Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model

Abstract Efficiently detecting network intrusions requires the gathering of sensitive information. This means that one has to collect large amounts of network transactions including high details of recent network transactions. Assessments based on meta-heuristic anomaly are important in the intrusion related network transaction data’s exploratory analysis. These assessments are needed to make and deliver predictions related to the intrusion possibility based on the available attribute details that are involved in the network transaction. We were able to utilize the NSL-KDD data set, the binary and multiclass problem with a 20% testing dataset. This paper develops a new hybrid model that can be used to estimate the intrusion scope threshold degree based on the network transaction data’s optimal features that were made available for training. The experimental results revealed that the hybrid approach had a significant effect on the minimisation of the computational and time complexity involved when determining the feature association impact scale. The accuracy of the proposed model was measured as 99.81% and 98.56% for the binary class and multiclass NSL-KDD data sets, respectively. However, there are issues with obtaining high false and low false negative rates. A hybrid approach with two main parts is proposed to address these issues. First, data needs to be filtered using the Vote algorithm with Information Gain that combines the probability distributions of these base learners in order to select the important features that positively affect the accuracy of the proposed model. Next, the hybrid algorithm consists of following classifiers: J48, Meta Pagging, RandomTree, REPTree, AdaBoostM1, DecisionStump and NaiveBayes. Based on the results obtained using the proposed model, we observe improved accuracy, high false negative rate, and low false positive rule.

[1]  Zhong Jin,et al.  A novel SVM by combining kernel principal component analysis and improved chaotic particle swarm optimization for intrusion detection , 2014, Soft Computing.

[2]  Satish R. Kolhe,et al.  Survey on Intrusion Detection System using Machine Learning Techniques , 2013 .

[3]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[4]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[5]  Puja Padiya,et al.  Feature Selection Based Hybrid Anomaly Intrusion Detection System Using K Means and RBF Kernel Function , 2015 .

[6]  Yixian Yang,et al.  A distance sum-based hybrid method for intrusion detection , 2013, Applied Intelligence.

[7]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[8]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[9]  Karin Strauss,et al.  Accelerating Deep Convolutional Neural Networks Using Specialized Hardware , 2015 .

[10]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[11]  Martin Chovanec,et al.  INTRUSION DETECTION SYSTEM USING SELF ORGANIZING MAP , 2006 .

[12]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[13]  Bin Liu,et al.  A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection , 2006, IEEE Journal on Selected Areas in Communications.

[14]  Jie Shan,et al.  Research on Intrusion Detection Algorithm Based on BP Neural Network , 2015 .

[15]  Intrusion Detection System Using Bagging of Partial Decision Tree Base Classifier , 2016 .

[16]  H. Jonathan Chao,et al.  A 10-Gbps High-Speed Single-Chip Network Intrusion Detection and Prevention System , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[17]  Christian Diedrich,et al.  Accelerated deep neural networks for enhanced Intrusion Detection System , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[18]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..

[19]  Santosh Kumar Sahu,et al.  A detail analysis on intrusion detection datasets , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[20]  R. Sekar,et al.  A high-performance network intrusion detection system , 1999, CCS '99.

[21]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[22]  Shadi Aljawarneh,et al.  Investigations of automatic methods for detecting the polymorphic worms signatures , 2016, Future Gener. Comput. Syst..

[23]  Alok N. Choudhary,et al.  An FPGA-Based Network Intrusion Detection Architecture , 2008, IEEE Transactions on Information Forensics and Security.

[24]  Sunil Nilkanth Pawar,et al.  Genetic algorithm with variable length chromosomes for network intrusion detection , 2015, International Journal of Automation and Computing.

[25]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[26]  Berin Martini,et al.  Hardware accelerated convolutional neural networks for synthetic vision systems , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[27]  Amit Kumar Dewangan,et al.  An Ensemble Model for Classification of Attacks with Feature Selection based on KDD99 and NSL-KDD Data Set , 2014 .

[28]  Monther Aldwairi,et al.  Application of artificial bee colony for intrusion detection systems , 2015, Secur. Commun. Networks.

[29]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[30]  Shi Yu-hao The Application of Neural Networks In Intrusion Detection , 2012 .

[31]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[32]  Sureswaran Ramadass,et al.  Distributed Agent Based Model for Intrusion Detection System Based on Artificial Immune System , 2013 .

[33]  Muhammad Hussain,et al.  Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components , 2014, Neural Computing and Applications.

[34]  Jürgen Schmidhuber,et al.  Multi-column deep neural networks for image classification , 2012, 2012 IEEE Conference on Computer Vision and Pattern Recognition.

[35]  Hesham Altwaijry,et al.  Bayesian based intrusion detection system , 2012, J. King Saud Univ. Comput. Inf. Sci..

[36]  M. Nene,et al.  A Survey on Machine Learning Techniques for Intrusion Detection Systems , 2013 .

[37]  Qihai Zhou Theoretical and Mathematical Foundations of Computer Science , 2011 .