Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection

Abstract A robust network intrusion detection system (NIDS) plays an important role in cyberspace security for protecting confidential systems from potential threats. In real world network, there exists complex correlations among the various types of network traffic information, which may be respectively attributed to different abnormal behaviors and should be make full utilized in NIDS. Regarding complex network traffic information, traditional learning based abnormal behavior detection methods can hardly meet the requirements of the real world network environment. Existing methods have not taken into account the impact of various modalities of data, and the mutual support among different data features. To address the concerns, this paper proposes a multi-dimensional feature fusion and stacking ensemble mechanism (MFFSEM), which can detect abnormal behaviors effectively. In order to accurately explore the connotation of traffic information, multiple basic feature datasets are established considering different aspects of traffic information such as time, space, and load. Then, considering the association and correlation among the basic feature datasets, multiple comprehensive feature datasets are set up to meet the requirements of real world abnormal behavior detection. In specific, stacking ensemble learning is conducted on multiple comprehensive feature datasets, and thus an effective multi-dimensional global anomaly detection model is accomplished. The experimental results on the dataset KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017 have shown that MFFSEM significantly outperforms the basic and meta classifiers adopted in our method. Furthermore, its detection performance is superior to other well-known ensemble approaches.

[1]  Gulshan Kumar,et al.  MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a review , 2020, The Journal of Supercomputing.

[2]  Mumbi Chishimba,et al.  Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics , 2020, Future Gener. Comput. Syst..

[3]  Aman Jantan,et al.  Training a Neural Network for Cyberattack Classification Applications Using Hybridization of an Artificial Bee Colony and Monarch Butterfly Optimization , 2019, Neural Processing Letters.

[4]  Arun Kumar Sangaiah,et al.  A real-time and ubiquitous network attack detection based on deep belief network and support vector machine , 2020, IEEE/CAA Journal of Automatica Sinica.

[5]  Ahmed Ahmim,et al.  RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks , 2020, Future Internet.

[6]  Joarder Kamruzzaman,et al.  Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine , 2020, Electronics.

[7]  Nilesh B. Nanda,et al.  Hybrid Approach for Network Intrusion Detection System Using Random Forest Classifier and Rough Set Theory for Rules Generation , 2019, Communications in Computer and Information Science.

[8]  Guang Cheng,et al.  An Efficient Network Intrusion Detection System Based on Feature Selection and Ensemble Classifier , 2019, ArXiv.

[9]  Yang Xin,et al.  Robust detection for network intrusion of industrial IoT based on multi-CNN fusion , 2020 .

[10]  Michał Choraś,et al.  A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection , 2020, Sensors.

[11]  Zheng Yan,et al.  Data Fusion for Network Intrusion Detection: A Review , 2018, Secur. Commun. Networks.

[12]  Diego Reforgiato Recupero,et al.  A Local Feature Engineering Strategy to Improve Network Anomaly Detection , 2020, Future Internet.

[13]  Chong Di Learning automata based SVM for intrusion detection , 2017, CSPS.

[14]  K. S. Vishvaksenan,et al.  Interference cancellation in cognitive radio-based MC-CDMA system using pre-coding technique , 2018, The Journal of Supercomputing.

[15]  Lincy Elizebeth Jim,et al.  Decision Tree based AIS strategy for Intrusion Detection in MANET , 2019, TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON).

[16]  Jiankun Hu,et al.  A novel statistical technique for intrusion detection systems , 2018, Future Gener. Comput. Syst..

[17]  Georgios Kambourakis,et al.  Dendron : Genetic trees driven rule induction for network intrusion detection systems , 2018, Future Gener. Comput. Syst..

[18]  Necati Demir,et al.  Modified stacking ensemble approach to detect network intrusion , 2018, Turkish J. Electr. Eng. Comput. Sci..

[19]  Le Yang,et al.  Network Security Situation Factor Extraction Based on Random Forest of Information Gain , 2019, ICBDC 2019.

[20]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[21]  Francisco Herrera,et al.  On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems , 2015, Expert Syst. Appl..

[22]  Jiankun Hu,et al.  A holistic review of Network Anomaly Detection Systems: A comprehensive survey , 2019, J. Netw. Comput. Appl..

[23]  Ying Zhang,et al.  Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network , 2019, IEEE Access.

[24]  S. Sai Satyanarayana Reddy,et al.  Intrusion Detection in Wireless Network Using Fuzzy Logic Implemented with Genetic Algorithm , 2019 .

[25]  Atilla Özgür,et al.  A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015 , 2016, PeerJ Prepr..

[26]  Francesco Carlo Morabito,et al.  A novel statistical analysis and autoencoder driven intelligent intrusion detection approach , 2020, Neurocomputing.

[27]  V. S. Shankar Sriram,et al.  A Hypergraph and Arithmetic Residue-based Probabilistic Neural Network for classification in Intrusion Detection Systems , 2017, Neural Networks.

[28]  Sharmila Subudhi,et al.  Application of OPTICS and ensemble learning for Database Intrusion Detection , 2019, J. King Saud Univ. Comput. Inf. Sci..

[29]  Kannan Arputharaj,et al.  Intrusion detection using dynamic feature selection and fuzzy temporal decision tree classification for wireless sensor networks , 2020, IET Commun..

[30]  Diego Reforgiato Recupero,et al.  A Probabilistic-driven Ensemble Approach to Perform Event Classification in Intrusion Detection System. , 2018 .

[31]  Olanrewaju Victor Johnson,et al.  Evaluation Of Selected Meta Learning Algorithms For The Prediction Improvement Of Network Intrusion Detection System , 2020, 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS).

[32]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[33]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[34]  Smitha Rajagopal,et al.  A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets , 2020, Secur. Commun. Networks.

[35]  Wei Chen,et al.  Building Auto-Encoder Intrusion Detection System based on random forest feature selection , 2020, Comput. Secur..

[36]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[37]  Shouhuai Xu,et al.  A Case Study on using Deep Learning for Network Intrusion Detection , 2019, MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM).

[38]  Mohammad Zubair,et al.  Performance Analysis of Network Intrusion Detection System using Machine Learning , 2019, International Journal of Advanced Computer Science and Applications.

[39]  B Gohil Narendrasinh,et al.  FLBS: Fuzzy lion Bayes system for intrusion detection in wireless communication network , 2019, Journal of Central South University.

[40]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[41]  Bayu Adhi Tama,et al.  Performance evaluation of intrusion detection system using classifier ensembles , 2017, Int. J. Internet Protoc. Technol..

[42]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[43]  Ali Movaghar-Rahimabadi,et al.  Intrusion Detection: A Survey , 2008, 2008 Third International Conference on Systems and Networks Communications.

[44]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[45]  Kiseon Kim,et al.  Genetic convolutional neural network for intrusion detection systems , 2020, Future Gener. Comput. Syst..

[46]  Yiqiang Sheng,et al.  HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection , 2018, IEEE Access.