Ensemble classifiers for network intrusion detection system

Two of the major challenges in designing anomaly intrusion detection are to maximize detection accuracy and to minimize false alarm rate. In addressing this issue, this paper proposes an ensemble of one-class classifiers where each adopts different learning paradigms. The techniques deployed in this ensemble model are; Linear Genetic Programming (LGP), Adaptive Neural Fuzzy Inference System (ANFIS) and Random Forest (RF). The strengths from the individual models were evaluated and ensemble rule was formulated. Prior to classification, a 2-tier feature selection process was performed to expedite the detection process. Empirical results show an improvement in detection accuracy for all classes of network traffic; Normal, Probe, DoS, U2R and R2L. Random Forest, which is an ensemble learning technique that generates many classification trees and aggregates the individual result was also able to address imbalance dataset problem that many of machine learning techniques fail to sufficiently address it.

[1]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[2]  Xiangyang Wang,et al.  Feature selection based on rough sets and particle swarm optimization , 2007, Pattern Recognit. Lett..

[3]  Andrew H. Sung,et al.  Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach , 2004, IEA/AIE.

[4]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[5]  Riccardo Poli,et al.  Particle swarm optimization , 1995, Swarm Intelligence.

[6]  James V. Hansen,et al.  Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection , 2007, Decis. Support Syst..

[7]  Kamel Faraoun,et al.  Genetic Programming Approach for Multi-Category Pattern Classification Applied to Network Intrusions Detection , 2006, Int. Arab J. Inf. Technol..

[8]  Taghi M. Khoshgoftaar,et al.  An Empirical Study of Learning from Imbalanced Data Using Random Forest , 2007, 19th IEEE International Conference on Tools with Artificial Intelligence(ICTAI 2007).

[9]  Ravi Jain,et al.  Soft Computing Models for Network Intrusion Detection Systems , 2005, Classification and Clustering for Knowledge Discovery.

[10]  Dirk Van den Poel,et al.  Predicting customer retention and profitability by using random forests and regression forests techniques , 2005, Expert Syst. Appl..

[11]  Andrzej Skowron,et al.  Rough set methods in feature selection and recognition , 2003, Pattern Recognit. Lett..

[12]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[13]  Aboul Ella Hassanien,et al.  Rough Sets Data Analysis in Knowledge Discovery: A Case of Kuwaiti Diabetic Children Patients , 2008, Adv. Fuzzy Syst..

[14]  Carlos Martín-Vide,et al.  Evolutionary Design of Intrusion Detection Programs , 2007, Int. J. Netw. Secur..

[15]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[16]  Anazida Zainal,et al.  Feature Selection Using Rough-DPSO in Anomaly Intrusion Detection , 2007, ICCSA.

[17]  Li Pheng Khoo,et al.  Feature extraction using rough set theory and genetic algorithms--an application for the simplification of product quality evaluation , 2002 .

[18]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.

[19]  Sungzoon Cho,et al.  EUS SVMs: Ensemble of Under-Sampled SVMs for Data Imbalance Problems , 2006, ICONIP.

[20]  J. Peters,et al.  Random forests as a tool for ecohydrological distribution modelling , 2007 .

[21]  Josef Kittler,et al.  Multiple Classifier Systems , 2004, Lecture Notes in Computer Science.

[22]  Liangsheng Qu,et al.  Fault diagnosis using Rough Sets Theory , 2000 .

[23]  Dong Seong Kim,et al.  Building Lightweight Intrusion Detection System Based on Random Forest , 2006, ISNN.

[24]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[25]  Peng Xu,et al.  Random forests and the data sparseness problem in language modeling , 2007, Comput. Speech Lang..

[26]  J. Koza,et al.  A Genetic Programming Tutorial , 2003 .

[27]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[28]  Ping-Feng Pai,et al.  Rough set theory with discriminant analysis in analyzing electricity loads , 2009, Expert Syst. Appl..

[29]  Ajith Abraham,et al.  Evolving Intrusion Detection Systems , 2006, Genetic Systems Programming.

[30]  Keisuke Kameyama,et al.  Feature Extraction of Hyperspectral Data for under Spilled Blood Visualization Using Particle Swarm Optimization , 2005 .

[31]  C. Lucas,et al.  Intrusion detection using a fuzzy genetics-based learning algorithm , 2007, J. Netw. Comput. Appl..

[32]  Jyh-Shing Roger Jang,et al.  ANFIS: adaptive-network-based fuzzy inference system , 1993, IEEE Trans. Syst. Man Cybern..

[33]  Evgeniya Nikolova,et al.  Anomaly Based Intrusion Detection Based on the Junction Tree Algorithm , 2007 .

[34]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[35]  Kagan Tumer,et al.  Classifier ensembles: Select real-world applications , 2008, Inf. Fusion.