Ensemble-based framework for intrusion detection system

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    In this digital age, data is growing as faster as unimaginable. One common problem in data mining is high dimensionality which impacts the quality of training datasets and thereafter classification models. This leads to a high risk of identifying intrusions for Intrusion Detection System (IDS).The probable solution for reducing dimensionality is feature selection. Another considerable cumbersome task for constructing potent classification models from multiclass datasets is the class imbalance. This may lead to a higher error rate and less accuracy. Therefore to resolve these problems, we investigated ensemble feature selection and ensemble learning techniques for IDS. The ensemble models will decrease the hassle of selecting the wrong hypothesis and give a better approximation of the true function. In this paper Prudent Intrusion detection system (PIDS) framework, focusing on ensemble learning is given. It is a two-phase approach. Firstly, the merging of two filtering approaches is done with Ensemble Feature Selection (EFS) algorithm. The proposed EFS algorithm is implemented based on fuzzy aggregation function Height with two filtering methods: Canberra distance and city block distance. Later on, classification with Ensemble Classification (EC) algorithm is done with the unification of Support Vector Machines (SVM), Bayesian Network (BN) and K nearest neighbor (KNN). The proposed ensemble method has attained a substantial improvement in accuracy compared to single classifiers. The experiments were performed on EFS+SVM, EFS+BN, EFS+KNN and proposed framework EFS+EC.SVM recorded an accuracy rate of 81% where K-NN recorded 82.8%, Bayes network recorded 84% and our proposed EFS+EC recorded 92%. It is evidenced from the end results that this PIDS framework excels IDS and prevail the pitfalls ofSVM, Bayes network and K-NN classifiers.




  • Keywords

    Accuracy; Bayesian Network; Canberra Distance; City Block Distance; Data Mining; Feature Selection; Fuzzy Logic; FAR; K Nearest Neighbor; Support Vector Machines; Prudent Intrusion Detection System; Precision.

  • References

      [1] J. McHugh, A. Christie, and J. Allen, “Defending Yourself: The Role of Intrusion Detection Systems”, IEEE Software, Sept. Oct. 2000, pp. 42-51. https://doi.org/10.1109/52.877859.

      [2] Mukkamala S, Janoski G, and Sung AH, “Intrusion Detection Using Neural Networks and Support Vector Machines”, Proceedings of IEEE International Joint Conference on Neural Networks; 2002, pp. 1702-1707. https://doi.org/10.1109/IJCNN.2002.1007774.

      [3] A. Chandrasekhar, K. Raghuveer, “An effective technique for intrusion detection using neuro-fuzzy and radial svm classifier”, Computer Networks & Communications (NetCom), Vol. 131, Springer, 2013, pp. 499–507.

      [4] A. Kalousis, J. Prados, and M. Hilario, “Stability of feature selectionalgorithms: a study on high-dimensional spaces,” Knowl. Inf. Syst., vol. 12, no. 1, 2007, pp. 95–116. https://doi.org/10.1007/s10115-006-0040-8.

      [5] KhalidS,Khalil,T, &Nasreen S.,”A survey of feature selection and feature extraction techniques in machine learning”, Science and Information Conference (SAI) 372– 378, 2014. https://doi.org/10.1109/SAI.2014.6918213.

      [6] Mohammed A.Ambusaidi, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan,”Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm”, IEEE Transactions on Computers, Vol. 65, I (10), 2016.

      [7] RonKohavi, George H. John “Wrappers for feature subset selection”, Artificial Intelligence 97 pp.273-324, 1997. https://doi.org/10.1016/S0004-3702(97)00043-X.

      [8] X. Jin, A. Xu, R. Bie1 and P. Guo, “Machine Learning Techniques and Chi-Square Feature Selection”, Springer- Verlag Berlin Heidelberg LNBI 3916, (2006), pp. 106 – 115.

      [9] T. G. Dietterich, “Ensemble methods in machine learning,” in Proceedingsof the First International Workshop on Multiple Classifier Systems. London, UK, UK: Springer-Verlag, pp. 1–15, 2000. https://doi.org/10.1007/3-540-45014-9_1.

      [10] B. Seijo-Pardo, I. Porto-Diaz, V. Bolon-Canedo, A. Alonso-Betanzos, “Ensemble Feature Selection: Homogeneous and Heterogeneous Approaches”,Knowledge-Based Systems 2016, https://doi.org/10.1016/j.knosys.2016.11.017.

      [11] Pullagura Indira priyadarsini, M.SeshaSai, A. Suneetha, M.V.B.T.Santhi “Robust Feature Selection Technique for Intrusion Detection System”, International journal of control and automation (IJCA) Vol.11, no.2, 2018 pp.33-44.

      [12] D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, “A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection,” IEEE Commun. Surv.Tutor, vol. 17, no. 1, 2015, pp. 70–91. https://doi.org/10.1109/COMST.2014.2336610.

      [13] M.G. Ouyang, W.N. Wang and Y.T. Zhang, “A fuzzy comprehensive evaluation based distributed intrusion detection”, Proceedings First International Conference on Machine Learning and cybernetics, China, Beijing, 2002, pp. 281-285. https://doi.org/10.1109/ICMLC.2002.1176757.

      [14] M.Govindarajan, “Evaluation of Ensemble Classifiers for Intrusion Detection”, World Academy of Science, Engineering and Technolog International Journal of Computer and Information Engineering, Vol: 10, No: 6, 2016.

      [15] Y. Chen, M.-L. Wong, H. Li, “Applying Ant Colony Optimization to configuring stacking ensembles for data mining”, Expert Syst. Appl. 41 (6), 2014, pp. 2688–2702,. https://doi.org/10.1016/j.eswa.2013.10.063.

      [16] Hamed Haddad Pajouh, Reza Javidan, RaoufKhaymi, Ali Dehghantanha and Kim-Kwang Raymond Choo, “A Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks”,IEEE,2016, https://doi.org/10.1109/TETC.2016.2633228.

      [17] Christopher et.al.”IDS and Correlation, Challenges and solutions”,Vol 14,AISC,Springer, 2005.

      [18] MahbodTavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani “A Detailed Analysis of the KDD CUP 99 Data Set”, Proceedings of the IEEE Symposium on Computational Intelligence in Security and Defense Applications, 2009.

      [19] F. Amiri, M. Rezaei Yousefi, C. Lucas, A. Shakery, N. Yazdani, “Mutual information-based feature selection for intrusion detection systems”, Journal of Network and Computer Applications 34 (4),1184–1199, 2011. https://doi.org/10.1016/j.jnca.2011.01.002.

      [20] J. O. S. Olsson and D.W. Oard,” Combining feature selectors for text classification”,CIKM ’06: Proceedings of the 15thACM international conference on Information and knowledge management, pages 798–799, New York, NY, USA, 2006.

      [21] H.Wang, T. M. Khosh goftaar, and K. GAO. “Ensemble feature selection technique for software quality classification”, In Proceedings of the 22nd International Conference on Software Engineering and Knowledge Engineering, pages 215–220, Redwood City, CA, USA, July 1-3 2010.

      [22] Z. Karimi and A. Harounabadi, “Feature Ranking in Intrusion Detection Dataset using Combination of Filtering Methods”, International Journal of Computer Applications (0975 – 8887), vol. 78, Iss (4), pp. 21–27, 2013.

      [23] Basant Subba, S.B., Sushanta Karmakar, “Intrusion Detection Systems using Linear Discriminant Analysis and Logistic Regression”, in INDICON. 2015, IEEE.

      [24] L. Kuncheva, “Combining Pattern Classifiers: Methods and Algorithms”, Wiley-Interscience, 2004. https://doi.org/10.1002/0471660264.

      [25] V. Bukhtoyarov, V. Zhukov, “Ensemble-distributed approach in classification problem solution for intrusion detection systems”, Intelligent Data Engineering and Automated Learning-IDEAL 2014, Springer, pp. 255–265.

      [26] A. Borji. , “Combining Heterogeneous Classifiers for Network Intrusion Detection”, in Proceedings of the Annual Asian Computing Science Conference, pp 254-260. Springer, Berlin, Heidelberg, 2007, Dec. https://doi.org/10.1007/978-3-540-76929-3_24.

      [27] Sumaiya Thaseen, C.A.K., “An Analysis of Supervised Tree Based Classifiers for Intrusion Detection System” International Conference on Pattern Recognition, Informatics and Mobile Engineering (PRIME), IEEE, 2013, pp. 294-299.

      [28] Sumouli Choudhury, A.B., Comparative Analysis of Machine Learning Algorithms along with Classifiers for Network Intrusion Detection”, International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), pp. 89-95, 2015.

      [29] Gregory F. Cooper and Edward Herskovits,”A Bayesian method for the induction of probabilistic networks from data”, Machine Learning, 1992. https://doi.org/10.1007/BF00994110.

      [30] Boser, Guyon, and Vapnik, “A training algorithm for optimal margin classifiers”, Proceedings of the fifth annual workshop on Computational learning theory.pp.144-152, 1992.

      [31] Cortes C., Vapnik V., “Support vector networks, in Proceedings of Machine Learning20: pp.273–297, 1995.

      [32] Alkhatib K, Najadat H, Hmeidi I, Shatnawi MKA. Stock Price Prediction Using K-Nearest Neighbor (kNN) Algorithm. International Journal of Business, Humanities and Technology. 3 (3), , 2013,pp.32 – 44.

      [33] http://www.cs.waikato.ac.nz/ml/weka/.




Article ID: 17788
DOI: 10.14419/ijet.v7i4.17788

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.