Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

[1]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[2]  G H Ball,et al.  A clustering technique for summarizing multivariate data. , 1967, Behavioral science.

[3]  C.-C. Jay Kuo,et al.  A new initialization technique for generalized Lloyd iteration , 1994, IEEE Signal Processing Letters.

[4]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[5]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6]  Pedro Larrañaga,et al.  An empirical comparison of four initialization methods for the K-Means algorithm , 1999, Pattern Recognit. Lett..

[7]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[8]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[9]  Boleslaw K. Szymanski,et al.  NETWORK-BASED INTRUSION DETECTION USING NEURAL NETWORKS , 2002 .

[10]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[11]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[12]  Mothd Belal Al-Daoud A New Algorithm for Cluster Initialization , 2005, WEC.

[13]  Mohammad Zulkernine,et al.  DIDMA: a distributed intrusion detection system using mobile agents , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[14]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[15]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[16]  Chaker Katar Combining Multiple Techniques for Intrusion Detection , 2006 .

[17]  Hang Zhou,et al.  Design of a Multi-agent Based Intelligent Intrusion Detection System , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[18]  Lizhong Xiao,et al.  K-means Algorithm Based on Particle Swarm Optimization Algorithm for Anomaly Intrusion Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[19]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[20]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[21]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[22]  Vir V. Phoha,et al.  K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods , 2007, IEEE Transactions on Knowledge and Data Engineering.

[23]  Anil K. Jain Data clustering: 50 years beyond K-means , 2008, Pattern Recognit. Lett..

[24]  Huang Tianshu,et al.  A Fast Fuzzy Set Intrusion Detection Model , 2008, 2008 International Symposium on Knowledge Acquisition and Modeling.

[25]  Tao Li,et al.  Distributed agents model for intrusion detection based on AIS , 2009, Knowl. Based Syst..

[26]  Xindong Wu,et al.  The Top Ten Algorithms in Data Mining , 2009 .

[27]  Wang Xiaojun,et al.  High performance Deep Packet Inspection on multi-core platform , 2009, 2009 2nd IEEE International Conference on Broadband Network & Multimedia Technology.

[28]  Meng Jianliang,et al.  The Application on Intrusion Detection Based on K-means Cluster Algorithm , 2009, 2009 International Forum on Information Technology and Applications.

[29]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[30]  Kabeer Ahmed,et al.  Comparative study of intrusion detection system and its Recovery mechanism , 2010, 2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE).

[31]  Wang Huai-bin,et al.  A Clustering Algorithm Use SOM and K-Means in Intrusion Detection , 2010, 2010 International Conference on E-Business and E-Government.

[32]  G. MeeraGandhi,et al.  Effective Network Intrusion Detection using Classifiers Decision Trees and Decision rules , 2010 .

[33]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).

[34]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[35]  Gary B. Lamont,et al.  Multi agent system for network attack classification using flow-based intrusion detection , 2011, 2011 IEEE Congress of Evolutionary Computation (CEC).

[36]  Yang Gao,et al.  Distributed Artificial Intelligence: Second International Conference, DAI 2020, Nanjing, China, October 24–27, 2020, Proceedings , 2020, DAI.

[37]  W. Yassin,et al.  Intrusion detection based on K-Means clustering and Naïve Bayes classification , 2011, 2011 7th International Conference on Information Technology in Asia.

[38]  Murat Erisoglu,et al.  A new algorithm for initial cluster centers in k-means algorithm , 2011, Pattern Recognit. Lett..

[39]  P. Balasubramanie,et al.  Improving the Attack Detection Rate in Network Intrusion Detection using Adaboost Algorithm , 2012 .

[40]  Nagaraju Devarakonda,et al.  Integrated Bayes Network and Hidden Markov Model for Host based IDS , 2012 .

[41]  Ramesh Chandra Joshi,et al.  Parallel Misuse and Anomaly Detection Model , 2012, Int. J. Netw. Secur..

[42]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[43]  Wang Jie,et al.  The method of network intrusion detection based on the neural network GCBP algorithm , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[44]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[45]  Muttukrishnan Rajarajan,et al.  Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing , 2012 .

[46]  Nor Badrul Anuar,et al.  An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique , 2013, Eng. Appl. Artif. Intell..

[47]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[48]  Aboul Ella Hassanien,et al.  Multi-layer hybrid machine learning techniques for anomalies detection and classification approach , 2013, 13th International Conference on Hybrid Intelligent Systems (HIS 2013).

[49]  Medromi Hicham,et al.  A collaborative intrusion detection and Prevention System in Cloud Computing , 2013, 2013 Africon.

[50]  Vipin Kumar,et al.  K-Means Clustering Approach to Analyze NSL-KDD Intrusion Detection Dataset , 2013 .

[51]  Nandita Sengupta,et al.  Designing of on line intrusion detection system using rough set theory and Q-learning algorithm , 2013, Neurocomputing.

[52]  K. Raghuveer,et al.  Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers , 2013, 2013 International Conference on Computer Communication and Informatics.

[53]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[54]  Aristides Gionis,et al.  k-means-: A Unified Approach to Clustering and Outlier Detection , 2013, SDM.

[55]  Azizah Abdul Rahman,et al.  Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents , 2013, Int. J. Netw. Secur..

[56]  Vipin Kumar,et al.  A Comparative Study of Classification Techniques for Intrusion Detection , 2013, 2013 International Symposium on Computational and Business Intelligence.

[57]  Md. Al Mehedi Hasan,et al.  Support Vector Machine and Random Forest Modeling for Intrusion Detection System (IDS) , 2014 .

[58]  Mohssine El Ajjouri,et al.  Intelligent architecture based on MAS and CBR for intrusion detection , 2014, Proceedings of the 4th Edition of National Security Days (JNS4).