Network intrusion detection system: A machine learning approach

Intrusion detection systems IDSs are currently drawing a great amount of interest as a key part of system defence. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Recently, machine learning methodologies are playing an important role in detecting network intrusions or attacks, which further helps the network administrator to take precautionary measures for preventing intrusions. In this paper, we propose to use ten machine learning approaches that include Decision Tree J48, Bayesian Belief Network, Hybrid Naive Bayes with Decision Tree, Rotation Forest, Hybrid J48 with Lazy Locally weighted learning, Discriminative multinomial Naive Bayes, Combining random Forest with Naive Bayes and finally ensemble of classifiers using J48 and NB with AdaBoost AB to detect network intrusions efficiently. We use NSL-KDD dataset, a variant of widely used KDDCup 1999 intrusion detection benchmark dataset, for evaluating our proposed machine learning approaches for network intrusion detection. Finally, Experimental results with 5-class classification are demonstrated that include: Detection rate, false positive rate, and average cost for misclassification. These are used to aid a better understanding for the researchers in the domain of network intrusion detection.

[1]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[2]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[3]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[4]  Ali A. Ghorbani,et al.  IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS 1 Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods , 2022 .

[5]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[6]  Stan Matwin,et al.  Addressing the Curse of Imbalanced Training Sets: One-Sided Selection , 1997, ICML.

[7]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[8]  Ajith Abraham,et al.  ANTIDS: Self Orga nized Ant-Based C lustering Model for Intrusion Det ection System , 2005, WSTST.

[9]  Stan Matwin,et al.  Discriminative parameter learning for Bayesian networks , 2008, ICML '08.

[10]  Ramesh C. Agarwal,et al.  PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) , 2001, SDM.

[11]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[12]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[13]  Stefan Schaal,et al.  Local dimensionality reduction for locally weighted learning , 1997, Proceedings 1997 IEEE International Symposium on Computational Intelligence in Robotics and Automation CIRA'97. 'Towards New Computational Principles for Robotics and Automation'.

[14]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[15]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[16]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[17]  Michael R. Lyu,et al.  Finite Mixture Model of Bounded Semi-naive Bayesian Networks Classifier , 2003, ICANN.

[18]  J. M. Benítez,et al.  Advances in Soft Computing , 2003, Springer London.

[19]  StakhanovaNatalia,et al.  Toward credible evaluation of anomaly-based intrusion-detection methods , 2010 .

[20]  Manas Ranjan Patra,et al.  A Hybrid Clustering Approach for Network Intrusion Detection Using Cobweb and FFT , 2009 .

[21]  Ali A. Ghorbani,et al.  Network Intrusion Detection and Prevention - Concepts and Techniques , 2010, Advances in Information Security.

[22]  Atsushi Inoue,et al.  Support vector classifiers and network intrusion detection , 2004, 2004 IEEE International Conference on Fuzzy Systems (IEEE Cat. No.04CH37542).

[23]  Roberto Uribeetxeberria,et al.  Combined Data Mining Approach for Intrusion Detection , 2018, SECRYPT.

[24]  Manas Ranjan Patra,et al.  Discriminative multinomial Naïve Bayes for network intrusion detection , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[25]  Ian H. Witten,et al.  Stacking Bagged and Dagged Models , 1997, ICML.

[26]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[27]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .

[28]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[29]  Manas Ranjan Patra,et al.  NETWORK INTRUSION DETECTION USING NAÏVE BAYES , 2007 .

[30]  Pohsiang Tsai,et al.  Network Intrusion Detection using Machine Learning and Voting techniques , 2010 .

[31]  Hui Wang,et al.  Mining Association Rules for Intrusion Detection , 2009, 2009 Fourth International Conference on Frontier of Computer Science and Technology.

[32]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[33]  Sushil Jajodia,et al.  ADAM: Detecting Intrusions by Data Mining , 2001 .

[34]  Choo-Yee Ting,et al.  From Feature Selection to Building of Bayesian Classifiers: A Network Intrusion Detection Perspective , 2009 .

[35]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[36]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[37]  Guadalupe I. Janoski,et al.  Intrusion Detection : Support Vector Machines and Neural Networks , 2002 .

[38]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[39]  Ian Witten,et al.  Data Mining , 2000 .

[40]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[41]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[42]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[43]  Juan José Rodríguez Diez,et al.  Rotation Forest: A New Classifier Ensemble Method , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[44]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[45]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).