Nearest neighbors based density peaks approach to intrusion detection

Abstract Intrusion detection systems are very important for network security. However, traditional intrusion detection systems can not identify new type of network intrusion for example zero-day attack. Many machine learning techniques were used in intrusion detection system and they showed better detection performance than other methods. A novel clustering algorithm called Density peaks clustering (DPC) which does not need many parameters and its iterative process is based on density. Because of its simple steps and parameters, it may have many application fields. So we are going to use it in intrusion detection to find a more accurate and efficient classifier. On the basis of some good ideas of DPC, this paper proposes a hybrid learning model based on k-nearest neighbors (kNN) in order to detect attacks more effectively and introduce the density in kNN. In density peaks nearest neighbors (DPNN), KDD-CUP 99 which is the standard dataset in intrusion detection is used to the experiment. Then, we use the dataset to train and calculate some parameters which are used in this algorithm. Finally, the DPNN classifier is used to classify attacks. Experiment results suggest that the DPNN performs better than support vector machine (SVM), k-nearest neighbors (kNN) and many other machine learning methods, and it can effectively detect intrusion attacks and has a good performance in accuracy.

[1]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[2]  C. A. Murthy,et al.  Unsupervised Feature Selection Using Feature Similarity , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[3]  Zhaohong Deng,et al.  Semi-Supervised SVM With Extended Hidden Features , 2016, IEEE Transactions on Cybernetics.

[4]  Shuliang Wang,et al.  Clustering by Fast Search and Find of Density Peaks with Data Field , 2016 .

[5]  Wei-Ho Chung,et al.  Coding-Aided K-Means Clustering Blind Transceiver for Space Shift Keying MIMO Systems , 2016, IEEE Transactions on Wireless Communications.

[6]  Chi-Hyuck Jun,et al.  Kernel-based calibration methods combined with multivariate feature selection to improve accuracy of near-infrared spectroscopic analysis , 2015 .

[7]  Elisa Bertino,et al.  Secure kNN Query Processing in Untrusted Cloud Environments , 2014, IEEE Transactions on Knowledge and Data Engineering.

[8]  Mansour Sheikhan,et al.  Modification of supervised OPF-based intrusion detection systems using unsupervised learning and social network concept , 2017, Pattern Recognit..

[9]  A. Rama Mohan Reddy,et al.  A fast DBSCAN clustering algorithm by accelerating neighbor searching using Groups method , 2016, Pattern Recognit..

[10]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[11]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[12]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[13]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[14]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[15]  Xiaoning Zhang,et al.  Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[16]  Jianxin Wu,et al.  Linear Regression-Based Efficient SVM Learning for Large-Scale Classification , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[17]  Bo Wang,et al.  Effectively clustering by finding density backbone based-on kNN , 2016, Pattern Recognit..

[18]  M. Hemalatha,et al.  Effective approach toward Intrusion Detection System using data mining techniques , 2014 .

[19]  Hui Li,et al.  A multiple-point spatially weighted k-NN method for object-based classification , 2016, Int. J. Appl. Earth Obs. Geoinformation.

[20]  Anil K. Jain,et al.  Data clustering: a review , 1999, CSUR.

[21]  Ge Yu,et al.  Efficient Distributed Density Peaks for Clustering Large Data Sets in MapReduce , 2016, IEEE Trans. Knowl. Data Eng..

[22]  Yamir Moreno,et al.  Vaccination and epidemics in networked populations—An introduction , 2017 .

[23]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[24]  Monther Aldwairi,et al.  Application of artificial bee colony for intrusion detection systems , 2015, Secur. Commun. Networks.

[25]  Hiromasa Kaneko,et al.  Data density-based fault detection and diagnosis with nonlinearities between variables and multimodal data distributions , 2015 .

[26]  Sukumar Nandi,et al.  A distance based clustering method for arbitrary shaped clusters in large datasets , 2011, Pattern Recognit..

[27]  Wei Cong,et al.  Anomaly intrusion detection based on PLS feature extraction and core vector machine , 2013, Knowl. Based Syst..

[28]  Christopher Leckie,et al.  High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning , 2016, Pattern Recognit..

[29]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[30]  Yibin Ying,et al.  Spectroscopy-based food classification with extreme learning machine , 2014 .

[31]  Shingo Mabu,et al.  Network Intrusion Detection Using Class Association Rule Mining Based on Genetic Network Programming , 2010 .

[32]  Feiping Nie,et al.  Feature Selection via Global Redundancy Minimization , 2015, IEEE Transactions on Knowledge and Data Engineering.

[33]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[34]  Alessandro Laio,et al.  Clustering by fast search and find of density peaks , 2014, Science.

[35]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[36]  Manas Ranjan Patra,et al.  Hybrid intelligent systems for detecting network intrusions , 2015, Secur. Commun. Networks.

[37]  Hongjie Jia,et al.  Study on density peaks clustering based on k-nearest neighbors and principal component analysis , 2016, Knowl. Based Syst..

[38]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[39]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[40]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[41]  Lin Wang,et al.  Evolutionary games on multilayer networks: a colloquium , 2015, The European Physical Journal B.

[42]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..