Smart Intrusion Detection System Comprised of Machine Learning and Deep Learning

DOI: http://dx.doi.org/10.24018/ejers.2020.5.10.2128 Vol 5 | Issue 10 | October 2020 1 Abstract — In the present world, digital intruders can exploit the vulnerabilities of a network and are capable to collapse even a country. Attack in Estonia by digital intruders, attack in Iran's nuclear plant and intrusion of spyware in smart phone depicts the efficiency of attackers. Furthermore, centralized firewall system is not enough for ensuring a secured network. Hence, in the age of big data, where availability of data is huge and computation capability of PC is also high, there machine learning and network security have become two inseparable issues. In this thesis, KDD Cup’99 intrusion detection dataset is used. Total 3, 11,030 numbers of records with 41 features are available in the dataset. For finding the anomalies of the network four machine learning methods are used like Classification and Regression Tree (CART), Random Forest, Naive Bayes and Multi-Layer Perception. Initially all 41 features are used to find out the accuracy. Among all the methods, Random Forest provides 98.547% accuracy in intrusion detection which is maximum, and CART shows maximum accuracy (99.086%) to find normal flow of data. Gradually selective 15 features were taken to test the accuracy and it was found that Random Forest is still efficient (accuracy 98.266%) in detecting the fault of the network. In both cases MLP found to be a stable method where accuracy regarding benign data and intrusion are always close to 95% (93.387%, 94.312% and 95.0075, 93.652% respectively). Finally, an IDS model is proposed where Random Forest of ML method and MLP of DL method is incorporated, to handle the intrusion in a most efficient manner.

[1]  SlayJill,et al.  The evaluation of Network Anomaly Detection Systems , 2016 .

[2]  Shilpa Lakhina,et al.  Feature Reduction using Principal Component Analysis for Effective Anomaly – Based Intrusion Detection on NSL-KDD , 2010 .

[3]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[4]  A. J. Deepa,et al.  A Comprehensive Survey on Approaches to Intrusion Detection System , 2012 .

[5]  Mehdi Hussain,et al.  Evaluating Performance of Intrusion Detection System using Support Vector Machines: Review , 2015 .

[6]  Tanja Zseby,et al.  Analysis of network traffic features for anomaly detection , 2014, Machine Learning.

[7]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[8]  Mohamed Hadi Habaebi,et al.  Malicious Behaviour of Node and its Significant Security Techniques in MANET-A Review , 2013 .

[9]  Farhat Anwar,et al.  MANET – A cogitation of its design and security issues , 2016 .

[10]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[11]  K. Saravanan,et al.  EVALUATION OF NETWORK INTRUSION DETECTION USING MARKOV CHAIN , 2014 .

[12]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[13]  Evangelos P. Markatos,et al.  Combining static and dynamic analysis for the detection of malicious documents , 2011, EUROSEC '11.

[14]  Hui Guo,et al.  The Solution to How to Select an Optimal Set of Features from Many Features Used to Intrusion Detection System in Wireless Sensor Network , 2010, 2010 Second WRI Global Congress on Intelligent Systems.

[15]  Vipin Kumar,et al.  K-Means Clustering Approach to Analyze NSL-KDD Intrusion Detection Dataset , 2013 .

[16]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[17]  James A. Mahaffey,et al.  Multiple Self-Organizing Maps for Intrusion Detection , 2000 .

[18]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[19]  Chia-Mei Chen,et al.  An efficient network intrusion detection , 2010, Comput. Commun..

[20]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[21]  Saiyan Saiyod,et al.  Network traffic data to ARFF converter for association rules technique of data mining , 2014, 2014 IEEE Conference on Open Systems (ICOS).

[22]  Benjamin Livshits,et al.  NOZZLE: A Defense Against Heap-spraying Code Injection Attacks , 2009, USENIX Security Symposium.

[23]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[24]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[25]  Patrick van der Smagt,et al.  Introduction to neural networks , 1995, The Lancet.