NSNAD: negative selection-based network anomaly detection approach with relevant feature subset

Intrusion detection systems are one of the security tools widely deployed in network architectures in order to monitor, detect and eventually respond to any suspicious activity in the network. However, the constantly growing complexity of networks and the virulence of new attacks require more adaptive approaches for optimal responses. In this work, we propose a semi-supervised approach for network anomaly detection inspired from the biological negative selection process. Based on a reduced dataset with a filter/ranking feature selection technique, our algorithm, namely negative selection for network anomaly detection (NSNAD), generates a set of detectors and uses them to classify events as anomaly. Otherwise, they are matched against an Artificial Human Leukocyte Antigen in order to be classified as normal. The accuracy and the computational time of NSNAD are tested under three intrusion detection datasets: NSL-KDD, Kyoto2006+ and UNSW-NB15. We compare the performance of NSNAD against a fully supervised algorithm ( Naïve Bayes ), an unsupervised clustering algorithm ( K-means ) and a semi-supervised algorithm ( One-class SVM ) with respect to multiple accuracy metrics. We also compare the time incurred by each algorithm in training and classification stages.

[1]  Guoyin Wang,et al.  Erratum to “Experimental Analyses of the Major Parameters Affecting the Intensity of Outbursts of Coal and Gas” , 2014, The Scientific World Journal.

[2]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Xiangyang Li,et al.  Decision Tree Classifiers for Computer Intrusion Detection , 2001, Scalable Comput. Pract. Exp..

[4]  Diane J. Cook,et al.  Graph-based anomaly detection , 2003, KDD '03.

[5]  Feng Wang,et al.  A Survey of Artificial Immune System Based Intrusion Detection , 2014, TheScientificWorldJournal.

[6]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[7]  Xiaojin Zhu,et al.  --1 CONTENTS , 2006 .

[8]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[9]  K. Anusha,et al.  OMAMIDS: Ontology Based Multi-Agent Model Intrusion Detection System for Detecting Web Service Attacks , 2016 .

[10]  Lu Feng,et al.  Towards accurate intrusion detection based on improved clonal selection algorithm , 2017, Multimedia Tools and Applications.

[11]  Salah Al-Sharhan,et al.  ARTIFICIAL IMMUNE SYSTEMS - MODELS, ALGORITHMS AND APPLICATIONS , 2010 .

[12]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[13]  Mauricio Papa,et al.  Attribute selection using information gain for a fuzzy logic intrusion detection system , 2006, SPIE Defense + Commercial Sensing.

[14]  Fernando José Von Zuben,et al.  Learning and optimization using the clonal selection principle , 2002, IEEE Trans. Evol. Comput..

[15]  Jonathan Timmis,et al.  Artificial immune systems as a novel soft computing paradigm , 2003, Soft Comput..

[16]  Wail S. Elkilani,et al.  A hybrid approach for efficient anomaly detection using metaheuristic methods , 2014, Journal of advanced research.

[17]  R. Sridevi,et al.  Genetic algorithm and artificial immune systems: A combinational approach for network intrusion detection , 2012, IEEE-International Conference On Advances In Engineering, Science And Management (ICAESM -2012).

[18]  Jidong Wang,et al.  An Improved Artificial Immune System-Based Network Intrusion Detection by Using Rough Set , 2012 .

[19]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[20]  Fernando Niño,et al.  Recent Advances in Artificial Immune Systems: Models and Applications , 2011, Appl. Soft Comput..

[21]  Larry A. Rendell,et al.  A Practical Approach to Feature Selection , 1992, ML.

[22]  Shahrzad Zargari,et al.  Feature Selection in the Corrected KDD-dataset , 2012, 2012 Third International Conference on Emerging Intelligent Data and Web Technologies.

[23]  Jill Slay,et al.  The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems , 2015, 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[24]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[25]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[26]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[27]  Dipankar Dasgupta,et al.  Immunological Computation: Theory and Applications , 2008 .

[28]  Md. Abu Naser Bikas,et al.  An Implementation of Intrusion Detection System Using Genetic Algorithm , 2012, ArXiv.

[29]  Jung-San Lee,et al.  Selective scalable secret image sharing with verification , 2015, Multimedia Tools and Applications.

[30]  Huan Liu,et al.  Interactive Anomaly Detection on Attributed Networks , 2019, WSDM.

[31]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[32]  Vipin Kumar,et al.  K-Means Clustering Approach to Analyze NSL-KDD Intrusion Detection Dataset , 2013 .

[33]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[34]  Shuai Li,et al.  Collaborative Filtering Bandits , 2015, SIGIR.

[35]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[36]  Heena Rathore Mapping Biological Systems to Network Systems , 2016 .

[37]  Bhupendra Verma,et al.  An efficient proactive artificial immune system based anomaly detection and prevention system , 2016, Expert Syst. Appl..

[38]  Jean-Charles Grégoire,et al.  Network intrusion detection through artificial immune system , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[39]  Hassan Asgharian,et al.  A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks , 2013, Evolutionary Intelligence.

[40]  Shuai Li,et al.  Distributed Clustering of Linear Bandits in Peer to Peer Networks , 2016, ICML.

[41]  Shuai Li,et al.  An Efficient Approach to Generating Location-Sensitive Recommendations in Ad-hoc Social Network Environments , 2015, IEEE Transactions on Services Computing.

[42]  Shahrzad Zargari,et al.  Feature selection in UNSW-NB15 and KDDCUP'99 datasets , 2017, 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE).

[43]  Ludovic Journaux,et al.  Benchmark Datasets for Network Intrusion Detection: A Review , 2018, Int. J. Netw. Secur..

[44]  Taghi M. Khoshgoftaar,et al.  Evaluating Feature Selection Methods for Network Intrusion Detection with Kyoto Data , 2016 .

[45]  Qiao Yan,et al.  AINIDS: an immune-based network intrusion detection system , 2006, SPIE Defense + Commercial Sensing.

[46]  Aderemi Oluyinka Adewumi,et al.  Efficient Feature Selection Technique for Network Intrusion Detection System Using Discrete Differential Evolution and Decision , 2017, Int. J. Netw. Secur..

[47]  Jason Brownlee,et al.  Clever Algorithms: Nature-Inspired Programming Recipes , 2012 .

[48]  Jinan Fiaidhi,et al.  Developing Data Mining Techniques for Intruder Detection in Network Traffic , 2016 .

[49]  Shuai Li,et al.  Dynamic Fuzzy Logic Control of Genetic Algorithm Probabilities , 2014, J. Comput..

[50]  Lu Hong Artificial Immune System for Anomaly Detection , 2008, 2008 IEEE International Symposium on Knowledge Acquisition and Modeling Workshop.

[51]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[52]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[53]  Adel Ammar,et al.  Comparison of Feature Reduction Techniques for the Binominal Classification of Network Traffic , 2015 .

[54]  Slobodan Petrovic,et al.  A Comparison of Feature-Selection Methods for Intrusion Detection , 2010, MMM-ACNS.

[55]  Joseph Migga Kizza,et al.  Network Intrusion Detection Based on Bayesian Networks , 2008, SEKE.

[56]  Shuai Li,et al.  Mining λ-Maximal Cliques from a Fuzzy Graph , 2016 .

[57]  M. Eaman Immune system. , 2000, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[58]  S J Ghule,et al.  Network Intrusion Detection System using Fuzzy Logic , 2014 .

[59]  A. Watkins An immunological approach to intrusion detection , 2000 .

[60]  Shuai Li,et al.  Medicine Rating Prediction and Recommendation in Mobile Social Networks , 2013, GPC.

[61]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[62]  Dipankar Dasgupta,et al.  An Overview of Artificial Immune Systems and Their Applications , 1993 .

[63]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[64]  B. Sick,et al.  Feature selection for intrusion detection: an evolutionary wrapper approach , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[65]  Christopher Kiekintveld,et al.  Bandits for Cybersecurity: Adaptive Intrusion Detection Using Honeypots , 2016, AAAI Workshop: Artificial Intelligence for Cyber Security.

[66]  Felix T.S. Chan,et al.  Clonal Selection Approach for Network Intrusion Detection , 2013 .

[67]  Adiwijaya,et al.  Anomaly Detection on Intrusion Detection System Using CLIQUE Partitioning , 2014, 2014 2nd International Conference on Information and Communication Technology (ICoICT).

[68]  Arabi Keshk,et al.  Artificial immune system based intrusion detection , 2015, 2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS).

[69]  Sudhir Kumar Sharma,et al.  A Minimal Subset of Features Using Correlation Feature Selection Model for Intrusion Detection System , 2016 .

[70]  R. Shanmugavadivu NETWORK INTRUSION DETECTION SYSTEM USING FUZZY LOGIC , 2011 .

[71]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[72]  Hiroki Takakura,et al.  Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[73]  Stephen S. Yau,et al.  Attack Detection in Cloud Infrastructures Using Artificial Neural Network with Genetic Feature Selection , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[74]  Xian-Lun Tang,et al.  A novel intrusion detection method based on clonal selection clustering algorithm , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[75]  Ling Zhang,et al.  Integrated intrusion detection model based on artificial immune , 2014 .

[76]  Pei-Chann Chang,et al.  A population-based incremental learning approach with artificial immune system for network intrusion detection , 2016, Eng. Appl. Artif. Intell..

[77]  Shuai Li,et al.  Online Optimization Methods for the Quantification Problem , 2016, KDD.

[78]  Shuai Li,et al.  On Context-Dependent Clustering of Bandits , 2016, ICML.

[79]  A. Karegowda,et al.  COMPARATIVE STUDY OF ATTRIBUTE SELECTION USING GAIN RATIO AND CORRELATION BASED FEATURE SELECTION , 2010 .

[80]  T Salamatova,et al.  Network intrusion detection by the coevolutionary immune algorithm of artificial immune systems with clonal selection , 2017 .

[81]  Lu Feng,et al.  A Feature Selection Method for Improved Clonal Algorithm Towards Intrusion Detection , 2016, Int. J. Pattern Recognit. Artif. Intell..

[82]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[83]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[84]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[85]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[86]  B. Matthews Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[87]  Peter J. Bentley,et al.  Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator , 2001, Proceedings of the 2001 Congress on Evolutionary Computation (IEEE Cat. No.01TH8546).

[88]  Tarek N. Saadawi,et al.  Distributed Network Intrusion Detection Systems: An Artificial Immune System Approach , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[89]  Tao Mei,et al.  Subspace Clustering by Block Diagonal Representation , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[90]  Gilles Louppe,et al.  Independent consultant , 2013 .

[91]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[92]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[93]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[94]  Guoying Wang,et al.  Unsupervised network anomaly detection based on abnormality weights and subspace clustering , 2016, 2016 Sixth International Conference on Information Science and Technology (ICIST).

[95]  Manas Ranjan Patra,et al.  NETWORK INTRUSION DETECTION USING NAÏVE BAYES , 2007 .

[96]  V.V. Phoha,et al.  CLIQUE clustering approach to detect denial-of-service attacks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[97]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..

[98]  H WittenIan,et al.  The WEKA data mining software , 2009 .