A Combination of PSO-Based Feature Selection and Tree-Based Classifiers Ensemble for Intrusion Detection Systems

Due to the numerous attacks over the Internet, several early detection systems have been developed to prevent the network from huge losses. Data mining, soft computing, and machine learning are employed to classify historical network traffic whether anomaly or normal. This paper presents the experimental result of network anomaly detection using particle swarm optimization (PSO) for attribute selection and the ensemble of tree-based classifiers (C4.5, Random Forest, and CART) for classification task. Proposed detection model shows the promising result with detection accuracy and lower positive rate compared to existing ensemble techniques.

[1]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[2]  J. Friedman Special Invited Paper-Additive logistic regression: A statistical view of boosting , 2000 .

[3]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[4]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[5]  Anazida Zainal,et al.  Feature Selection Using Rough-DPSO in Anomaly Intrusion Detection , 2007, ICCSA.

[6]  Russell C. Eberhart,et al.  A discrete binary version of the particle swarm algorithm , 1997, 1997 IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation.

[7]  Jiri Matas,et al.  On Combining Classifiers , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[8]  Geoffrey I. Webb,et al.  MultiBoosting: A Technique for Combining Boosting and Wagging , 2000, Machine Learning.

[9]  Subhash C. Bagui,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2005, Technometrics.

[10]  Matthew M. Williamson,et al.  Biologically Inspired Approaches to Computer Security , 2002 .

[11]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[12]  Carlos García Garino,et al.  Automatic network intrusion detection: Current techniques and open issues , 2012, Comput. Electr. Eng..

[13]  Uwe Aickelin,et al.  An Immune Inspired Approach to Anomaly Detection , 2009, ArXiv.

[14]  Wei-Yin Loh,et al.  Classification and regression trees , 2011, WIREs Data Mining Knowl. Discov..

[15]  Riccardo Poli,et al.  Geometric Particle Swarm Optimisation , 2007, EuroGP.

[16]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[17]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[18]  Georgios Kambourakis,et al.  Swarm intelligence in intrusion detection: A survey , 2011, Comput. Secur..

[19]  Ludmila I. Kuncheva,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2004 .

[20]  Juan José Rodríguez Diez,et al.  Rotation Forest: A New Classifier Ensemble Method , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[21]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[22]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.