Abstract
An intrusion detection system is a security system that aims to detect sabotage and intrusions on networks to inform experts of the attack and abuse of the network. Different classification methods have been used in the intrusion detection systems such as fuzzy, genetic algorithms, decision trees, artificial neural networks, and support vector machines. Moreover, ensemble classifiers have shown more robust and effective performance for various tasks in the field. In this paper, we adopt ensemble models in order to improve the performance of intrusion detection and, at the same time, decrease the false alarm rate. We use kNN for multi-class classification, as well as SVM to approach the classification problem in normal-based detection. In order to combine multiple outputs, we use the Dempster–Shafer method in which there is the possibility of explicit retrieval of uncertainty. Moreover, we utilize deep learning for extracting features to train the samples, selected by the sample selection algorithm based on ensemble margin. We compare our results with state-of-the-art methods on benchmarking datasets such as UNSW-NB15, CICIDS2017, and NSL-KDD. Our proposed method indicates the superiority in terms of prominent metrics Accuracy, Precision, Recall, and F-measure.
Similar content being viewed by others
References
Aburomman AA, Reaz MB (2016) A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38:360–372
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31
Al-Enezi KA, Al-Shaikhli IF, Al-Kandari AR, Al-Tayyar LZ (2014) A survey of intrusion detection system using case study Kuwait governments entities. Int Conf Adv Comput Sci Appl Technol. https://doi.org/10.1109/ACSAT.2014.14
Aljawarneh S, Yassein MB, Aljundi M (2019) An enhanced J48 classication algorithm for the anomaly intrusion detection systems. Clust. Comput. 22(5):10549–10565. https://doi.org/10.1007/s10586-017-1109-8
Aloqaily M, Otoum S, Al Ridhawi I, Jararweh Y (2019) An Intrusion Detection System for Connected Vehicles in Smart Cities. In: Ad Hoc Networks. https://doi.org/10.1016/j.adhoc.2019.02.001
Anderson JP (1908) Computer security threat monitoring and surveillance. Int J Comput Sci Mob Comput
Breiman L (2001) Random forests. In: Machine learning, Pages 5–32
Breiman L (2017) Classification and regression trees. Routledge, NewYork
CICIDS2017dataset2018. https://www.unb.ca/cic/datasets/ids-2017.html/.AccessedJanuary2,2019
Cover T, Hart P (1967) Nearest neighbor pattern classification. EEE Trans Inf Theory 13:21–27. https://doi.org/10.1109/TIT.1967.1053964
Demšar (2006) Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res, Pages 1–30
Elmasry W, Akbulut A, Zaim AH (2020) Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput Netw 168. https://doi.org/10.1016/j.comnet.2019. 107042
El-Sappagh S, Mohammed AS, AlSheshtawy TA (2019) Classification procedures for intrusion detection based on KDD CUP 99 data set. Int J Netw Secur 11(3):41525–41550. https://doi.org/10.5121/ijnsa.2019.11302
Folino G, Pisani FS, Sabatino PA (2016) A distributed intrusion detection framework based on evolved specialized ensembles of classifiers. Appl Evol Comput 315–331
Gao X, Shan C, Hu C, Niu Z, Liu Z (2019) An adaptive ensemble machine learning model for intrusion detection. IEEE Access 7:82512–82521. https://doi.org/10.1109/ACCESS.2019.2923640
Gautam SK, Om H (2016) Anomaly detection system using entropy based technique. In: 1st international conference on next generation computing technologies (NGCT). https://doi.org/10.1109/NGCT.2015.7375219
Günther J, Pilarski PM, Helfrich G, Shen H, Diepold K (2016) Intelligent laser welding through representation, prediction, and control learning: an architecture with deep neural networks and reinforcement learning. Nature 34:1–11. https://doi.org/10.1016/j.mechatronics.2015.09.004
Hamidzadeh J, Monsefi R, Yazdi HS (2016) Large symmetric margin instance selection algorithm. Int J Mach Learn Cybernet 7.1:25–45
Hamidzadeh J, Moslemnejad S (2019) Identification of uncertainty and decision boundary for SVM classification training using belief function. Appl Intel 49
Javid M, Hamidzadeh J (2019) An active multi-class classifcation using privileged information and belief function. Int J Mach Learn Cybernet, 1–14. https://doi.org/10.1007/s13042-019-00991-w
Kaushik SS, Deshmukh PR (2011) Detection of attacks in an intrusion detection system. Int J Comput Sci Inf Technol 2:982–986
Keramati A, Jafari-Marandi R, Aliannejadi M, Ahmadian I, Mozaffari M, Abbasi U (2014) Improved churn prediction in telecommunication industry using data mining techniques. Appl Soft Comput 24:994–1012
Khonde SR, Ulagamuthalvi V (2019) Ensemble-based semi-supervised learning approach for a distributed intrusion detection system. J Cyber Secur Technol 3(3):163–188. https://doi.org/10.1080/23742917.2019.1623475
Kubat M (1999) Neural networks: a comprehensive foundation by Simon Haykin. The Knowl Eng Rev 13(4):409–412. https://doi.org/10.1017/S0269888998214044
Kumari VV, Varma PR (2017) A semi-supervised intrusion detection system using active learning SVM and fuzzy c-means clustering. Int Conf I- SMAC. https://doi.org/10.1109/I-SMAC.2017.8058397
LeCun Y, Bengio Y, Hinton G (2015) Deep learning. In: Nature, pages 436– 444
Li L, Zhang H, Peng H, Yang Y (2018) Nearest neighbors based density peaks approach to intrusion detection. Expert Syst Appl 110:33–40. https://doi.org/10.1016/j.chaos.2018.03.010
Liao Y, Vemuri VR (2002) Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448
Li W, Meng W, Kwok LF, Horace HS (2017) Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivitybased trust management model. J Netw Comput Appl 77:135–145
Lin WC, Ke SW, Tsai CF (2015) CANN. CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowledgebased Syst 78:13–21. https://doi.org/10.1016/j.knosys.2015.01.009
Ludwig SA (2019) Applying a Neural Network Ensemble to Intrusion Detection. J Artif Intel Soft Comput Res. https://doi.org/10.2478/jaiscr-2019-0002Openaccess
Moghaddam VH, Hamidzadeh J (2016) New Hermite orthogonal polynomial kernel and combined kernels in support vector machine classifier. Pattern Recogn 60:921–935
Moustafa N, Hu J, Slay J (2019) A holistic review of network anomaly detection systems: a comprehensive survey. J Netw Comput Appl 128:33–55
Murphy KP (2006) Naive bayes classifiers. In: Security and privacy issues in sensor networks and IoT 18
Naphade MR, Raut MP, Dande AA (2016) A review of intrusion detection system basic concepts. Int J Comput Sci Mob Comput 5(3):482–485
Park TJ, Chang JH (2018) Dempster-Shafer D2 theory for enhanced statistical modelbased voice activity detection. Comput Speech Language 47(3):47–58. https://doi.org/10.1016/j.csl.2017.07.0012
Platt J (1999) Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods. In: Advances in large margin classifiers
Saidi M, Bechar ME, Settouti N, Chikh MA (2018) Instances selection algorithm by ensemble margin. J Exp Theor Artif Intel 30(3):457–478. https://doi.org/10.1080/0952813X.2017.1409283
Schapire RE, Freund Y, Bartlett P, Lee WS (1998) Boosting the margin: a new explanation for the effectiveness of voting methods. Ann Stat 265):1651–1686
Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Netw 61:85–117. https://doi.org/10.1016/j.neunet.2014.09.003
Shafer G (1976) A mathematical theory of evidence. Princeton Universityy, London
Singh R, Kumar H, Singla RK (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Exp Syst Appl 42(22):8609–8624
Swami R, Dave M, Ranga V (2020) Voting-based intrusion detection framework for securing software-defined networks. In: Concurrency and computation: practice and experience
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: IEEE symposium on computational intelligence for security and defense applications, pages 53–58. https://doi.org/10.1109/CISDA.2009.53565284
UNSW-NB15dataset2017. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/.AccessedOctober19 (2018)
Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334
Vincent P, Larochelle H, Lajoie I, Bengio Y, Manzagol PA (2010) Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J Mach Learn Res, 3371–3408
Zabihi M, Jahan MV, Hamidzadeh J (2014) A density based clustering approach for web robot detection. In: 4th international conference on computer and knowledge engineering (ICCKE). https://doi.org/10.1109/ICCKE.2014.6993362
Zaman K, Rangavajhala S, McDonald MP, Mahadevan SA (2011) A probabilistic approach for representation of interval uncertainty. Reliab Eng Syst Saf 96:117–130. https://doi.org/10.1016/j.ress.2010.07.012
Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in internet of things. J Netw Comput Appl 84:25–37. https://doi.org/10.1016/j.jnca.2017.02.009
Zhang H, Huang L, Wu CQ, Li Z (2020) An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset. Comput Netw
Zhang Y, Liu B, Cai J, Zhang S (2017) Ensemble weighted extreme learning machine for imbalanced data classification based on differential evolution. Neur Comput Appl 28:259–267
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
All Authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors. Informed consent was obtained from all individual participants included in the study.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Yousefnezhad, M., Hamidzadeh, J. & Aliannejadi, M. Ensemble classification for intrusion detection via feature extraction based on deep Learning. Soft Comput 25, 12667–12683 (2021). https://doi.org/10.1007/s00500-021-06067-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-021-06067-8