DOI QR코드

DOI QR Code

Intrusion Detection System Modeling Based on Learning from Network Traffic Data

  • Midzic, Admir (Faculty of Electrical Engineering, Campus of the University of Sarajevo) ;
  • Avdagic, Zikrija (Faculty of Electrical Engineering, Campus of the University of Sarajevo) ;
  • Omanovic, Samir (Faculty of Electrical Engineering, Campus of the University of Sarajevo)
  • Received : 2017.12.04
  • Accepted : 2018.07.03
  • Published : 2018.11.30

Abstract

This research uses artificial intelligence methods for computer network intrusion detection system modeling. Primary classification is done using self-organized maps (SOM) in two levels, while the secondary classification of ambiguous data is done using Sugeno type Fuzzy Inference System (FIS). FIS is created by using Adaptive Neuro-Fuzzy Inference System (ANFIS). The main challenge for this system was to successfully detect attacks that are either unknown or that are represented by very small percentage of samples in training dataset. Improved algorithm for SOMs in second layer and for the FIS creation is developed for this purpose. Number of clusters in the second SOM layer is optimized by using our improved algorithm to minimize amount of ambiguous data forwarded to FIS. FIS is created using ANFIS that was built on ambiguous training dataset clustered by another SOM (which size is determined dynamically). Proposed hybrid model is created and tested using NSL KDD dataset. For our research, NSL KDD is especially interesting in terms of class distribution (overlapping). Objectives of this research were: to successfully detect intrusions represented in data with small percentage of the total traffic during early detection stages, to successfully deal with overlapping data (separate ambiguous data), to maximize detection rate (DR) and minimize false alarm rate (FAR). Proposed hybrid model with test data achieved acceptable DR value 0.8883 and FAR value 0.2415. The objectives were successfully achieved as it is presented (compared with the similar researches on NSL KDD dataset). Proposed model can be used not only in further research related to this domain, but also in other research areas.

Keywords

References

  1. P. Nagarajan, G. Perumal, "A Neuro Fuzzy Based Intrusion Detection System for a Cloud Data Center Using Adaptive Learning," The Journal of Institute of Information and Communication Technologies of Bulgarian Academy of Sciences, vol. 15, no. 3, pp. 88-103, 2015.
  2. B. Mukherjee, L. T. Heberlein, Karl N. Levitt "Network intrusion detection," IEEE Network, May/June: pp. 26-41, 1994.
  3. J. McHugh, "Intrusion and intrusion detection," International Journal of Information Security, vol. 1, no. 1, pp. 14-35, 2001. https://doi.org/10.1007/s102070100001
  4. E. H. Spafford, D. Zamboni, "Intrusion detection using autonomous agents," Computer Networks, Elsevier, vol. 34, no. 4, pp. 547-570, 2000. https://doi.org/10.1016/S1389-1286(00)00136-5
  5. S. Chebrolu, A. Abraham, J. P. Thomas, "Feature deduction and ensemble design of intrusion detection systems," Journal Computers and Security, Elsevier, vol. 24, no. 4, pp. 295-307. 2005. https://doi.org/10.1016/j.cose.2004.09.008
  6. C. Modi, D. Patel, H. Patel, B. Borisaniya, H. Patel, A. Patel, M. Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications, Elsevier, vol. 36, no. 1, pp. 42-57, 2013. https://doi.org/10.1016/j.jnca.2012.05.003
  7. K. A. Scarfone, P. M. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)," Recommendations of the National Institute of Standards and Technology, 2007.
  8. H. Debar, M. Dacier, A. Wespi "Towards a taxonomy of intrusion detection systems," Computer Networks, Elsevier, vol. 31, no. 8., pp. 805-822, 1999. https://doi.org/10.1016/S1389-1286(98)00017-6
  9. A. Lazarevic, V. Kumar, J. Srivastava , "Intrusion Detection: A Survey," Managing Cyber Threats-Issues, Approaches, and Challenges, Springer: pp. 19-80, 2005.
  10. W. Lee, S. Stolfo, K. Mok, "Adaptive Intrusion Detection: A Data Mining Approach," Artificial Intelligence Review , vol. 14, no. 6, pp. 533-567, 2000. https://doi.org/10.1023/A:1006624031083
  11. AK Jones, RS Sielken, "Computer system intrusion detection: A survey," University of Virginia. Technical Report, p. 25, 2000.
  12. J.P. Anderson, "Computer security threat monitoring and surveillance," James P. Anderson Co. Fort Washington, PA, 1980.
  13. D. E. Denning, "An Intrusion-Detection Model," IEEE Transactions on Software Engineering, IEEE, vol. 13, no. 2, 1986.
  14. T. F. Lunt, R. Jagannathan, R. Lee, S. Listgarten, D. L. Edwards, P. G. Neumann, et. al. "IDES: The enhanced prototype a real-time intrusion-detection expert system," Computer Science Laboratory SRI INTERNATIONAL, p. 88, 1988.
  15. G. Pang, K M. Ting, D. Albrecht, H. Jin., " ZERO++: Harnessing the Power of Zero Appearances to Detect Anomalies in Large-Scale Data Sets," Journal of Artificial Intelligence Research, vol. 57, pp. 593-620, 2016. https://doi.org/10.1613/jair.5228
  16. J. Z. Lei, A. Ghorbani, "Network intrusion detection using an improved competitive learning neural network," in Proc. of IEEE Proceedings Second Annual Conference on Communication Networks and Services Research, IEEE, pp. 190-197, 2004.
  17. F. Geramiraz, A.S. Memaripour, M. Abbaspour, "Adaptive anomaly-based intrusion detection system using fuzzy controller," International Journal of Network Security, vol. 14, no. 6, pp.352-361, 2012.
  18. T. Kohonen, "Essentials of the self-organizing map," Neural Networks, Elsevier, vol. 37, pp. 52-65, 2013. https://doi.org/10.1016/j.neunet.2012.09.018
  19. H. G. Kayacik, A. Zincir-Heywood, M. I. Heywood "A hierarchical SOM based intrusion detection system," Engineering Applications of Artificial Intelligence, Elsevier, vol. 20, no. 4, pp. 439-451, 2007. https://doi.org/10.1016/j.engappai.2006.09.005
  20. Y. Yang, D. Jiang, M. Xia, "Using improved GHSOM for intrusion detection," Journal of Information Assurance and Security, vol. 5, pp. 232-239, 2010.
  21. A. N. Toosi, M. Kahani, "A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers," Computer Communications, Elsevier, vol. 30, no. 10, pp. 2201-2212, 2007. https://doi.org/10.1016/j.comcom.2007.05.002
  22. B. Kavitha, S. Karthikeyan, P. S. Maybell "An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier," Knowledge-Based Systems, Elsevier, vol. 28, pp. 88-96, 2011.
  23. G. Wang, J. Hao, J. Ma, L. Huang "A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering," Expert Systems with Applications, Elsevier, vol. 37, no. 9, pp. 6225-6232, 2010. https://doi.org/10.1016/j.eswa.2010.02.102
  24. L. DeLooze, J. Kalita, "Applying soft computing techniques to intrusion detection," Cyber Security and Information Infrastructure Research Workshop, pp. 70-99, 2006.
  25. L. Dhanabal, S. P. Shantharajah "A study on NSL-KDD dataset for intrusion detection system based on classification algorithms," International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-552, 2015.
  26. M. Jazzar, A. Jantan "A novel soft computing inference engine model for intrusion detection", IJCSNS International Journal of Computer Science and Network Security, vol. 8, no. 4, pp. 1-9, 2008.
  27. M. Pandaa, A. Abraham, M. R. Patra "A hybrid intelligent approach for network intrusion detection," Procedia Engineering, Elsevier, vol. 30, pp. 1-9, 2012.
  28. R. A. R. Ashfaq, X. Wang , J. Z. Huang, H. Abbas , Y. L. He "Fuzziness based semi-supervised learning approach for intrusion detection system," Information Sciences, Elsevier, vol. 378, pp. 484-497, 2017. https://doi.org/10.1016/j.ins.2016.04.019
  29. S. Elhag, A. Fernandez, A. Bawakid, S. Alshomrani, F. Herrera "On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems," Expert Systems with Applications, Elsevier, vol. 42, no.1, pp. 193-202, 2015. https://doi.org/10.1016/j.eswa.2014.08.002
  30. Z. Jian-Hua, LI Wei-Hua, "Intrusion detection based on improved SOM with optimized GA," JOURNAL OF COMPUTERS, vol. 8, no. 6, pp. 1456-1463, 2013.
  31. V. Venkatachalam, S.Selvan, "Intrusion detection using an improved competitive learning lamstar neural network," International Journal of Computer Science and Network Security, vol. 7, no. 2, pp. 255-26, 2007.
  32. P. Aggarwal, S. K. Sharma, "Analysis of KDD dataset attributes - class wise for intrusion detection," in Proc. of 3rd International Conference on Recent Trends in Computing 2015 Procedia Computer Science, Elsevier, vol. 57, pp. 842-851, 2015.
  33. P. Lichodzijewski, A. Nur Zincir-Heywood, M. I. Heywood, "Host-based intrusion detection using Self-Organizing Maps," in Proc. of IJCNN '02. Proceedings of the International Joint Conference on Neural Networks, IEEE, vol. 2, pp. 1714-1719, 2002.
  34. A. Midzic, Z. Avdagic and S. Omanovic, "Intrusion detection system modeling based on neural networks and fuzzy logic," in Proc. of 2016 IEEE 20th Jubilee International Conference on Intelligent Engineering Systems (INES), IEEE, pp. 189-194, 2016.
  35. I. Levin, "KDD-99 Classifier Learning Contest LLSoft's Results Overview," SIGKDD Explorations, vol. 1, no. 2, pp. 67-75, 2000. https://doi.org/10.1145/846183.846201
  36. Z. Avdagic, A. Midzic, "The effects of combined application of SOM, ANFIS and Subtractive Clustering in detecting intrusions in computer networks," MIPRO 2014, IEEE,. pp. 1582-1587., 2014.
  37. NSL KDD Dataset [Internet]:
  38. J. McHugh, "Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science," Springer, Berlin, pp. 145-161, 2000.
  39. S. Revathi, A. Malathi "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection," International Journal of Engineering Research & Technology (IJERT) 2(12):pp. 1848-1853. 2013.
  40. S. Duque, M. N. Omar. "Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS)," Procedia Computer Science, Elsevier, vol. 61, pp. 46-51, 2015. https://doi.org/10.1016/j.procs.2015.09.145
  41. J. Lee, D. Park and C. Lee, "Feature Selection Algorithm for Intrusions Detection System using Sequential Forward Search and Random Forest Classifier," KSII Transactions on Internet and Information systems, vol. 11, no. 10, pp.5132-5148, 2017. https://doi.org/10.3837/tiis.2017.10.024
  42. N. V. Chawla, K. W. Bowyer, L. O., W. P. Kegelmeyer. "SMOTE: Synthetic Minority Over-sampling Technique," Journal of Artificial Intelligence Research, vol. 16, pp. 321-357 2002. https://doi.org/10.1613/jair.953
  43. J. Vesanto, E. Alhoniemi, "Clustering of the Self Organizing Map," IEEE Transactions on Neural Networks, IEEE, vol. 11, no. 3, pp. 556 - 500, 2000
  44. G. M. Weiss, F. Provost "Learning When Training Data are Costly: The Effect of Class Distribution on Tree Induction," Journal of Artificial Intelligence Research, vol. 19, pp. 315-354, 2003. https://doi.org/10.1613/jair.1199