Network intrusion detection using equality constrained-optimization-based extreme learning machines

Abstract Since Internet is so popular and prevailing in human life, network security has become a very important issue and attracted a lot of study and practice. To detect or prevent network attacks, a network intrusion detection (NID) system may be equipped with machine learning algorithms to achieve better accuracy and faster detection speed. Applying machine learning has another major advantage that expert knowledge is not needed as much as the black or white list model. Extreme learning machines (ELMs) are single-layer artificial neural networks not required to be iteratively trained. Therefore, their learning speed is fast, and speed is crucial in the success of network intrusion detection systems for them to take prompt, effective defending reactions. Huang et al. proposed the equality constrained-optimization-based ELM (C-ELM) which is a modified version of ELM by integrating with the features of least squares support vector machines. In this paper, we apply C-ELM to network intrusion detection. An adaptively incremental learning strategy is proposed to derive the optimal number of hidden neurons. The optimization criteria and a way of adaptively increasing hidden neurons with binary search are developed. A broad number of experiments have been done and the results show that our proposed approach is effective in building models with good attack detection rates and fast learning speed.

[1]  Cheng Wu,et al.  Semi-Supervised and Unsupervised Extreme Learning Machines , 2014, IEEE Transactions on Cybernetics.

[2]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[3]  Chee Kheong Siew,et al.  Can threshold networks be trained directly? , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[4]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[5]  Lei Chen,et al.  Enhanced random search based incremental extreme learning machine , 2008, Neurocomputing.

[6]  R Xu,et al.  Constrained-optimization-based extreme learning machine with incremental learning , 2015 .

[7]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[8]  Longbing Cao,et al.  T2FELA: Type-2 Fuzzy Extreme Learning Algorithm for Fast Training of Interval Type-2 TSK Fuzzy Logic System , 2014, IEEE Transactions on Neural Networks and Learning Systems.

[9]  Yih-Fang Huang,et al.  Bounds on the number of hidden neurons in multilayer perceptrons , 1991, IEEE Trans. Neural Networks.

[10]  Robert K. L. Gay,et al.  Error Minimized Extreme Learning Machine With Growth of Hidden Nodes and Incremental Learning , 2009, IEEE Transactions on Neural Networks.

[11]  Vipin Das,et al.  Network Intrusion Detection System Based On Machine Learning Algorithms , 2010 .

[12]  Hongming Zhou,et al.  Extreme Learning Machine for Regression and Multiclass Classification , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[13]  Danwei Wang,et al.  Sparse Extreme Learning Machine for Classification , 2014, IEEE Transactions on Cybernetics.

[14]  Sam Kwong,et al.  An analysis of ELM approximate error based on random weight matrix , 2013 .

[15]  Yiqiang Chen,et al.  Weighted extreme learning machine for imbalance learning , 2013, Neurocomputing.

[16]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[17]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[18]  Rajdeep Borgohain,et al.  FuGeIDS: Fuzzy Genetic paradigms in Intrusion Detection Systems , 2012, ArXiv.

[19]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2014, IEEE Transactions on Parallel and Distributed Systems.

[20]  Martin T. Hagan,et al.  Neural network design , 1995 .

[21]  Igor V. Tetko,et al.  Neural network studies, 1. Comparison of overfitting and overtraining , 1995, J. Chem. Inf. Comput. Sci..

[22]  Narasimhan Sundararajan,et al.  Online Sequential Fuzzy Extreme Learning Machine for Function Approximation and Classification Problems , 2009, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[23]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[24]  James L. McClelland,et al.  Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations , 1986 .

[25]  Chee Kheong Siew,et al.  Incremental extreme learning machine with fully complex hidden nodes , 2008, Neurocomputing.

[26]  Francisco Herrera,et al.  On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems , 2015, Expert Syst. Appl..

[27]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[28]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[29]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[30]  Wenjuan Li,et al.  EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism , 2014, Comput. Secur..

[31]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[32]  Xiangjian He,et al.  RePIDS: A multi tier Real-time Payload-based Intrusion Detection System , 2013, Comput. Networks.

[33]  Hongming Zhou,et al.  Optimization method based extreme learning machine for classification , 2010, Neurocomputing.

[34]  W. Zhang,et al.  Fuzzy extreme learning machine for classification , 2013 .

[35]  Bernard Bobée,et al.  Daily reservoir inflow forecasting using artificial neural networks with stopped training approach , 2000 .

[36]  De-Shuang Huang,et al.  Improved extreme learning machine for function approximation by encoding a priori information , 2006, Neurocomputing.

[37]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[38]  Zhan-Li Sun,et al.  A Neuro-Fuzzy Inference System Through Integration of Fuzzy Logic and Extreme Learning Machines , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[39]  Chee Kheong Siew,et al.  Universal Approximation using Incremental Constructive Feedforward Networks with Random Hidden Nodes , 2006, IEEE Transactions on Neural Networks.

[40]  Stephen P. Boyd,et al.  Linear Matrix Inequalities in Systems and Control Theory , 1994 .

[41]  Harish Kumar,et al.  An intrusion detection system using network traffic profiling and online sequential extreme learning machine , 2015, Expert Syst. Appl..

[42]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[43]  Zhong Ming,et al.  An improved NSGA-III algorithm for feature selection used in intrusion detection , 2017, Knowl. Based Syst..

[44]  Guang-Bin Huang,et al.  Convex incremental extreme learning machine , 2007, Neurocomputing.

[45]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[46]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[47]  Pei-Chann Chang,et al.  A population-based incremental learning approach with artificial immune system for network intrusion detection , 2016, Eng. Appl. Artif. Intell..

[48]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[49]  S J Ghule,et al.  Network Intrusion Detection System using Fuzzy Logic , 2014 .

[50]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.