Applying a Neural Network Ensemble to Intrusion Detection

Abstract An intrusion detection system (IDS) is an important feature to employ in order to protect a system against network attacks. An IDS monitors the activity within a network of connected computers as to analyze the activity of intrusive patterns. In the event of an ‘attack’, the system has to respond appropriately. Different machine learning techniques have been applied in the past. These techniques fall either into the clustering or the classification category. In this paper, the classification method is used whereby a neural network ensemble method is employed to classify the different types of attacks. The neural network ensemble method consists of an autoencoder, a deep belief neural network, a deep neural network, and an extreme learning machine. The data used for the investigation is the NSL-KDD data set. In particular, the detection rate and false alarm rate among other measures (confusion matrix, classification accuracy, and AUC) of the implemented neural network ensemble are evaluated.

[1]  Carla Purdy,et al.  Toward an Online Anomaly Intrusion Detection System Based on Deep Learning , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[2]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[3]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[4]  Chee Kheong Siew,et al.  Universal Approximation using Incremental Constructive Feedforward Networks with Random Hidden Nodes , 2006, IEEE Transactions on Neural Networks.

[5]  James A. Mahaffey,et al.  Multiple Self-Organizing Maps for Intrusion Detection , 2000 .

[6]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[7]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[8]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[9]  Atilla Özgür,et al.  A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015 , 2016, PeerJ Prepr..

[10]  Jan H. P. Eloff,et al.  An approach to implement a network intrusion detection system using genetic algorithms , 2004 .

[11]  Robert E. Schapire,et al.  The strength of weak learnability , 1990, Mach. Learn..

[12]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[13]  William Stallings Zhu,et al.  Network Security Essentials : Applications and Standards , 2007 .

[14]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[15]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[16]  Simone A. Ludwig Intrusion detection of multiple attack classes using a deep neural net ensemble , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[17]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[18]  Nitesh V. Chawla,et al.  Editorial: special issue on learning from imbalanced data sets , 2004, SKDD.

[19]  Harya Damar Widiputra CLUSTERING BASED INTRUSION DETECTION FOR NETWORK PROFILING USING K-MEANS, ECM AND K-NEAREST NEIGHBOR ALGORITHMS , 2009 .

[20]  Steve R. White,et al.  An Undetectable Computer Virus , 2000 .

[21]  Geoffrey E. Hinton,et al.  Deep Boltzmann Machines , 2009, AISTATS.

[22]  Marius Kloft,et al.  Automatic feature selection for anomaly detection , 2008, AISec '08.

[23]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[24]  Aida O. Ali,et al.  Multilayer perceptrons networks for an Intelligent Adaptive intrusion detection system , 2010 .

[25]  Konstantina Papagiannaki,et al.  The Cubicle vs. The Coffee Shop: Behavioral Modes in Enterprise End-Users , 2008, PAM.

[26]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[27]  Christian Diedrich,et al.  Accelerated deep neural networks for enhanced Intrusion Detection System , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[28]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[29]  Marius Kloft,et al.  Active learning for network intrusion detection , 2009, AISec '09.

[30]  B.V. Dasarathy,et al.  A composite classifier system design: Concepts and methodology , 1979, Proceedings of the IEEE.

[31]  Xuan Zhang,et al.  Intrusion Detection Based on IDBM , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[32]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[33]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[34]  Risto Vaarandi,et al.  Network IDS alert classification with frequent itemset mining and data clustering , 2010, 2010 International Conference on Network and Service Management.

[35]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[36]  Yuancheng Li,et al.  A Hybrid Malicious Code Detection Method based on Deep Learning , 2015 .

[37]  Chuanhe Huang,et al.  Selection of Candidate Support Vectors in incremental SVM for network intrusion detection , 2014, Comput. Secur..

[38]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[39]  William Stallings Network Security Essentials: Applications and Standards (3rd Edition) , 2006 .

[40]  Lars Kai Hansen,et al.  Neural Network Ensembles , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[41]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[42]  Ghita Ionescu Lukás , 1970 .