Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems.

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modified K-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modified K-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

[1]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[2]  P. Balasubramanie,et al.  Improving the Attack Detection Rate in Network Intrusion Detection using Adaboost Algorithm , 2012 .

[3]  Aristides Gionis,et al.  k-means-: A Unified Approach to Clustering and Outlier Detection , 2013, SDM.

[4]  W. Yassin,et al.  Intrusion detection based on K-Means clustering and Naïve Bayes classification , 2011, 2011 7th International Conference on Information Technology in Asia.

[5]  Wang Huai-bin,et al.  A Clustering Algorithm Use SOM and K-Means in Intrusion Detection , 2010, 2010 International Conference on E-Business and E-Government.

[6]  Ramesh Chandra Joshi,et al.  Parallel Misuse and Anomaly Detection Model , 2012, Int. J. Netw. Secur..

[7]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[10]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).

[11]  Mohssine El Ajjouri,et al.  Intelligent architecture based on MAS and CBR for intrusion detection , 2014, Proceedings of the 4th Edition of National Security Days (JNS4).

[12]  Meng Jianliang,et al.  The Application on Intrusion Detection Based on K-means Cluster Algorithm , 2009, 2009 International Forum on Information Technology and Applications.

[13]  C.-C. Jay Kuo,et al.  A new initialization technique for generalized Lloyd iteration , 1994, IEEE Signal Processing Letters.

[14]  Nagaraju Devarakonda,et al.  Integrated Bayes Network and Hidden Markov Model for Host based IDS , 2012 .

[15]  Lizhong Xiao,et al.  K-means Algorithm Based on Particle Swarm Optimization Algorithm for Anomaly Intrusion Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[16]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[17]  G H Ball,et al.  A clustering technique for summarizing multivariate data. , 1967, Behavioral science.

[18]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[19]  Mothd Belal Al-Daoud A New Algorithm for Cluster Initialization , 2005, WEC.

[20]  Vipin Kumar,et al.  A Comparative Study of Classification Techniques for Intrusion Detection , 2013, 2013 International Symposium on Computational and Business Intelligence.

[21]  Murat Erisoglu,et al.  A new algorithm for initial cluster centers in k-means algorithm , 2011, Pattern Recognit. Lett..

[22]  Nor Badrul Anuar,et al.  An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique , 2013, Eng. Appl. Artif. Intell..

[23]  Mohammad Zulkernine,et al.  DIDMA: a distributed intrusion detection system using mobile agents , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[24]  Thomas Plum,et al.  Efficient C , 1985 .

[25]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[26]  Medromi Hicham,et al.  A collaborative intrusion detection and Prevention System in Cloud Computing , 2013, 2013 Africon.

[27]  Pedro Larrañaga,et al.  An empirical comparison of four initialization methods for the K-Means algorithm , 1999, Pattern Recognit. Lett..

[28]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[29]  Nandita Sengupta,et al.  Designing of on line intrusion detection system using rough set theory and Q-learning algorithm , 2013, Neurocomputing.

[30]  Huang Tianshu,et al.  A Fast Fuzzy Set Intrusion Detection Model , 2008, 2008 International Symposium on Knowledge Acquisition and Modeling.

[31]  Boleslaw K. Szymanski,et al.  NETWORK-BASED INTRUSION DETECTION USING NEURAL NETWORKS , 2002 .

[32]  Wang Xiaojun,et al.  High performance Deep Packet Inspection on multi-core platform , 2009, 2009 2nd IEEE International Conference on Broadband Network & Multimedia Technology.

[33]  Salvatore Ruggieri,et al.  Efficient C4.5 , 2002, IEEE Trans. Knowl. Data Eng..

[34]  Wang Jie,et al.  The method of network intrusion detection based on the neural network GCBP algorithm , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[35]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[36]  Tao Li,et al.  Distributed agents model for intrusion detection based on AIS , 2009, Knowl. Based Syst..

[37]  Rajni Jindal,et al.  Social Networking based E-Learning System on Clouds , 2012 .

[38]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[39]  K. Raghuveer,et al.  Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers , 2013, 2013 International Conference on Computer Communication and Informatics.

[40]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[41]  Muttukrishnan Rajarajan,et al.  Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing , 2012 .

[42]  Md. Al Mehedi Hasan,et al.  Support Vector Machine and Random Forest Modeling for Intrusion Detection System (IDS) , 2014 .

[43]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[44]  Chaker Katar Combining Multiple Techniques for Intrusion Detection , 2006 .

[45]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[46]  Aboul Ella Hassanien,et al.  Multi-layer hybrid machine learning techniques for anomalies detection and classification approach , 2013, 13th International Conference on Hybrid Intelligent Systems (HIS 2013).

[47]  Azizah Abdul Rahman,et al.  Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents , 2013, Int. J. Netw. Secur..

[48]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[49]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[50]  Gary B. Lamont,et al.  Multi agent system for network attack classification using flow-based intrusion detection , 2011, 2011 IEEE Congress of Evolutionary Computation (CEC).

[51]  Hang Zhou,et al.  Design of a Multi-agent Based Intelligent Intrusion Detection System , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[52]  Anil K. Jain Data clustering: 50 years beyond K-means , 2010, Pattern Recognit. Lett..

[53]  Vir V. Phoha,et al.  K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods , 2007, IEEE Transactions on Knowledge and Data Engineering.