10586-018-1755-5 https://doi.org/10.1007/s10586-018-1755-5

  36. Feng W, Zhang Q, Hu G, Huang JX (2014) Mining network data for intrusion detection through combining SVMs with ant colony networks. Futur Gener Comput Syst 37:127–140

    Article  Google Scholar 

  37. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424–430

    Article  Google Scholar 

  38. Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232

    Article  Google Scholar 

  39. Wang Y, Feng L (2018) Hybrid feature selection using component co-occurrence based feature relevance measurement. Expert Syst Appl 102:83–99

    Article  Google Scholar 

  40. Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128

    Article  Google Scholar 

  41. Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34(4):1184–1199

    Article  Google Scholar 

  42. Manzoor I, Kumar N (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249–257

    Article  Google Scholar 

  43. Madbouly AI, Gody AM, Barakat TM (2014) Relevant feature selection model using data mining for intrusion detection system. arXiv:1403.7726

  44. Zhang F, Wang D (2013) An effective feature selection approach for network intrusion detection. In: 2013 IEEE eighth international conference on networking, architecture and storage (NAS). IEEE, pp 307–311

  45. Pervez MS, Farid DM (2014) Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: 2014 8th international conference on software, knowledge, information management and applications (SKIMA). IEEE, pp 1–6

  46. Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65(10):2986–2998

    Article  MathSciNet  MATH  Google Scholar 

  47. Kang SH, Kim KJ (2016) A feature selection approach to find optimal feature subsets for the network intrusion detection system. Clust Comput 19(1):325–333

    Article  Google Scholar 

  48. Beulah JR, Punithavathani DS (2018) A hybrid feature selection method for improved detection of Wired/Wireless network intrusions. Wirel Pers Commun 98(2):1853–1869

    Article  Google Scholar 

  49. Bhattacharya S, Selvakumar S (2016) Multi-measure multi-weight ranking approach for the identification of the network features for the detection of DoS and Probe attacks. The Comput J 59(6):923–943

    Article  Google Scholar 

  50. Bajaj K, Arora A (2013) Dimension reduction in intrusion detection features using discriminative machine learning approach. Int J Comput Sci Issues (IJCSI) 10(4):324

    Google Scholar 

  51. Osanaiye O, Cai H, Choo KKR, Dehghantanha A, Xu Z, Dlodlo M (2016) Ensemble-based multi-filter feature selection method for DDos detection in cloud computing. EURASIP J Wirel Commun Netw 2016 (1):130

    Article  Google Scholar 

  52. Sethuramalingam S, Naganathan ER (2011) Hybrid feature selection for network intrusion. Int J Comput Sci Eng 3(5):1773–1780

    Google Scholar 

  53. Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21(6):1185–1190

    Article  Google Scholar 

  54. De la Hoz E, de la Hoz E, Ortiz A, Ortega J, Martínez-Álvarez A (2014) Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps. Knowl-Based Syst 71:322–338

    Article  Google Scholar 

  55. Eesa AS, Orman Z, Brifcani AMA (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 42(5):2670–2679

    Article  Google Scholar 

  56. Lin SW, Ying KC, Lee CY, Lee ZJ (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12(10):3285–3290

    Article  Google Scholar 

  57. Online The KDD CUP 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed July 2018

  58. Online KDD-NSL Dataset (2009). http://nsl.cs.unb.ca/NSL-KDD/. Accessed July 2018

  59. Scott SL (2004) A Bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45 (1):69–83

    Article  MathSciNet  MATH  Google Scholar 

  60. Mladenic D, Grobelnik M (1999) Feature selection for unbalanced class distribution and naive bayes. In: ICML, vol 99, pp 258–267

  61. Breiman L (2001) Random forests. Mach L 45(1):5–32

    Article  MATH  Google Scholar 

  62. Alsubhi K, Aib I, Boutaba R (2012) FuzMet: A fuzzy-logic based alert prioritization engine for intrusion detection systems. Int J Netw Manag 22(4):263–284

    Article  Google Scholar 

  63. Quinlan RC (1993) 4.5: Programs For machine learning. Morgan Kaufmann Publishers Inc, San Francisco

    Google Scholar 

  64. Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, vol 26, pp 368–381

  65. Zhang Z, Shen H (2005) Application of online-training SVMs for real-time intrusion detection with different considerations. Comput Commun 28(12):1428–1442

    Article  Google Scholar 

  66. Denoeux T (1995) A k-nearest neighbor classification rule based on Dempster-Shafer theory. IEEE Trans Syst Man Cybern 25(5):804–813

    Article  Google Scholar 

  67. Hartigan JA, Wong MA (1979) Algorithm AS 136: a k-means clustering algorithm. J Royal Stat Soc Ser C (Appl Stat) 28(1):100–108

    MATH  Google Scholar 

  68. Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier, New York

    MATH  Google Scholar 

  69. Alpaydin E (2014) Introduction to machine learning. MIT Press, Cambridge

    MATH  Google Scholar 

  70. Rodriguez-Galiano VF, Ghimire B, Rogan J, Chica-Olmo M, Rigol-Sanchez JP (2012) An assessment of the effectiveness of a random forest classifier for land-cover classification. ISPRS J Photogramm Remote Sens 67:93–104

    Article  Google Scholar 

  71. Malekipirbazari M, Aksakalli V (2015) Risk assessment in social lending via random forests. Expert Syst Appl 42(10):4621–4631

    Article  Google Scholar 

  72. Kotsiantis SB, Zaharakis ID, Pintelas PE (2006) Machine learning: a review of classification and combining techniques. Artif Intell Rev 26(3):159–190

    Article  Google Scholar 

  73. Sill J, Takács G, Mackey L, Lin D (2009) Feature-weighted linear stacking. arXiv:http://arXiv.org/abs/0911.0460

  74. Opitz D, Maclin R (1999) Popular ensemble methods: an empirical study. J Artif Intell Res 11:169–198

    Article  MATH  Google Scholar 

  75. Wang G, Hao J, Ma J, Jiang H (2011) A comparative assessment of ensemble learning for credit scoring. Expert Syst Appl 38(1):223–230

    Article  Google Scholar 

  76. Hall MA, Smith LA (1998) Practical feature subset selection for machine learning. In Computer science’98 proceedings of the 21st Australasian computer science conference ACSC, vol 98, pp 181–191

  77. Almuallim H, Dietterich TG (1991) Efficient algorithms for identifying relevant features. In: Proceedings of the 9th Canadian conference on artificial intelligence, pp 38–45

  78. Kira K, Rendell LA (1992) The feature selection problem: Traditional methods and a new algorithm. In: AAAI, vol 2, pp 129–134

  79. Das S (2001) Filters, wrappers and a boosting-based hybrid for feature selection. In: Icml, vol 1, pp 74–81

  80. Liu H, Yu L (2005) Toward integrating feature selection algorithms for classification and clustering. IEEE Trans Knowl Data Eng 17(4):491–502

    Article  Google Scholar 

  81. Chandrashekar G, Sahin F (2014) A survey on feature selection methods. Comput Electr Eng 40(1):16–28

    Article  Google Scholar 

  82. Jantawan B, Tsai CF (2014) A comparison of filter and wrapper approaches with data mining techniques for categorical variables selection. Int J Innov Res Comput Commun Eng 2(6):4501–4508

    Google Scholar 

  83. Naseriparsa M, Bidgoli AM, Varaee T (2014) A hybrid feature selection method to improve performance of a group of classification algorithms. arXiv:1403.2372

  84. John GH, Kohavi R, Pfleger K (1994) Irrelevant features and the subset selection problem. In: Machine learning proceedings, vol 1994, pp 121–129

  85. Chou TS, Yen KK, Luo J (2008) Network intrusion detection design using feature selection of soft computing paradigms. Int J Comput Intell 4(3):196–208

    Google Scholar 

  86. Selvakuberan K, Indradevi M, Rajaram R (2008) Combined Feature Selection and classification–A novel approach for the categorization of web pages. J Inf Comput Sci 3(2):083–089

    Google Scholar 

  87. Kohavi R, John GH (1997) Wrappers for feature subset selection. Artif Intell 97(1-2):273–324

    Article  MATH  Google Scholar 

  88. Rodriguez JD, Perez A, Lozano JA (2010) Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Trans Pattern Anal Mach Intell 32(3):569–575

    Article  Google Scholar 

  89. Kittler J, Hatef M, Duin RP, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Intell 20(3):226–239

    Article  Google Scholar 

  90. Japkowicz N, Shah M (2011) Evaluating learning algorithms: a classification perspective. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  91. Patil TR, Sherekar SS (2013) Performance analysis of Naive Bayes and J48 classification algorithm for data classification. Int J Comput Sci Appl 6(2):256–261

    Google Scholar 

  92. Deng X, Liu Q, Deng Y, Mahadevan S (2016) An improved method to construct basic probability assignment based on the confusion matrix for classification problem. Inf Sci 340:250– 261

    Article  Google Scholar 

  93. Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems—A survey. Appl Soft Comput 11(7):4349–4365

    Article  Google Scholar 

  94. Liu Y, Cheng J, Yan C, Wu X, Chen F (2015) Research on the Matthews correlation coefficients metrics of personalized recommendation algorithm evaluation. Int J Hybrid Inf Technol 8(1):163–172

    Article  Google Scholar 

  95. Online.Weka Data Mining Tool. https://www.cs.waikato.ac.nz/ml/weka/. Accessed July 2018

  96. Holmes G, Donkin A, Witten IH (1994) Weka: A machine learning workbench. In: 1994. Proceedings of the 1994 second Australian and New Zealand conference on intelligent information systems. IEEE, pp 357–361

  97. Luo B, Xia J (2014) A novel intrusion detection system based on feature generation with visualization strategy. Expert Syst Appl 41(9):4139–4147

    Article  MathSciNet  Google Scholar 

  98. Lin WC, Ke SW, Tsai CF (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl-Based Syst 78:13–21

    Article  Google Scholar 

  99. Liang H (2014) An improved intrusion detection based on neural network and fuzzy algorithm. J Netw 9 (5):1274

    Google Scholar 

  100. Hoque MS, Mukit M, Bikas M, Naser A (2012) An implementation of intrusion detection system using genetic algorithm. arXiv:1204.1336

  101. Horng SJ, Su MY, Chen YH, Kao TW, Chen RJ, Lai JL, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38(1):306–313

    Article  Google Scholar 

  102. Hwang TS, Lee TJ, Lee YJ (2007) A three-tier IDS via data mining approach. In: Proceedings of the 3rd annual ACM workshop on mining network data. ACM, pp 1–6

  103. Kuang L, Zulkernine M (2008) An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings of the 2008 ACM symposium on applied computing. ACM, pp 921–926

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Sakarya University, Serdivan, Sakarya, 54187, Turkey

    Ünal Çavuşoğlu

Authors
  1. Ünal Çavuşoğlu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ünal Çavuşoğlu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Çavuşoğlu, Ü. A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49, 2735–2761 (2019). https://doi.org/10.1007/s10489-018-01408-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-018-01408-x

Keywords

Search

Navigation