Smart Intrusion Detection System Comprised of Machine Learning and Deep Learning

##plugins.themes.bootstrap3.article.main##

  •   Shah Md. Istiaque

  •   Asif Iqbal Khan

  •   Sajjad Waheed

Abstract

In the present world, digital intruders can exploit the vulnerabilities of a network and are capable to collapse even a country. Attack in Estonia by digital intruders, attack in Iran's nuclear plant and intrusion of spyware in smart phone depicts the efficiency of attackers. Furthermore, centralized firewall system is not enough for ensuring a secured network. Hence, in the age of big data, where availability of data is huge and computation capability of PC is also high, there machine learning and network security have become two inseparable issues.


In this thesis, KDD Cup’99 intrusion detection dataset is used. Total 3, 11,030 numbers of records with 41 features are available in the dataset. For finding the anomalies of the network four machine learning methods are used like Classification and Regression Tree (CART), Random Forest, Naive Bayes and Multi-Layer Perception. Initially all 41 features are used to find out the accuracy. Among all the methods, Random Forest provides 98.547% accuracy in intrusion detection which is maximum, and CART shows maximum accuracy (99.086%) to find normal flow of data. Gradually selective 15 features were taken to test the accuracy and it was found that Random Forest is still efficient (accuracy 98.266%) in detecting the fault of the network. In both cases MLP found to be a stable method where accuracy regarding benign data and intrusion are always close to 95% (93.387%, 94.312% and 95.0075, 93.652% respectively).


Finally, an IDS model is proposed where Random Forest of ML method and MLP of DL method is incorporated, to handle the intrusion in a most efficient manner.


Keywords: Intrusion Detection System, CART, Random Forest, Naive Bayes, Back-Propagation based MLP

References

C. E. Land Wehr, A. R. Bull, J. P. McDermott, and W. S. Choi, “A taxonomy of computer program security flaws”, ACM Comput. Surv. vol. 26, no .3, pp. 211–254, 1994.

Olanrewaju R F, Khan B U I, Anwar F, Khan AR, Shaikh FA, Mir MS. ''MANET– A cogitation of its design and security issues, ''Middle-East Journal of Scientific Research. 2016;24(10):3094−107.

KhamphakdeeN, BenjamasN, SaiyodS. ''Network traffic data to ARFF converter for association rules technique of data mining,'' IEEE Conference on Open Systems (ICOS), IEEE;2014Oct.p.89−93.Crossref.

Yu S C, Guo H, Yu G X, Jin X L, Zhang L N, Shao T J. ''The solution to how to select an optimal set of features from many features used to intrusion detection system in wireless sensor network.'' 2010 Second WRI Global Congress on Intelligent Systems (GCIS), IEEE; 2010 Dec.3.p.368−71.Crossref.

Olanrewaju R F, Habaebi M H. ''Malicious behavior of node and its significant security techniques in MANET- A review,'' Australian Journal of Basic and Applied Sciences.2013;7(12):286−93.

The history of intrusion detection systems (IDS) Part 1 Threat stack. Date accessed: 09/09/2015.https://www.threatstack.com/blog/the-history-of-intrusion-detection-systems-ids-part-1/.

M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier, ”Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM03), pp. 172–179, 2003.

Anderson, J. A. (1995). ''An introduction to Neural Networks,'' MIT Press.

Rhodes, B. C., Mahaffey, J. A., &Cannady, J. D. (2000). ''Multiple self-organizing maps for intrusion detection.'' In Proceedings of the 23rdnational information systems security conference (pp. 16-19).

Al-Yaseen, W. L., Othman, Z. A., & Nazri, M. Z. A. (2017). ''Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system.'' Expert Systems with Applications, 67, 296-303.

Chen, C. M., Chen, Y. L., & Lin, H. C. (2010). ''An efficient network intrusion detection'', Computer Communications, 33(4), 477-484.

Deepa, A. J., &Kavitha, V. (2012). ''A comprehensive survey on approaches to intrusion detection system.'' Procedia Engineering, 38,2063-2069.

Thaseen, S., & Kumar, C. A. (2013). ''An analysis of supervised tree based classifiers for intrusion detection system.'' In Pattern Recognition, Informatics and Mobile Engineering (PRIME), 2013 International Conference on (pp. 294-299). IEEE.

F. Iglesias, T. Zseby, ''Analysis of network traffic features for anomaly detection,'' Machine Learning 101 (1-3) (2015) 59–84. doi:10.1007/525 s10994-014-5473.

N. Moustafa, J. Slay, ''The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set,'' Information Security Journal: A Global Perspective 25 (1-3) (2016) 18–31. doi:10.1080/19393555.2015.1125974.

M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani, ''A detailed analysis of the kdd cup 99 data set,'' in: Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, IEEE,2009, pp. 1–6. doi:10.1109/CISDA.2009.5356528.

J. McHugh, ''testing intrusion detection systems: a critique of the 1998 535 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory”, ACM Transactions on Information and System Security(TISSEC) 3 (4) (2000) 262–294. doi:10.1145/382912.382923.

www.techopedia Space issue.

Z. Tzermias, G. Sykiotakis, M. Polychronakis, and E. P. Markatos, “Combining Static and Dynamic Analysis for the Detection of Malicious Documents, in Proceeding of the fourth Workshop on European Workshop on System Security,'' (Salzburg, Austria),2011.

P. Ratanaworabhan, B. Livshits, and B. Zorn, “NOZZLE: A Defense Against Heap spraying Code Injection Attacks, in SSYM’09 Proceeding soft the 18th conference on USENIX security symposium,'' (Berkeley, CAUSA), 2009.

C. Willems, T. Holz, and F. Freiling, “Toward Automated Dynamic Malware Analysis Using CW Sandbox”.

Huaibin Wang, Haiyun Zhou, ChundongWang “Virtual Machine-based Intrusion Detection System Framework in Cloud Computing Environment” JCP 2012 Vol.7(10): 2397-2403 ISSN: 1796-203Xdoi: 10.4304/jcp.7.10.2397-2403.

I. Good Fellow, Y. Bengio, and A. Courville, ''Deep Learning,'' The MIT Press, 2016.

T. Mitchell, ''Machine Learning,'' McGrawHill,1997.

Vipin Kumar, Himadri Chauhan, Dheeraj Panwar, “K-Means Clustering Approach to Analyze NSL-KDD Intrusion Detection Dataset” International Journal of Soft Computing and Engineering (IJSCE)ISSN:2231-2307, Volume-3, Issue-4, September2013.

Shilpalakhina, Sini Joseph and Bhupendraverma, “Feature Reductiousing Principal Component Analysis for Effective Anomaly–Based Intrusion Detection on NSL-KDD”, International Journal of Engineering Science and Technology, Vol.2(6),2010,1790-1799.

Mohammadpour L, Hussain M, Aryanfar A, Raee VM, Sattar F. ''Evaluating performance of intrusion detection system using support vector machines,'' International Journal of Security and Its Applications. 2015 Sep; 9 (9): 225−34. Cross ref.

Brindasri S, Saravanan K. ''Evaluation of network intrusion detection using Markov chain, ''International Journal on Cybernetics and Informatics (IJCI).2014Apr; 3 (2): 11−20. Crossref.

Clarence Chio and David Freeman, ''Machine Learning and Security,'' O’REILLY, P.6.

https://machinelearningmastery.com/classification-and-regression-trees-for-machine-learning/ Accessed on 25 Aug 2020.

https://towardsdatascience.com/ understanding-random-forest-58381e0602d2Accessed on 25 Aug 2020.

https://towardsdatascience.com/ naive-bayes-classifier-81d512f50a7c.

https://medium.com/@xzz201920/multi-layer-perceptron-mlp-4e5c020fd28aAccessed on 25 Aug 2020.

Downloads

Download data is not yet available.

##plugins.themes.bootstrap3.article.details##

How to Cite
[1]
Istiaque, S.M., Khan, A.I. and Waheed, S. 2020. Smart Intrusion Detection System Comprised of Machine Learning and Deep Learning. European Journal of Engineering Research and Science. 5, 10 (Oct. 2020), 1168-1173. DOI:https://doi.org/10.24018/ejers.2020.5.10.2128.