TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection

Machine learning techniques are becoming mainstream in intrusion detection systems as they allow real-time response and have the ability to learn and adapt. By using a comprehensive dataset with multiple attack types, a well-trained model can be created to improve the anomaly detection performance. However, high dimensional data present a significant challenge for machine learning techniques. Processing similar features that provide redundant information increases the computational time, which is a critical problem especially for users with constrained resources (battery, energy). In this paper, we propose two models for intrusion detection and classification scheme Trust-based Intrusion Detection and Classification System (TIDCS) and Trust-based Intrusion Detection and Classification System- Accelerated (TIDCS-A) for secure network. TIDCS reduces the number of features in the input data based on a new algorithm for feature selection. Initially, the features are grouped randomly to increase the probability of making them participating in the generation of different groups, and sorted based on their accuracy scores. Only the high ranked features are then selected to obtain a classification for any received packet from the nodes in the network, which is saved as part of the node’s past performance. TIDCS proposes a periodic system cleansing where trust relationships between participant nodes are evaluated and renewed periodically. TIDCS-A proposes a dynamic algorithm to compute the exact time for nodes cleansing states and restricts the exposure window of the nodes. The final classification decision for both models is estimated by incorporating the node’s past behavior with the machine learning algorithm. Any detected attack reduces the trustworthiness of the nodes involved, leading to a dynamic system cleansing. An evaluation of TIDCS and TIDCS-A using the NSL-KDD and UNSW datasets shows that both models can detect malicious behaviors providing higher accuracy, detection rates, and lower false alarm than state-of-art techniques. For instance, for UNSW dataset, the accuracy detection is 91% for TICDS, 83.47%by using online AODE, 88% for CADF, 90% for EDM, 90% for TANN and 69.6% for NB. Consequently, TICDS has better performance than the state of art techniques in terms of accuracy detection, while providing good detection and false alarm rates.

[1]  Sung-Phil Kim,et al.  Feature slection using mutual information for EEG-based biometrics , 2016, 2016 39th International Conference on Telecommunications and Signal Processing (TSP).

[2]  Javier Bilbao,et al.  Overfitting problem and the over-training in the era of data: Particularly for Artificial Neural Networks , 2017, 2017 Eighth International Conference on Intelligent Computing and Information Systems (ICICIS).

[3]  Ferat Sahin,et al.  A survey on feature selection methods , 2014, Comput. Electr. Eng..

[4]  Yaser Jararweh,et al.  An intrusion detection system for connected vehicles in smart cities , 2019, Ad Hoc Networks.

[5]  Jean-Marie Flaus,et al.  A Deep Learning Approach for Intrusion Detection System in Industry Network , 2018, BDCSIntell.

[6]  A. Navaz,et al.  FACE RECOGNITION USING PRINCIPAL COMPONENT ANALYSIS AND NEURAL NETWORKS , 2013 .

[7]  Ali Ghorbani,et al.  Alert correlation survey: framework and techniques , 2006, PST.

[8]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2011, IEEE Transactions on Parallel and Distributed Systems.

[9]  Gong Shang-fu,et al.  Intrusion detection system based on classification , 2012, 2012 IEEE International Conference on Intelligent Control, Automatic Detection and High-End Equipment.

[10]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[11]  Amol Borkar,et al.  A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS) , 2017, 2017 International Conference on Inventive Computing and Informatics (ICICI).

[12]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[13]  Xin Yao,et al.  Linear dimensionality reduction using relevance weighted LDA , 2005, Pattern Recognit..

[14]  Chi Zhang,et al.  Secure crowdsourcing-based cooperative pectrum sensing , 2013, 2013 Proceedings IEEE INFOCOM.

[15]  Mazen O. Hasna,et al.  Energy-efficient based on cluster selection and trust management in cooperative spectrum sensing , 2016, 2016 IEEE Wireless Communications and Networking Conference.

[16]  Dong Seong Kim,et al.  Security modeling and analysis of an intrusion tolerant cloud data center , 2015, 2015 Third World Conference on Complex Systems (WCCS).

[17]  Kang G. Shin,et al.  Secure cooperative spectrum sensing and access against intelligent malicious behaviors , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[18]  Aditi Roy,et al.  Multi-classification of UNSW-NB15 Dataset for Network Anomaly Detection System , 2020 .

[19]  Cherukuri Aswani Kumar,et al.  Intrusion detection model using fusion of chi-square feature selection and multi class SVM , 2017, J. King Saud Univ. Comput. Inf. Sci..

[20]  Pablo A. Estévez,et al.  A review of feature selection methods based on mutual information , 2013, Neural Computing and Applications.

[21]  Bayu Adhi Tama,et al.  TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System , 2019, IEEE Access.

[22]  Shailendra Sahu,et al.  Network intrusion detection system using J48 Decision Tree , 2015, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[23]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[24]  Zeki Erdem,et al.  Online Naive Bayes classification for network intrusion detection , 2014, 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014).

[25]  Samee Ullah Khan,et al.  Potentials, trends, and prospects in edge technologies: Fog, cloudlet, mobile edge, and micro data centers , 2018, Comput. Networks.

[26]  Mazen O. Hasna,et al.  Location privacy preservation in secure crowdsourcing-based cooperative spectrum sensing , 2016, EURASIP J. Wirel. Commun. Netw..

[27]  Ying Zhong,et al.  HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning , 2020, Comput. Networks.

[28]  Markus Franke,et al.  Recommender Services in Scientific Digital Libraries , 2008 .

[29]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[30]  Kotagiri Ramamohanarao,et al.  Layered Approach Using Conditional Random Fields for Intrusion Detection , 2010, IEEE Transactions on Dependable and Secure Computing.

[31]  Abdullah Aljumah,et al.  Fog computing and security issues: A review , 2018, 2018 7th International Conference on Computers Communications and Control (ICCCC).

[32]  Elena Sitnikova,et al.  Collaborative anomaly detection framework for handling big data of cloud computing , 2017, 2017 Military Communications and Information Systems Conference (MilCIS).

[33]  Piyush Shukla,et al.  General study of intrusion detection system and survey of agent based intrusion detection system , 2017, 2017 International Conference on Computing, Communication and Automation (ICCCA).

[34]  Verónica Bolón-Canedo,et al.  A review of feature selection methods on synthetic data , 2013, Knowledge and Information Systems.

[35]  Khaled M. Khan,et al.  Cybersecurity for industrial control systems: A survey , 2020, Comput. Secur..

[36]  Lei Yang,et al.  Node State Monitoring Scheme in Fog Radio Access Networks for Intrusion Detection , 2019, IEEE Access.

[37]  Zina Chkirbene,et al.  A Combined Decision for Secure Cloud Computing Based on Machine Learning and Past Information , 2019, 2019 IEEE Wireless Communications and Networking Conference (WCNC).

[38]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .