Abstract
Due to the widespread of Internet services, all around the world, service providers are facing a major problem defending their systems, especially from new breaches and attacks. Network Intrusion Detection System (NIDS) analyzes network packets and reports low-level security violations to system administrators. In large networks, these reports become unmanageable. Moreover, state-of-the-art systems suffer from high false alarms. A NIDS should be anomaly-based to have the ability to discover zero-day attacks. Most NIDSs proposed by researchers that were based on such techniques suffered from high false alarms. This paper introduces an intelligent lightweight IDS that has a low false alarm rate while maintaining a high detection rate. The proposed NIDS is a fusion between two main subsystems that work in parallel. Each subsystem is trained using One-Class Support Vector Machine (OCSVM). One of the systems is trained over normal packets, while the other is trained over attack packets. The results of both subsystems are combined to give a good judgment for each packet that passes through the network. The proposed NIDS has been evaluated and compared with state-of-the-art systems using three popular IDS datasets (KDDCUP-99, NSL-KDD, and UNSW-NB15) in terms of detection rate, accuracy, f-measure and false alarms. The results show that the proposed NIDS outperformed the examined IDSs proposed by the previous researches.
Similar content being viewed by others
References
Abdiansah A, Wardoyo R (2015) Time complexity analysis of support vector machines (svm) in libsvm. Int J Comput Appl 128:28–34
Aggarwal A, Sahay T, Bansal A, Chandra M (2015) Grid search analysis of nu-svc for text-dependent speaker-identification. In: 2015 Annual IEEE india conference (INDICON). IEEE, pp 1–5
Al-Azzam S, Sharieh A, Al-Sharaeh S, Azzam N (2020) A data estimation for failing nodes using fuzzy logic with integrated microcontroller in wireless sensor networks. Int J Electric Comput Eng (2088-8708) 10
Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Syst Appl 67:296–303
Alazzam H, Alsmady A, Shorman AA (2019) Supervised detection of iot botnet attacks. In: Proceedings of the second international conference on data science, E-Learning and information systems, pp 1–6
Alazzam H, Sharieh A, Sabri KE (2020) A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst Appl 148:113249
Albdour L, Manaseer S, Sharieh A (2020) Iot crawler with behavior analyzer at fog layer for detecting malicious nodes. Int J Commun Netw Inform Secur 12:83–94
Amaral AA, de Souza Mendes L, Zarpelão BB, Junior MLP (2017) Deep ip flow inspection to detect beyond network anomalies. Comput Commun 98:80–96
Aslahi-Shahri B, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of ga and svm for intrusion detection system. Neural comput Appl 27:1669–1676
Bahrololum M, Salahi E, Khaleghi M (2009) Anomaly intrusion detection design using hybrid of unsupervised and supervised neural network. Int J Comput Netw Commun (IJCNC) 1:26–33
Benmessahel I, Xie K, Chellal M (2018) A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl Intell 48:2315–2327
Benmessahel I, Xie K, Chellal M, Semong T (2019) A new evolutionary neural networks based on intrusion detection systems using locust swarm optimization. Evol Intel 12:131–146
Boahen EK, Bouya-Moko BE, Wang C (2021) Network anomaly detection in a controlled environment based on an enhanced psogsarfc. Comput Secur 104:102225
Callegari C, Giordano S, Pagano M, Pepe T (2011) Combining sketches and wavelet analysis for multi time-scale network anomaly detection. Comput Secur 30:692–704
David J, Thomas C (2015) Ddos attack detection using fast entropy approach on flow-based network traffic. Procedia Comput Sci 50:30–36
Farahnakian F (2018) Anomaly-based intrusion detection using deep neural networks. Int J Digit Content Technol Appl 12:70–18
Farahnakian F, Heikkonen J (2018) A deep auto-encoder based approach for intrusion detection system. In: 2018 20th international conference on advanced communication technology (ICACT). IEEE, pp 178–183
Fourie C, Van Niekerk A, Mucina L (2011) Optimising a one-class svm for geographic object-based novelty detection. In: Proceedings of the first AfricaGeo conference, pp 1–25
Gao W, Morris TH (2014) On cyber attacks and signature based intrusion detection for modbus based industrial control systems. J Digit Forens Secur Law 9:3
Ghafoori Z, Rajasegarar S, Erfani SM, Karunasekera S, Leckie CA (2016) Unsupervised parameter estimation for one-class support vector machines. In: Pacific-Asia conference on knowledge discovery and data mining. Springer, pp 183–195
Ghanem WAH, Jantan A, Ghaleb SAA, Nasser AB (2020) An efficient intrusion detection model based on hybridization of artificial bee colony and dragonfly algorithms for training multilayer perceptrons, vol 8, pp 130452–130475
Giacinto G, Perdisci R, Del Rio M, Roli F (2008) Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inform Fusion 9:69–82
Gu J, Lu S (2021) An effective intrusion detection approach using svm with naïve bayes feature embedding. Comput Secur 103:102158
Hamamoto AH, Carvalho LF, Sampaio LDH, Abrão T., Proença ML Jr (2018) Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst Appl 92:390–402
Hamdi M, Boudriga N (2007) Detecting denial-of-service attacks using the wavelet transform. Comput Commun 30:3203–3213
Helser S, Hwang MI (2021) Identity theft: a review of critical issues. Int J Cyber Res Educ (IJCRE) 3:65–77
Holm H (2014) Signature based intrusion detection for zero-day attacks:(not) a closed chapter?. In: 2014 47th Hawaii international conference on system sciences. IEEE, pp 4895–4904
Horng S-J, Su M-Y, Chen Y-H, Kao T-W, Chen R-J, Lai J-L, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38:306–313
Karami A (2018) An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Expert Syst Appl 108:36–60
Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: A comprehensive review. J Netw Comput Appl 36:16–24
Likas A, Vlassis N, Verbeek JJ (2003) The global k-means clustering algorithm. Pattern Recognit 36:451–461
Lin S-W, Ying K-C, Lee C-Y, Lee Z-J (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12:3285–3290
Mantovani RG, Rossi AL, Vanschoren J, Bischl B, De Carvalho AC (2015) Effectiveness of random search in svm hyper-parameter tuning. In: 2015 international joint conference on neural networks (IJCNN). Ieee, pp 1–8
Manzoor MA, Morgan Y (2017) Network intrusion detection system using apache storm. Probe 4107:4166
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17:12–22
Meng W, Li W, Kwok L-F (2015) Design of intelligent knn-based alarm filter using knowledge-based alert verification in intrusion detection. Secur Commun Netw 8:3883–3895
Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57
Moustafa N, Slay J (2015) Unsw-nb15: A comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE, pp 1–6
Muniyandi AP, Rajeswari R, Rajaram R (2012) Network anomaly detection by cascading k-means clustering and c4. 5 decision tree algorithm. Procedia Eng 30:174–182
Niaksu O (2015) Crisp data mining methodology extension for medical domain. Baltic J Modern Comput 3:92
Ozkan H, Ozkan F, Kozat SS (2015) Online anomaly detection under markov statistics with controllable type-i error. IEEE Trans Signal Process 64:1435–1445
Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30:114–132
Pérez D, Alonso S, Morán A, Prada MA, Fuertes JJ, Domínguez M (2019) Comparison of network intrusion detection performance using feature representation. In: International conference on engineering applications of neural networks. Springer, pp 463–475
Prasad R, Rohokale V (2020) Artificial intelligence and machine learning in cyber security. In: Cyber Security: The lifeline of information and communication technology. Springer, pp 231–247
Qatawneh M, Almobaideen W, AbuAlghanam O (2020) Challenges of blockchain technology in context internet of things: A survey. Int J Comput Appl 975:8887
Faris H, Castillo P, Merelo Guervós J, Al-Madi N (2018) The influence of input data standardization methods on the prediction accuracy of genetic programming generated classifiers. In: The 10th international joint conference on computational intelligence. https://doi.org/10.5220/0006959000790085, pp 79–85
Rahm E, Do HH (2000) Data cleaning: Problems and current approaches. IEEE Data Eng Bull 23:3–13
Rajakumari SB, Nalini C (2014) An efficient data mining dataset preparation using aggregation in relational database. Indian J Sci Technol 7:44
Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using k means and rbf kernel function. Procedia Comput Sci 45:428–435
Ren J, Guo J, Qian W, Yuan H, Hao X, Jingjing H (2019) Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur Commun Netw
Revathi S, Malathi A (2013) A detailed analysis on nsl-kdd dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (IJERT) 2:1848–1853
Roesch M et al (1999) Snort: Lightweight intrusion detection for networks. In: Lisa, vol 99, pp 229–238
Sanjaya SKSSS, Jena K (2014) A detail analysis on intrusion detection datasets. In: 2014 IEEE International Advance Computing Conference (IACC)
Scott SL (2004) A bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45:69–83
Shewale VR, Patil HD (2016) Performance evaluation of attack detection algorithms using improved hybrid ids with online captured data. Int J Comput Appl
Siddique K, Akhtar Z, Khan MA, Jung Y-H, Kim Y (2018) Developing an intrusion detection framework for high-speed big data networks: a comprehensive approach. KSII Trans Int Inform Syst 12
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6
Thakral A, Rakesh N, Gupta A (2012) Area prone to cyber attacks. CSI Communications
Truong TC, Zelinka I, Plucar J, Čandík M, Šulc V (2020) Artificial intelligence and cybersecurity: Past, presence, and future. In: Artificial intelligence and evolutionary computations in engineering systems. Springer, pp 351–363
Van Der Maaten L, Postma E, Van den Herik J (2009) Dimensionality reduction: a comparative. J Mach Learn Res 10:13
Von Solms R, Van Niekerk J (2013) From information security to cyber security. Comput Secur 38:97–102
Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Exp Syst Appl 37:6225–6232
Wu W-J, Lin S-W, Moon WK (2012) Combining support vector machine with genetic algorithm to classify ultrasound breast tumor images. Comput Med Imaging Graph 36:627– 633
Yao R, Wang N, Liu Z, Chen P, Sheng X (2021) Intrusion detection system in the advanced metering infrastructure: a cross-layer feature-fusion cnn-lstm-based approach. Sensors 21:626
Zhang Y, Lee W, Huang Y-A (2003) Intrusion detection techniques for mobile wireless networks. Wirel Netw 9:545– 556
Zong B, Song Q, Min MR, Cheng W, Lumezanu C, Cho D, Chen H (2018) Deep autoencoding gaussian mixture model for unsupervised anomaly detection. In: ICLR
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alazzam, H., Sharieh, A. & Sabri, K.E. A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer. Appl Intell 52, 3527–3544 (2022). https://doi.org/10.1007/s10489-021-02621-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-021-02621-x