Machine Learning Techniques for Classifying Network Anomalies and Intrusions

Using machine learning techniques to detect network intrusions is an important topic in cybersecurity. A variety of machine learning models have been designed to help detect malicious intentions of network users. We employ two deep learning recurrent neural networks with a variable number of hidden layers: Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU). We also evaluate the recently proposed Broad Learning System (BLS) and its extensions. The models are trained and tested using Border Gateway Protocol (BGP) datasets that contain routing records collected from Réseaux IP Européens (RIPE) and BCNET as well as the NLS-KDD dataset containing network connection records. The algorithms are compared based on accuracy and F-Score.

[1]  Fan Zhang,et al.  An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units , 2018, IEEE Access.

[2]  C. L. Philip Chen,et al.  Universal Approximation Capability of Broad Learning System and Its Structural Variations , 2019, IEEE Transactions on Neural Networks and Learning Systems.

[3]  Adetunmbi A. Olusola,et al.  Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features , 2010 .

[4]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[5]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[6]  Ljiljana Trajkovic,et al.  Feature selection for classification of BGP anomalies using Bayesian models , 2012, 2012 International Conference on Machine Learning and Cybernetics.

[7]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[8]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.

[9]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[10]  Ljiljana Trajkovic,et al.  Detecting BGP anomalies using machine learning techniques , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[11]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[12]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[13]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[14]  C. L. Philip Chen,et al.  Broad learning system: Structural extensions on single-layer and multi-layer neural networks , 2017, 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC).

[15]  Jürgen Schmidhuber,et al.  Framewise phoneme classification with bidirectional LSTM and other neural network architectures , 2005, Neural Networks.

[16]  Ljiljana Trajkovic,et al.  Comparison of Machine Learning Algorithms for Detection of Network Intrusions , 2018, 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[17]  Nitish Srivastava,et al.  Improving neural networks by preventing co-adaptation of feature detectors , 2012, ArXiv.

[18]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[19]  Joan Feigenbaum,et al.  Learning-based anomaly detection in BGP updates , 2005, MineNet '05.

[20]  Boris N. Oreshkin,et al.  Machine learning approaches to network anomaly detection , 2007 .

[21]  Brett J. Borghetti,et al.  A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection , 2015, IEEE Communications Surveys & Tutorials.

[22]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[23]  Ljiljana Trajkovic,et al.  Comparison of machine learning models for classification of BGP anomalies , 2012 .

[24]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.

[25]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[26]  Ljiljana Trajkovic,et al.  Application of Machine Learning Techniques to Detecting Anomalies in Communication Networks: Classification Algorithms , 2018 .

[27]  Yang Yu,et al.  An Effective Two-Step Intrusion Detection Approach Based on Binary Classification and $k$ -NN , 2018, IEEE Access.

[28]  Hu Aiqun,et al.  A New Intrusion Detection Feature Extraction Method Based on Complex Network Theory , 2012, 2012 Fourth International Conference on Multimedia Information Networking and Security.

[29]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[30]  R. J. Williams,et al.  Simple Statistical Gradient-Following Algorithms for Connectionist Reinforcement Learning , 2004, Machine Learning.

[31]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[32]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[33]  C. L. Philip Chen,et al.  Broad Learning System: An Effective and Efficient Incremental Learning System Without the Need for Deep Architecture , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[34]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[35]  Xizhao Wang,et al.  Classification of BGP anomalies using decision trees and fuzzy rough sets , 2014, 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[36]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[37]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.