An Effective Two-Step Intrusion Detection Approach Based on Binary Classification and $k$ -NN

Intrusion detection has been an important countermeasure to secure computing infrastructures from malicious attacks. To improve detection performance and reduce bias towards frequent attacks, this paper proposes a two-step hybrid method based on binary classification and <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula>-NN technique. Step 1 employs several binary classifiers and one aggregation module to effectively detect the exact classes of network connections. After step 1, the connections whose classes are uncertain are sent to step 2 to further determine their classes by the <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula>-NN algorithm. Step 2 is based on the outcomes of step 1 and yields a beneficial supplement to step 1. By combining the two steps, the proposed method achieves reliable results on the NSL-KDD data set. The effectiveness of the proposed method is evaluated in comparison with five supervised learning techniques. Experimental results demonstrate that the proposed method outperforms baselines with respect to various evaluation criteria. In particular, for U2R and R2L attacks, the F1-scores of the proposed method are much higher than those of baselines. Furthermore, comparisons with some recent hybrid approaches are also listed. The results illustrate that the proposed method is competitive.

[1]  Dong Hyun Jeong,et al.  A multi-level intrusion detection method for abnormal network behaviors , 2016, J. Netw. Comput. Appl..

[2]  Mamun Bin Ibne Reaz,et al.  A survey of intrusion detection systems based on ensemble and hybrid classifiers , 2017, Comput. Secur..

[3]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[4]  Julio Ortega Lopera,et al.  Network Anomaly Classification by Support Vector Classifiers Ensemble and Non-linear Projection Techniques , 2013, HAIS.

[5]  Christopher Leckie,et al.  High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning , 2016, Pattern Recognit..

[6]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[7]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[8]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[9]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[10]  Philip S. Yu,et al.  Top 10 algorithms in data mining , 2007, Knowledge and Information Systems.

[11]  Defeng Wang,et al.  Structured One-Class Classification , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[12]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[13]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[14]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[15]  Seref Sagiroglu,et al.  A Hybrid Method for Intrusion Detection , 2015, 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA).

[16]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[17]  Andreas Rauber,et al.  The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data , 2002, IEEE Trans. Neural Networks.

[18]  Adel Sabry Eesa,et al.  A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems , 2015, Expert Syst. Appl..

[19]  Mansour Sheikhan,et al.  Modification of supervised OPF-based intrusion detection systems using unsupervised learning and social network concept , 2017, Pattern Recognit..

[20]  Lam-for Kwok,et al.  Enhancing False Alarm Reduction Using Voted Ensemble Selection in Intrusion Detection , 2013, Int. J. Comput. Intell. Syst..

[21]  Zhang Xue-qin,et al.  Intrusion Detection System Based on Feature Selection and Support Vector Machine , 2006 .

[22]  Pietro Sabatino,et al.  Ensemble based collaborative and distributed intrusion detection systems: A survey , 2016, J. Netw. Comput. Appl..

[23]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[24]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[25]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[26]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[27]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[28]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[29]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[30]  João Paulo Papa,et al.  Supervised pattern classification based on optimum‐path forest , 2009, Int. J. Imaging Syst. Technol..

[31]  Seyed Mojtaba Hosseini Bamakan,et al.  An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization , 2016, Neurocomputing.

[32]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[33]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[34]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[35]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[36]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[37]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[38]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[39]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[40]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[41]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[42]  Yuehui Chen,et al.  Hybrid flexible neural-tree-based intrusion detection systems: Research Articles , 2007 .

[43]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[44]  Tirtharaj Dash,et al.  A study on intrusion detection using neural networks trained with evolutionary algorithms , 2017, Soft Comput..

[45]  Aiko M. Hormann,et al.  Programs for Machine Learning. Part I , 1962, Inf. Control..

[46]  D. Larose k‐Nearest Neighbor Algorithm , 2005 .

[47]  Harish Kumar,et al.  An intrusion detection system using network traffic profiling and online sequential extreme learning machine , 2015, Expert Syst. Appl..

[48]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[49]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[50]  Kalyanmoy Deb,et al.  A fast and elitist multiobjective genetic algorithm: NSGA-II , 2002, IEEE Trans. Evol. Comput..

[51]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..