An Approach for Optimizing Ensemble Intrusion Detection Systems

Intrusion Detection System is yet an interesting research topic. With a very large amount of traffic in real-time networks, feature selection techniques that are effectively able to find important and relevant features are required. Hence, the most important and relevant set of features is the key to improve the performance of intrusion detection system. This study aims to find the best relevant selected features that can be used as important features in a new IDS dataset. To achieve the aim, an approach for generating optimized ensemble IDS is developed. Six features selection methods are used and compared, i.e.: Information Gain (IG), Gain Ratio (GR), Symmetrical Uncertainty (SU), Relief-F (R-F), One-R (OR) and Chi-Square (CS). The feature selection techniques produce sets of selected features. Each best selected number of features that are obtained from feature ranking step for respective feature selection technique will be used to classify attacks via four classification methods, i.e.: Bayesian Network (BN), Naïve Bayesian (NB), Decision Tree: J48 and SOM. Then, each feature selection technique with its respective best features is combined with each classifier method to generate ensemble IDSs. Lastly, the ensemble IDSs are evaluated using Hold-up, K-fold validation approaches, as well as F-Measure and statistical validation approaches. Experimental results using Weka tools on ITD-UTM dataset show the optimized ensemble IDSs using (SU and BN); using (CS and BN) or (CS and SOM) or (IG and NB); and using (OR and BN) with respective ten, four and seven best selected features achieves 81.0316%, 85.2593%, and 80.8625% of accuracy, respectively. In addition, ensemble IDSs using (SU and BN) and using (OR and J48) with ten and six best respective selected features, perform the best F-measure value, i.e.: 0.853 and 0.830, respectively. Indirect comparison with other ensemble IDS on different dataset is discussed.

[1]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[2]  Deris Stiawan,et al.  CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection , 2020, IEEE Access.

[3]  Deepa Pavithran,et al.  A Survey of Intrusion Detection Models based on NSL-KDD Data Set , 2018, 2018 Fifth HCT Information Technology Trends (ITT).

[4]  Aparna U.R.,et al.  Feature selection and extraction in data mining , 2016, 2016 Online International Conference on Green Engineering and Technologies (IC-GET).

[5]  Parag Kulkarni,et al.  Intrusion Detection System using Self Organizing Maps , 2009, 2009 International Conference on Intelligent Agent & Multi-Agent Systems.

[6]  Hadis Karimipour,et al.  Cyber intrusion detection by combined feature selection algorithm , 2019, J. Inf. Secur. Appl..

[7]  Ming-Yang Su,et al.  Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers , 2011, Expert Syst. Appl..

[8]  A Niranjan,et al.  ERCR TV: Ensemble of Random Committee and Random Tree for Efficient Anomaly Classification Using Voting , 2018, 2018 3rd International Conference for Convergence in Technology (I2CT).

[9]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[10]  I. Sumaiya Thaseen,et al.  Intrusion Detection Model Using Chi Square Feature Selection and Modified Naïve Bayes Classifier , 2016 .

[11]  D. Lalitha Bhaskari,et al.  Effective Hybrid Intrusion Detection System: A Layered Approach , 2015 .

[12]  Kshitij Shah,et al.  A survey on data mining approaches for dynamic analysis of malwares , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[13]  Heba F. Eid,et al.  Hybrid Intelligent Intrusion Detection Scheme , 2011 .

[14]  Manas Ranjan Patra,et al.  An Evolutionary Computation Based Classification Model for Network Intrusion Detection , 2015, ICDCIT.

[15]  S. I. Ali,et al.  A feature subset selection method based on symmetric uncertainty and Ant Colony Optimization , 2012, 2012 International Conference on Emerging Technologies.

[16]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[17]  Vijay Varadharajan,et al.  Intrusion detection techniques in cloud environment: A survey , 2017, J. Netw. Comput. Appl..

[18]  Kajal Rai,et al.  Decision Tree Based Algorithm for Intrusion Detection , 2016 .

[19]  Taghi M. Khoshgoftaar,et al.  Intrusion detection and Big Heterogeneous Data: a Survey , 2015, Journal of Big Data.

[20]  M. A. Jabbar,et al.  Random Forest Modeling for Network Intrusion Detection System , 2016 .

[21]  Gürsel Serpen,et al.  Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms , 2018, Intell. Data Anal..

[22]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[23]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[24]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[25]  Mohamed A. Shaheen,et al.  Adaptive Layered Approach using Machine Learning Techniques with Gain Ratio for Intrusion Detection Systems , 2012, ArXiv.

[26]  Ali Harounabadi,et al.  Feature Ranking in Intrusion Detection Dataset using Combination of Filtering Methods , 2013 .

[27]  Reazul Kabir,et al.  A Network Intrusion Detection Framework based on Bayesian Network using Wrapper Approach , 2017 .

[28]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[29]  Balasubramanian Raman,et al.  Anomaly based intrusion detection using filter based feature selection on KDD-CUP 99 , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[30]  Deris Stiawan,et al.  Attack and Vulnerability Penetration Testing: FreeBSD , 2013 .

[31]  B. Surendiran,et al.  Feature subset selection for intrusion detection using various rank-based algorithms , 2017, Int. J. Comput. Appl. Technol..

[32]  Riyazahmed A. Jamadar Network Intrusion Detection System Using Machine Learning , 2018 .

[33]  Robert Tibshirani,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction, 2nd Edition , 2001, Springer Series in Statistics.

[34]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[35]  K. A. Taher,et al.  Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection , 2019, 2019 International Conference on Robotics,Electrical and Signal Processing Techniques (ICREST).

[36]  Kok-Leong Ong,et al.  Feature selection for high dimensional imbalanced class data using harmony search , 2017, Eng. Appl. Artif. Intell..

[37]  Mohamed Jedra,et al.  New Intrusion Detection System Based on Support Vector Domain Description with Information Gain Metric , 2018, Int. J. Netw. Secur..

[38]  Sangeeta Bhattacharya,et al.  Multi-Measure Multi-Weight Ranking Approach for the Identification of the Network Features for the Detection of DoS and Probe Attacks , 2016, Comput. J..

[39]  Al-Furat Al-Awsat Performance Analysis of Big Data Intrusion Detection System over Random Forest Algorithm , 2018 .

[40]  Surinder Singh Khurana,et al.  Comparison of classification techniques for intrusion detection dataset using WEKA , 2014, International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014).

[41]  Robert McLeod,et al.  A Multi-agent Based Cognitive Approach to Unsupervised Feature Extraction and Classification for Network Intrusion Detection , 2017 .

[42]  Xingchun Diao,et al.  A Classification Method Based on Feature Selection for Imbalanced Data , 2019, IEEE Access.

[43]  Antony Selvadoss Thanamani,et al.  Feature Selection Based on Information Gain , 2013 .

[44]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[45]  Nur Izura Udzir,et al.  Intrusion detection based on k-means clustering and OneR classification , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[46]  Perica Strbac,et al.  Toward optimal feature selection using ranking methods and classification algorithms , 2011 .

[47]  I. Sumaiya Thaseen,et al.  Integrated Intrusion Detection Model Using Chi-Square Feature Selection and Ensemble of Classifiers , 2018, Arabian Journal for Science and Engineering.

[48]  Tanya Garg,et al.  Combinational feature selection approach for network intrusion detection system , 2014, 2014 International Conference on Parallel, Distributed and Grid Computing.

[49]  Bharat K. Bhargava,et al.  Identifying important characteristics in the KDD99 intrusion detection dataset by feature selection using a hybrid approach , 2010, 2010 17th International Conference on Telecommunications.

[50]  Thu Zar Phyu,et al.  Performance Comparison of Feature Selection Methods , 2016 .

[51]  S. El-Rabaie,et al.  Feature Selection Ranking and Subset-Based Techniques with Different Classifiers for Intrusion Detection , 2020, Wirel. Pers. Commun..

[52]  Shailendra Sahu,et al.  Network intrusion detection system using J48 Decision Tree , 2015, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[53]  Sunil Kumar Khatri,et al.  Filter-based Attribute Selection Approach for Intrusion Detection using k-Means Clustering and Sequential Minimal Optimization Techniq , 2019, 2019 Amity International Conference on Artificial Intelligence (AICAI).

[54]  Anazida Zainal,et al.  Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation , 2016, PloS one.

[55]  Josef Kittler,et al.  Floating search methods in feature selection , 1994, Pattern Recognit. Lett..

[56]  Marcin Szpyrka,et al.  An Entropy-Based Network Anomaly Detection Method , 2015, Entropy.

[57]  Jesús Ariel Carrasco-Ochoa,et al.  A new Unsupervised Spectral Feature Selection Method for mixed data: A filter approach , 2017, Pattern Recognit..

[58]  Cherukuri Aswani Kumar,et al.  Intrusion detection model using fusion of chi-square feature selection and multi class SVM , 2017, J. King Saud Univ. Comput. Inf. Sci..

[59]  E. Sathiyamoorthy,et al.  Comparative study for feature selection algorithms in intrusion detection system , 2016, Automatic Control and Computer Sciences.

[60]  Munther Abualkibash Machine Learning in Network Security Using KNIME Analytics , 2020, ArXiv.

[61]  Verónica Bolón-Canedo,et al.  Ensembles for feature selection: A review and future trends , 2019, Inf. Fusion.

[62]  Olasehinde Olayemi,et al.  Feature or Attribute Extraction for Intrusion Detection System using Gain Ratio and Principal Component Analysis (PCA) , 2016 .

[63]  Hari Om,et al.  STATISTICAL TECHNIQUES IN ANOMALY INTRUSION DETECTION SYSTEM , 2012 .

[64]  Samina Khalid,et al.  A survey of feature selection and feature extraction techniques in machine learning , 2014, 2014 Science and Information Conference.