A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer

Due to the widespread of Internet services, all around the world, service providers are facing a major problem defending their systems, especially from new breaches and attacks. Network Intrusion Detection System (NIDS) analyzes network packets and reports low-level security violations to system administrators. In large networks, these reports become unmanageable. Moreover, state-of-the-art systems suffer from high false alarms. A NIDS should be anomaly-based to have the ability to discover zero-day attacks. Most NIDSs proposed by researchers that were based on such techniques suffered from high false alarms. This paper introduces an intelligent lightweight IDS that has a low false alarm rate while maintaining a high detection rate. The proposed NIDS is a fusion between two main subsystems that work in parallel. Each subsystem is trained using One-Class Support Vector Machine (OCSVM). One of the systems is trained over normal packets, while the other is trained over attack packets. The results of both subsystems are combined to give a good judgment for each packet that passes through the network. The proposed NIDS has been evaluated and compared with state-of-the-art systems using three popular IDS datasets (KDDCUP-99, NSL-KDD, and UNSW-NB15) in terms of detection rate, accuracy, f-measure and false alarms. The results show that the proposed NIDS outperformed the examined IDSs proposed by the previous researches.

[1]  Miguel A. Prada,et al.  Comparison of Network Intrusion Detection Performance Using Feature Representation , 2019, EANN.

[2]  Kun Xie,et al.  A new evolutionary neural networks based on intrusion detection systems using multiverse optimization , 2017, Applied Intelligence.

[3]  Changda Wang,et al.  Network anomaly detection in a controlled environment based on an enhanced PSOGSARFC , 2021, Comput. Secur..

[4]  Layla Albdour,et al.  IoT Crawler with Behavior Analyzer at Fog layer for Detecting Malicious Nodes , 2020, Int. J. Commun. Networks Inf. Secur..

[5]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[6]  Mario Lemes Proença,et al.  Deep IP flow inspection to detect beyond network anomalies , 2017, Comput. Commun..

[7]  Ahmad Sharieh,et al.  A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer , 2020 .

[8]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[9]  Vinita R. Shewale,et al.  Performance Evaluation of Attack Detection Algorithms using Improved Hybrid IDS with Online Captured Data , 2016 .

[10]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[11]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[12]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[13]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[14]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[15]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[16]  Jie Gu,et al.  An effective intrusion detection approach using SVM with naïve Bayes feature embedding , 2021, Comput. Secur..

[17]  Ning Wang,et al.  Intrusion Detection System in the Advanced Metering Infrastructure: A Cross-Layer Feature-Fusion CNN-LSTM-Based Approach , 2021, Sensors.

[18]  Jiadong Ren,et al.  Building an Effective Intrusion Detection System by Using Hybrid Data Optimization Based on Machine Learning Algorithms , 2019, Secur. Commun. Networks.

[19]  Christopher Leckie,et al.  Unsupervised Parameter Estimation for One-Class Support Vector Machines , 2016, PAKDD.

[20]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[21]  Retantyo Wardoyo,et al.  Time Complexity Analysis of Support Vector Machines (SVM) in LibSVM , 2015 .

[22]  Erhard Rahm,et al.  Data Cleaning: Problems and Current Approaches , 2000, IEEE Data Eng. Bull..

[23]  Mahesh Chandra,et al.  Grid search analysis of nu-SVC for text-dependent speaker-identification , 2015, 2015 Annual IEEE India Conference (INDICON).

[24]  Puja Padiya,et al.  Feature Selection Based Hybrid Anomaly Intrusion Detection System Using K Means and RBF Kernel Function , 2015 .

[25]  Adriaan van Niekerk,et al.  Optimising a one-class SVM for geographic object based novelty detection. , 2011 .

[26]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[27]  Fahimeh Farahnakian,et al.  A deep auto-encoder based approach for intrusion detection system , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[28]  Eric O. Postma,et al.  Dimensionality Reduction: A Comparative Review , 2008 .

[29]  Zahid Akhtar,et al.  Developing an Intrusion Detection Framework for High-Speed Big Data Networks: A Comprehensive Approach , 2018, KSII Trans. Internet Inf. Syst..

[30]  Ahmad Sharieh,et al.  A data estimation for failing nodes using fuzzy logic with integrated microcontroller in wireless sensor networks , 2020 .

[31]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[32]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[33]  Wenjuan Li,et al.  Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection , 2015, Secur. Commun. Networks.

[34]  Kun Xie,et al.  A new evolutionary neural networks based on intrusion detection systems using locust swarm optimization , 2019, Evol. Intell..

[35]  Taufik Abrão,et al.  Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic , 2018, Expert Syst. Appl..

[36]  Thanh Cong Truong,et al.  Artificial Intelligence and Cybersecurity: Past, Presence, and Future , 2020, Advances in Intelligent Systems and Computing.

[37]  Huseyin Ozkan,et al.  Online Anomaly Detection Under Markov Statistics With Controllable Type-I Error , 2016, IEEE Transactions on Signal Processing.

[38]  Identity Theft , 2021 .

[39]  S. Brintha Rajakumari,et al.  An Efficient Data Mining Dataset Preparation Using Aggregation in Relational Database , 2014 .

[40]  Nikos A. Vlassis,et al.  The global k-means clustering algorithm , 2003, Pattern Recognit..

[41]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[42]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[43]  Vandana Rohokale,et al.  Artificial Intelligence and Machine Learning in Cyber Security , 2019, Springer Series in Wireless Technology.

[44]  Yasser Morgan,et al.  Network Intrusion Detection System using Apache Storm , 2017 .

[45]  Woo Kyung Moon,et al.  Combining support vector machine with genetic algorithm to classify ultrasound breast tumor images , 2012, Comput. Medical Imaging Graph..

[46]  Mohammad Javad Golkar,et al.  A hybrid method consisting of GA and SVM for intrusion detection system , 2016, Neural Computing and Applications.

[47]  Hossam Faris,et al.  The Influence of Input Data Standardization Methods on the Prediction Accuracy of Genetic Programming Generated Classifiers , 2018, IJCCI.

[48]  Wei Gao,et al.  On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems , 2014, J. Digit. Forensics Secur. Law.

[49]  Steven L. Scott,et al.  A Bayesian paradigm for designing intrusion detection systems , 2004, Computational Statistics & Data Analysis.

[50]  Jisa David,et al.  DDoS Attack Detection Using Fast Entropy Approach on Flow- Based Network Traffic , 2015 .

[51]  Santosh Kumar Sahu,et al.  A detail analysis on intrusion detection datasets , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[52]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[53]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[54]  Hannes Holm,et al.  Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[55]  Bo Zong,et al.  Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection , 2018, ICLR.

[56]  Amin Karami,et al.  An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities , 2018, Expert Syst. Appl..

[57]  Mohamed Hamdi,et al.  Detecting Denial-of-Service attacks using the wavelet transform , 2007, Comput. Commun..

[58]  Bernd Bischl,et al.  Effectiveness of Random Search in SVM hyper-parameter tuning , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[59]  Christian Callegari,et al.  Combining sketches and wavelet analysis for multi time-scale network anomaly detection , 2011, Comput. Secur..

[60]  Hadeel Alazzam,et al.  Supervised detection of IoT botnet attacks , 2019, DATA.

[61]  Aman Jantan,et al.  An Efficient Intrusion Detection Model Based on Hybridization of Artificial Bee Colony and Dragonfly Algorithms for Training Multilayer Perceptrons , 2020, IEEE Access.