Intelligent feature selection and classification techniques for intrusion detection in networks: a survey

Rapid growth in the Internet usage and diverse military applications have led researchers to think of intelligent systems that can assist the users and applications in getting the services by delivering required quality of service in networks. Some kinds of intelligent techniques are appropriate for providing security in communication pertaining to distributed environments such as mobile computing, e-commerce, telecommunication, and network management. In this paper, a survey on intelligent techniques for feature selection and classification for intrusion detection in networks based on intelligent software agents, neural networks, genetic algorithms, neuro-genetic algorithms, fuzzy techniques, rough sets, and particle swarm intelligence has been proposed. These techniques have been useful for effectively identifying and preventing network intrusions in order to provide security to the Internet and to enhance the quality of service. In addition to the survey on existing intelligent techniques for intrusion detection systems, two new algorithms namely intelligent rule-based attribute selection algorithm for effective feature selection and intelligent rule-based enhanced multiclass support vector machine have been proposed in this paper.

[1]  Malcolm I. Heywood,et al.  Scaling Genetic Programming to Large Datasets Using Hierarchical Dynamic Subset Selection , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[2]  E. Nazemi,et al.  An Agent - Based Architecture with Centralized Management for a Distance Learning System , 2007, International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007).

[3]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Jeng-Shyang Pan,et al.  Fourth International Conference on Innovative, Computing, Information and Control , 2009 .

[5]  James A. Mahaffey,et al.  Multiple Self-Organizing Maps for Intrusion Detection , 2000 .

[6]  Hafiz Farooq Ahmad,et al.  Honey Bee Teamwork Architecture in Multi-agent Systems , 2006, CSCWD.

[7]  Hang Zhou,et al.  Design of a Multi-agent Based Intelligent Intrusion Detection System , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[8]  Zihui Che,et al.  An Efficient Intrusion Detection Approach Based on Hidden Markov Model and Rough Set , 2010, 2010 International Conference on Machine Vision and Human-machine Interface.

[9]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[10]  Peter Mell,et al.  A denial-of-service resistant intrusion detection architecture , 2000, Comput. Networks.

[11]  Philip J. Morrow,et al.  Security Schemes for a Mobile Agent Based Network and System Management Framework , 2011, Journal of Network and Systems Management.

[12]  David G. Stork,et al.  Pattern Classification (2nd ed.) , 1999 .

[13]  Azuraliza Abu Bakar,et al.  An Agent Based Rough Classifier for Data Mining , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[14]  Kotagiri Ramamohanarao,et al.  Layered Approach Using Conditional Random Fields for Intrusion Detection , 2010, IEEE Transactions on Dependable and Secure Computing.

[15]  Mohamed Mezghiche,et al.  A Distributed Intrusion Detection Model Based on a Society of Intelligent Mobile Agents for Ad Hoc Network , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[16]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[17]  Jian-An Fang,et al.  Intrusion Detection Model Based on Hierarchical Fuzzy Inference System , 2009, 2009 Second International Conference on Information and Computing Science.

[18]  Salem Benferhat,et al.  On the combination of naive Bayes and decision trees for intrusion detection , 2005, International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC'06).

[19]  Larry D. Wittie,et al.  Application of a “Staggered Walk” Algorithm for Generating Large-Scale Morphological Neuronal Networks , 2012, Comput. Intell. Neurosci..

[20]  Roberto Battiti,et al.  Using mutual information for selecting features in supervised neural net learning , 1994, IEEE Trans. Neural Networks.

[21]  Antanas Verikas,et al.  Feature selection with neural networks , 2002, Pattern Recognit. Lett..

[22]  Ron Kohavi,et al.  Wrappers for Feature Subset Selection , 1997, Artif. Intell..

[23]  Tzuu-Hseng S. Li,et al.  Construction of a neuron-fuzzy classification model based on feature-extraction approach , 2011, Expert Syst. Appl..

[24]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[25]  Arthur C. Graesser,et al.  Is it an Agent, or Just a Program?: A Taxonomy for Autonomous Agents , 1996, ATAL.

[26]  Mario Vento,et al.  To reject or not to reject: that is the question-an answer in case of neural classifiers , 2000, IEEE Trans. Syst. Man Cybern. Part C.

[27]  Nikolai Joukov,et al.  INTERNET WORMS AS INTERNET-WIDE THREAT , 2003 .

[28]  Nicholas R. Jennings,et al.  Intelligent Agents III. Agent Theories, Architectures, and Languages ECAI'96 Workshop (ATAL), Budapest, Hungary, August 12-13, 1996, Proceedings , 1997 .

[29]  K.M. Passino Systems Biology of Group Decision Making , 2006, 2006 14th Mediterranean Conference on Control and Automation.

[30]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[31]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[32]  Kazuyuki Murase,et al.  A new wrapper feature selection approach using neural network , 2010, Neurocomputing.

[33]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[34]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[35]  Chi-Ho Tsang,et al.  Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction , 2005, 2005 IEEE International Conference on Industrial Technology.

[36]  Da-Xin Tian,et al.  ANNIDS: intrusion detection system based on artificial neural network , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[37]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[38]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[39]  David G. Stork,et al.  Pattern Classification , 1973 .

[40]  Huan Liu,et al.  Toward integrating feature selection algorithms for classification and clustering , 2005, IEEE Transactions on Knowledge and Data Engineering.

[41]  Horst F. Wedde,et al.  A novel class of multi-agent algorithms for highly dynamic transport planning inspired by honey bee behavior , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[42]  Arputharaj Kannan,et al.  Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM , 2012, Comput. Intell. Neurosci..

[43]  Jeich Mar,et al.  An ANFIS-IDS against deauthentication DOS attacks for a WLAN , 2010, 2010 International Symposium On Information Theory & Its Applications.

[44]  Nasser Ghadiri,et al.  An Adaptive Hybrid Architecture for Intrusion Detection Based on Fuzzy Clustering and RBF Neural Networks , 2011, 2011 Ninth Annual Communication Networks and Services Research Conference.

[45]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[46]  Justin Doak,et al.  An evaluation of feature selection methods and their application to computer security , 1992 .

[47]  Johan A. K. Suykens,et al.  Least squares support vector machine classifiers: a large scale algorithm , 1999 .

[48]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[49]  Antonio Bicchi,et al.  Decentralized intrusion detection for secure cooperative multi-agent systems , 2007, 2007 46th IEEE Conference on Decision and Control.

[50]  Sreeram Ramakrishnan,et al.  A hybrid approach for feature subset selection using neural networks and ant colony optimization , 2007, Expert Syst. Appl..

[51]  Michael Wooldridge,et al.  Proceedings of the Workshop on Intelligent Agents III, Agent Theories, Architectures, and Languages , 1996 .

[52]  Xu Zhang,et al.  Intrusion detection based on ant colony algorithm of fuzzy clustering , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[53]  Patrick van der Smagt,et al.  Introduction to neural networks , 1995, The Lancet.

[54]  Stefanos Koutsoutos,et al.  A Classifier Ensemble Approach to Intrusion Detection for Network-Initiated Attacks , 2007, Emerging Artificial Intelligence Applications in Computer Engineering.

[55]  Qiang Zhang,et al.  A Bee Swarm Genetic Algorithm for the Optimization of DNA Encoding , 2008, 2008 3rd International Conference on Innovative Computing Information and Control.

[56]  Thomas Magedanz,et al.  Intelligent agents: an emerging technology for next generation telecommunications? , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[57]  Bijendra Patel,et al.  Evaluating trainee experience of surgical skills teaching , 2014 .

[58]  Heidar A. Malki,et al.  Network Intrusion Detection System Using Neural Networks , 2008, 2008 Fourth International Conference on Natural Computation.

[59]  Michael N. Huhns,et al.  Multiagent-Based Fault Tolerance Management for Robustness , 2008 .

[60]  Michael A. Demetriou,et al.  Proceedings of the 46th IEEE Conference on Decision and Control , 2007, IEEE Conference on Decision and Control.

[61]  Beizhan Wang,et al.  Feature selection based on Rough set and modified genetic algorithm for intrusion detection , 2010, 2010 5th International Conference on Computer Science & Education.

[62]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[63]  Lotfi A. Zadeh,et al.  Roles of Soft Computing and Fuzzy Logic in the Conception, Design and Deployment of Information/Intelligent Systems , 1998 .

[64]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[65]  Vasant Honavar,et al.  Towards the automatic generation of mobile agents for distributed intrusion detection system , 2006, J. Syst. Softw..

[66]  Ingoo Han,et al.  The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors , 2003, Expert Syst. Appl..

[67]  Jing Xu,et al.  Intrusion Detection Method Based on Fuzzy Hidden Markov Model , 2009, 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery.

[68]  Hong Gu,et al.  Anomaly detection combining one-class SVMs and particle swarm optimization algorithms , 2010 .

[69]  Kazuyuki Murase,et al.  A new hybrid ant colony optimization algorithm for feature selection , 2012, Expert Syst. Appl..

[70]  Hui-Hua Yang,et al.  Ant colony optimization based network intrusion feature selection and detection , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[71]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[72]  Huaiqing Wang,et al.  A discretization algorithm based on a heterogeneity criterion , 2005, IEEE Transactions on Knowledge and Data Engineering.

[73]  N. Balakrishnan,et al.  Improvement in Intrusion Detection With Advances in Sensor Fusion , 2009, IEEE Transactions on Information Forensics and Security.

[74]  Goldberg,et al.  Genetic algorithms , 1993, Robust Control Systems with Genetic Algorithms.

[75]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[76]  Weidong Jin,et al.  Multi-agent system for Worm Detection and Containment in Metropolitan Area Networks , 2006 .

[77]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[78]  Teng Shaohua,et al.  Intrusion Detection Based on Fuzzy Support Vector Machines , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[79]  Horst F. Wedde,et al.  Highly Dynamic and Adaptive Traffic Congestion Avoidance in Real-Time Inspired by Honey Bee Behavior , 2007, PEARL.

[80]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[81]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[82]  Arputharaj Kannan,et al.  An Intelligent Agent Based Intrusion Detection System Using Fuzzy Rough Set Based Outlier Detection , 2012, Soft Computing Techniques in Vision Science.

[83]  Hongle Du,et al.  Fuzzy Multi-Class Support Vector Machines for cooperative network intrusion detection , 2010, 9th IEEE International Conference on Cognitive Informatics (ICCI'10).

[84]  Daniel T. Larose,et al.  Discovering Knowledge in Data: An Introduction to Data Mining , 2005 .

[85]  Okyay Kaynak,et al.  Computational Intelligence: Soft Computing and Fuzzy-Neuro Integration with Applications , 1998, NATO ASI Series.

[86]  A. Gupta,et al.  SWAN: A Swarm Intelligence Based Framework for Network Management of IP Networks , 2007, International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007).

[87]  Jian-An Fang,et al.  Research on Neuro-fuzzy Inference System in Hierarchical Intrusion Detection , 2009, 2009 International Conference on Information Technology and Computer Science.

[88]  Masoud Nikravesh,et al.  Feature Extraction - Foundations and Applications , 2006, Feature Extraction.

[89]  Sung Hoon Jung,et al.  Queen-bee evolution for genetic algorithms , 2003 .