Supervised Machine Learning Techniques for Efficient Network Intrusion Detection

Cloud computing is gaining significant traction and virtualized data centers are becoming popular as a cost-effective infrastructure in telecommunication industry. Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) are being widely deployed and utilized by end users, including many private as well as public organizations. Despite its wide-spread acceptance, security is still the biggest threat in cloud computing environments. Users of cloud services are under constant fear of data loss, security breaches, information theft and availability issues. Recently, learning-based methods for security applications are gaining popularity in the literature with the advents in machine learning (ML) techniques. In this work, we explore applicability of two well-known machine learning approaches, which are, Artificial Neural Networks (ANN) and Support Vector Machines (SVM), to detect intrusions or anomalous behavior in the cloud environment. We have developed ML models using ANN and SVM techniques and have compared their performances. We have used UNSW-NB-15 dataset to train and test the models. In addition, we have performed feature engineering and parameter tuning to find out optimal set of features with maximum accuracy to reduce the training time and complexity of the ML models. We observe that with proper features set, SVM and ANN techniques have been able to achieve anomaly detection accuracy of 91% and 92% respectively, which is higher compared against that of the one achieved in the literature, with reduced number of features needed to train the models.

[1]  Mohammed Samaka,et al.  Efficient virtual network function placement strategies for Cloud Radio Access Networks , 2018, Comput. Commun..

[2]  Sushanta Karmakar,et al.  A Neural Network based system for Intrusion Detection and attack classification , 2016, 2016 Twenty Second National Conference on Communication (NCC).

[3]  Radu State,et al.  Machine Learning Approach for IP-Flow Record Anomaly Detection , 2011, Networking.

[4]  Mohammed Samaka,et al.  Multi-objective scheduling of micro-services for optimal service function chains , 2017, 2017 IEEE International Conference on Communications (ICC).

[5]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[6]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[7]  Mohammed Samaka,et al.  Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[8]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[9]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[10]  Mohammed Samaka,et al.  Feasibility of Supervised Machine Learning for Cloud Security , 2016, 2016 International Conference on Information Science and Security (ICISS).

[11]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[12]  Zhong Jin,et al.  A novel SVM by combining kernel principal component analysis and improved chaotic particle swarm optimization for intrusion detection , 2014, Soft Computing.

[13]  Taghi M. Khoshgoftaar,et al.  Active learning with neural networks for intrusion detection , 2010, 2010 IEEE International Conference on Information Reuse & Integration.

[14]  Vijay Varadharajan,et al.  Intrusion detection techniques in cloud environment: A survey , 2017, J. Netw. Comput. Appl..

[15]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[16]  Carlos García Garino,et al.  Automatic network intrusion detection: Current techniques and open issues , 2012, Comput. Electr. Eng..

[17]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[18]  Robert C. Atkinson,et al.  Threat analysis of IoT networks using artificial neural network intrusion detection system , 2016, 2016 International Symposium on Networks, Computers and Communications (ISNCC).

[19]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[20]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[21]  Jian Sun,et al.  Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification , 2015, 2015 IEEE International Conference on Computer Vision (ICCV).

[22]  Shie Mannor,et al.  A Tutorial on the Cross-Entropy Method , 2005, Ann. Oper. Res..

[23]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[24]  V. Rao Vemuri,et al.  Robust Support Vector Machines for Anomaly Detection in Computer Security , 2003, ICMLA.