A New Hybrid Machine Learning for Cybersecurity Threat Detection Based on Adaptive Boosting

ABSTRACT A hybrid machine learning is a combination of multiple types of machine learning algorithms for improving the performance of single classifiers. Currently, cyber intrusion detection systems require high-performance methods for classifications because attackers can develop invasive methods and evade the detection tools. In this paper, the cyber intrusion detection architecture based on new hybrid machine learning is proposed for multiple cyber intrusion detection. In addition, the correlation-based feature selection is adopted for reducing the irrelevant features and the weight vote of adaptive boosting that is adopted to combine multiple classifiers is concentrated. In the experiments, UNB-CICT or network traffic dataset is used for evaluating the performance of the proposed method. The results show that the proposed method can achieve higher efficiency in every attack type detection. Furthermore, the experiments with Phishing website dataset UNSW-NB 15 dataset NSL-KDD dataset and KDD Cup’99 dataset are also conducted, and the results show that the proposed method can produce higher efficiency as well.

[1]  Juan José Rodríguez Diez,et al.  A weighted voting framework for classifiers ensembles , 2012, Knowledge and Information Systems.

[2]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[3]  Naghmeh Moradpoor Sheykhkanloo Employing Neural Networks for the Detection of SQL Injection Attack , 2014, SIN.

[4]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[5]  Ibrahim Ghafir,et al.  Tor-based malware and Tor connection detection , 2014 .

[6]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[7]  Sudhir Kumar Sharma,et al.  Detection rate analysis for user to root attack class using correlation feature selection , 2015, International Conference on Computing, Communication & Automation.

[8]  Zhenyu Zhang,et al.  Research on AdaBoost.M1 with Random Forest , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[9]  Slobodan Petrovic,et al.  Improving Effectiveness of Intrusion Detection by Correlation Feature Selection , 2010, 2010 International Conference on Availability, Reliability and Security.

[10]  Dirk Van,et al.  Ensemble Methods: Foundations and Algorithms , 2012 .

[11]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[12]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[13]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[14]  Brajesh Patel,et al.  An Overview on Intrusion Detection System and Types of Attacks It Can Detect Considering Different Protocols , 2012 .

[15]  Ajith Abraham,et al.  Intrusion detection using error correcting output code based ensemble , 2014, 2014 14th International Conference on Hybrid Intelligent Systems.

[16]  Yu Ren An Integrated Intrusion Detection System by Combining SVM with AdaBoost , 2014 .

[17]  Tayebeh Rouhani Nejad,et al.  Intrusion detection in computer networks through a hybrid approach of data mining and decision trees , 2014 .

[18]  Slim Abdennadher,et al.  Enhancing one-class support vector machines for unsupervised anomaly detection , 2013, ODD '13.

[19]  G. Michael Detection of malicious attacks by Meta classification algorithms , 2015 .

[20]  Ziyang Xie,et al.  The Correlation-Base-Selection Algorithm for Diagnostic Schizophrenia Based on Blood-Based Gene Expression Signatures , 2017, BioMed research international.

[21]  A. Saradha,et al.  Detection of Distributed Denial of Service Attacks , 2012 .

[22]  Kevin B. Korb,et al.  Anomaly detection in vessel tracks using Bayesian networks , 2014, Int. J. Approx. Reason..

[23]  Isredza Rahmi A HAMID,et al.  Using feature selection and classification scheme for automating phishing email detection , 2013 .

[24]  Jamal Hussain,et al.  A Hybrid Approach for Determining the Efficient Network Intrusion Detection System , 2014 .

[25]  Robert C. Atkinson,et al.  Machine Learning Approach for Detection of nonTor Traffic , 2017, ARES.

[26]  Fadi A. Thabtah,et al.  Phishing detection based Associative Classification data mining , 2014, Expert Syst. Appl..

[27]  Yasmen Wahba,et al.  Improving the Performance of Multi-class Intrusion Detection Systems using Feature Reduction , 2015, ArXiv.

[28]  Mamun Bin Ibne Reaz,et al.  A survey of intrusion detection systems based on ensemble and hybrid classifiers , 2017, Comput. Secur..

[29]  Aydin Behnad,et al.  On efficiency enhancement of the correlation-based feature selection for intrusion detection systems , 2016, 2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).

[30]  Francisco Herrera,et al.  A Review on Ensembles for the Class Imbalance Problem: Bagging-, Boosting-, and Hybrid-Based Approaches , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[31]  Tai-hoon Kim,et al.  Linear Correlation-Based Feature Selection for Network Intrusion Detection Model , 2013, SecNet.

[32]  S. Selvakumar,et al.  Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems , 2013, Comput. Commun..

[33]  Ricardo Chavarriaga,et al.  On-line anomaly detection and resilience in classifier ensembles , 2013, Pattern Recognit. Lett..