An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities

Abnormal network traffic analysis through Intrusion Detection Systems (IDSs) and visualization techniques has considerably become an important research topic to protect computer networks from intruders. It has been still challenging to design an accurate and a robust IDS with visualization capabilities to discover security threats due to the high volume of network traffic. This research work introduces and describes a novel anomaly-based intrusion detection system in presence of long-range independence data called benign outliers, using a neural projection architecture by a modified Self-Organizing Map (SOM) to not only detect attacks and anomalies accurately, but also provide visualized information and insights to end users. The proposed approach enables better analysis by merging the large amount of network traffic into an easy-to-understand 2D format and a simple user interaction. To show the performance and validate the proposed visualization-based IDS, it has been trained and tested over synthetic and real benchmarking datasets (NSL-KDD, UNSW-NB15, AAGM and VPN-nonVPN) that are widely applied in this domain. The results of the conducted experimental study confirm the advantages and effectiveness of the proposed approach.

[1]  Parag Kulkarni,et al.  Intrusion Detection System using Self Organizing Maps , 2009, 2009 International Conference on Intelligent Agent & Multi-Agent Systems.

[2]  Steven P. Weber,et al.  Impact of sample size on false alarm and missed detection rates in PCA-based anomaly detection , 2017, 2017 51st Annual Conference on Information Sciences and Systems (CISS).

[3]  Manel Guerrero Zapata,et al.  Mining and Visualizing Uncertain Data Objects and Named Data Networking Traffics by Fuzzy Self-Organizing Map , 2014, AIC.

[4]  Kulsoom Abdullah,et al.  Visualizing network data for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[5]  Álvaro Herrero,et al.  Neural visualization of network traffic data for intrusion detection , 2011, Appl. Soft Comput..

[6]  Jill Slay,et al.  Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks , 2019, IEEE Transactions on Big Data.

[7]  Álvaro Herrero,et al.  Mobile Hybrid Intrusion Detection - The MOVICAB-IDS System , 2011, Studies in Computational Intelligence.

[8]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[9]  Deliang Zeng,et al.  A robust fuzzy tree method with outlier detection for combustion models and optimization , 2016 .

[10]  Piotr Kokoszka,et al.  Wavelet-based confidence intervals for the self-similarity parameter , 2008 .

[11]  Ronnie Johansson,et al.  Choosing DBSCAN Parameters Automatically using Differential Evolution , 2014 .

[12]  Seyed Mojtaba Hosseini Bamakan,et al.  Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem , 2017, Knowl. Based Syst..

[13]  Jie Gu,et al.  An effective intrusion detection framework based on SVM with feature augmentation , 2017, Knowl. Based Syst..

[14]  Jun He,et al.  A hybrid artificial immune system and Self Organising Map for network intrusion detection , 2008, Inf. Sci..

[15]  Amin Karami,et al.  ACCPndn: Adaptive Congestion Control Protocol in Named Data Networking by learning capacities using optimized Time-Lagged Feedforward Neural Network , 2015, J. Netw. Comput. Appl..

[16]  Donald C. Wunsch,et al.  An Information-Theoretic-Cluster Visualization for Self-Organizing Maps , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[17]  Zengyou He,et al.  Discovering cluster-based local outliers , 2003, Pattern Recognit. Lett..

[18]  B. Muthukumar,et al.  Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach , 2015 .

[19]  Manel Guerrero Zapata,et al.  A hybrid multiobjective RBF-PSO method for mitigating DoS attacks in Named Data Networking , 2015, Neurocomputing.

[20]  Sushanta Karmakar,et al.  A Neural Network based system for Intrusion Detection and attack classification , 2016, 2016 Twenty Second National Conference on Communication (NCC).

[21]  Ronnie Johansson,et al.  Utilization of Multi Attribute Decision Making Techniques to Integrate Automatic and Manual Ranking of Options , 2014, J. Inf. Sci. Eng..

[22]  Fu Yan,et al.  Research of Outlier Mining Based Adaptive Intrusion Detection Techniques , 2010, 2010 Third International Conference on Knowledge Discovery and Data Mining.

[23]  Ibrahim M. El-Henawy,et al.  VISUALIZATION TECHNIQUES FOR INTRUSION DETECTION - A SURVEY , 2011 .

[24]  Charlie Obimbo,et al.  Applying Variable Coe_cient functions to Self-Organizing Feature Maps for Network Intrusion Detection on the 1999 KDD Cup Dataset , 2012, CSER.

[25]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[26]  O. J. Vrieze,et al.  Kohonen Network , 1995, Artificial Neural Networks.

[27]  Mohamed Limam,et al.  A Three-Stage Process to Detect Outliers and False Positives Generated by Intrusion Detection Systems , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[28]  A. Nur Zincir-Heywood,et al.  Using self-organizing maps to build an attack map for forensic analysis , 2006, PST.

[29]  Satriyo Adhy,et al.  Usability Testing of Weather Monitoring on Android Application , 2018, 2018 2nd International Conference on Informatics and Computational Sciences (ICICoS).

[30]  Kai Liu,et al.  SOM-Based Anomaly Intrusion Detection System , 2007, EUC.

[31]  Yijie Wang,et al.  A C-SVM Based Anomaly Detection Method for Multi-Dimensional Sequence over Data Stream , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[32]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[33]  Bin Luo,et al.  A novel intrusion detection system based on feature generation with visualization strategy , 2014, Expert Syst. Appl..

[34]  M. Ibrahim Salim,et al.  A study on IDS for preventing Denial of Service attack using outliers techniques , 2016, 2016 IEEE International Conference on Engineering and Technology (ICETECH).

[35]  Shahaboddin Shamshirband,et al.  Anomaly Detection Using Cooperative Fuzzy Logic Controller , 2013, FIRA.

[36]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[37]  V. S. Shankar Sriram,et al.  An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine , 2017, Knowl. Based Syst..

[38]  Jason B. Ernst,et al.  A Survey and Taxonomy on Data and Pre-processing Techniques of Intrusion Detection Systems , 2018, Computer and Network Security Essentials.

[39]  Robert F. Erbacher,et al.  A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis , 2014 .

[40]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[41]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[42]  Emin Germen,et al.  Anomaly Detection with Self-Organizing Maps and Effects of Principal Component Analysis on Feature Vectors , 2009, 2009 Fifth International Conference on Natural Computation.

[43]  Xueying Zhang,et al.  Robust support vector data description for outlier detection with noise or uncertain data , 2015, Knowl. Based Syst..

[44]  Pei-Chann Chang,et al.  A population-based incremental learning approach with artificial immune system for network intrusion detection , 2016, Eng. Appl. Artif. Intell..

[45]  Khalid Chougdali,et al.  Network intrusion detection system using L1-norm PCA , 2015, IAS.

[46]  Dong Hyun Jeong,et al.  A multi-level intrusion detection method for abnormal network behaviors , 2016, J. Netw. Comput. Appl..

[47]  C. Dagli,et al.  Applying Variable Coefficient functions to Self-Organizing Feature Maps for Network Intrusion Detection on the 1999 KDD Cup Dataset , 2012 .

[48]  Fahimeh Jafari,et al.  A Secure Smart Home using Internet-of-Things , 2017, ICIME 2017.

[49]  Manel Guerrero Zapata,et al.  An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking , 2015, Comput. Networks.

[50]  Ridwan Nur Wibowo,et al.  NSL-KDD Dataset , 2019 .

[51]  Retno Kusumaningrum,et al.  Usability testing of weather monitoring on a web application , 2017, 2017 1st International Conference on Informatics and Computational Sciences (ICICoS).

[52]  Haibo He,et al.  Optimized Relative Transformation Matrix Using Bacterial Foraging Algorithm for Process Fault Detection , 2016, IEEE Transactions on Industrial Electronics.

[53]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[54]  Dominik Olszewski,et al.  Fraud detection using self-organizing map visualizing the user profiles , 2014, Knowl. Based Syst..

[55]  Geoffrey A. Hollinger,et al.  Autonomous Data Collection Using a Self-Organizing Map , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[56]  Ali A. Ghorbani,et al.  Characterization of Encrypted and VPN Traffic using Time-related Features , 2016, ICISSP.

[57]  Amin Karami,et al.  A Framework for Uncertainty-Aware Visual Analytics in Big Data , 2015, AIC.

[58]  Kamalrulnizam Abu Bakar,et al.  A Review of Clustering Techniques Based on Machine learning Approach in Intrusion Detection Systems , 2011 .

[59]  Robert C. Atkinson,et al.  Threat analysis of IoT networks using artificial neural network intrusion detection system , 2016, 2016 International Symposium on Networks, Computers and Communications (ISNCC).

[60]  Kun Zhang,et al.  Intrusion Detection Based on RBF Neural Network , 2009, 2009 International Symposium on Information Engineering and Electronic Commerce.

[61]  Sanjeev Jain,et al.  Implementation of Intrusion Detection System using Adaptive Neuro-Fuzzy Inference System for 5G wireless communication network , 2017 .

[62]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[63]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[64]  Jiankun Hu,et al.  A novel statistical technique for intrusion detection systems , 2018, Future Gener. Comput. Syst..

[65]  Vijay Varadharajan,et al.  PSI-NetVisor: Program semantic aware intrusion detection at network and hypervisor layer in cloud , 2017, J. Intell. Fuzzy Syst..

[66]  C. Douligeris,et al.  Detecting denial of service attacks using emergent self-organizing maps , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..