Top

Wireless Personal Communications

Published in:

29-01-2022

Enhancing Detection of R2L Attacks by Multistage Clustering Based Outlier Detection

Authors: J. Rene Beulah, M. Nalini, D. Shiny Irene, D. Shalini Punithavathani

Published in: Wireless Personal Communications | Issue 3/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The modern society is greatly benefited by the advancement of Internet. The contemporary humanity is significantly profited by the Internet. The ease of access to the Internet have given rise to tremendous security threats. With the emergence of new varieties of attacks, the attack prevention techniques like firewall, data encryption and user authentication are not adequate in making a system completely secure because guaranteed prevention of all kinds of security breaches is impractical. Intrusions pose a serious threat to individuals and organizations in this digital era. An Intrusion Detection System operates as part of a set of system security tools to achieve a defined level of assurance for the protection of information systems. In this work, a novel multistage clustering-based approach is proposed and implemented which addresses the challenge of increasing DR while maintaining a low FAR. The novelty of this work lies in the way of clustering which works in a reverse manner and forms clusters in a more meaningful way and which is applicable for mixed attribute types. In addition, the multiple stages of clustering help in identifying most of the Remote to Local (R2L) attacks. The performance of the proposed method is evaluated on the standard NSL-KDD benchmark dataset and the experimental results yielded 99.52% detection rate (DR), 1.15% false alarm rate and 99.22% classification accuracy. In specific, it deliberates on detecting R2L attacks and has detected 98.73% of such attacks.

previous article Detecting DDoS Attacks in Cloud Computing Using Extreme Learning Machine and Adaptive Differential Evolution

next article Energy-Efficient Routing Protocol Based on Adaptive Soft Thresholding for Wireless Sensor Networks

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Yeung D. Y., Chow C. (2002). “Parzen-window network intrusion detectors”, In: Object recognition supported by user interaction for service robots, IEEE, vol. 4, pp. 385–388

Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176.CrossRef

Ahmad I., Abdullah A. B., Alghamdi A. S., (2010). “Remote to Local attack detection using supervised neural network”, In IEEE International Conference for Internet Technology and Secured Transactions, pp. 1–6.

Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 2, 222–232.CrossRef

Lazarevic A., Ertoz L., Kumar V., Ozgur A., Srivastava J. (2003). “A comparative study of anomaly detection schemes in network intrusion detection”, In Proceedings of the 2003 SIAM international conference on data mining, Society for Industrial and Applied Mathematics, pp. 25–36.

Tavallaee, M., Stakhanova, N., & Ghorbani, A. A. (2010). “Toward credible evaluation of anomaly-based intrusion-detection methods.” IEEE Transactions on Systems, Man and Cybernetics Part C (Applications and Reviews), 40(5), 516–524.CrossRef

Gogoi, P., Borah, B., & Bhattacharyya, D. K. (2010). Anomaly detection analysis of intrusion data using supervised & unsupervised approach. Journal of Convergence Information Technology, 5(1), 95–110.CrossRef

Bhuyan M. H., Bhattacharyya D. K., Kalita J. K. (2011). “NADO: Network anomaly detection using outlier approach”, In Proceedings of the International Conference on Communication, Computing & Security, ACM, pp. 531–536, 2011.

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1), 303–336.CrossRef

10.

Nalini, M., & Anbu, S. (2014). Anomaly detection via eliminating data redundancy and rectifying data error in uncertain data streams. International Journal of Applied Engineering Research, 9(24), 30795–30812.

11.

Nalini M., Priyadarsini U. (2019). “To improve the performance of wireless networks for resizing the buffer”, In Proceedings of the 1st International Conference on Innovations in Information and Communication Technology, pp. 1–5, IEEE, 2019.

12.

Nalini, M., & Chakram, A. (2019). “Digital risk management for data attacks against state evaluation.” International Journal of Innovative Technology and Exploring Engineering, 8, 197–201.

13.

Lee W., Stolfo S. (1998). “Data mining approaches for intrusion detection”, In Proceedings of USENIX Security, pp. 79–93.

14.

Boudia, M. A., Hamou, R. M., & Amine, A. (2017). A new meta-heuristics for intrusion detection system inspired from the protection system of social bees. International Journal of Information Security and Privacy (IJISP), 11(1), 18–34.CrossRef

15.

Arul R., Moorthy R. S., Bashir A. K., (2019) “Ensemble learning mechanisms for threat detection: A Survey”, In Machine Learning and Cognitive Science Applications in Cyber Security, IGI Global, pp. 240–281.

16.

Blazquez-Gracia A., Conde A., Mori U., Lozano J. A. “A review on outlier/anomaly detection in time series data” arXiv preprint arXiv:2002.04236 (2020).

17.

De la Hoz, E., De la Hoz, E., Ortiz, A., Ortega, J., & Prie, B. (2015). PCA filtering and probabilistic SOM for network anomaly detection. Neurocomputing, 164, 71–81.CrossRef

18.

Mohamad Tahir H., Hasan W., Md Said A., Zakaria N. H., Katuk N., Kabir N. F., Omar M. H., Ghazali O., & Yahaya N. I., (2015). “Hybrid machine learning technique for intrusion detection system”, In Proc. ICOCI, pp. 464–472.

19.

Singh, R., Kumar, H., & Singla, R. K. (2015). An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Systems with Applications, 42(22), 8609–8624.CrossRef

20.

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2016). A multi-step outlier-based anomaly detection approach to network-wide traffic. Information Science, 348, 243–271.CrossRef

21.

Bamakan, S. M. H., Wang, H., Yingjie, T., & Shi, Y. (2016). An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing, 199, 90–102.CrossRef

22.

Enache A. C., Sgarciu V., (2015) “Anomaly intrusions detection based on support vector machines with an improved bat algorithm”, In Proc. CSCS, pp. 317–321.

23.

Hassan, D. (2017). Cost-sensitive access control for detecting remote to local (R2L) and user to root (U2R) attacks. International Journal of Computer Trends and Technology (IJCTT), 43(2), 124–129.CrossRef

24.

Paliwal, S., & Gupta, R. (2012). Denial-of-service, probing & remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications, 60(19), 57–62.

25.

Revathi, S., & Malathi, A. (2014). Effective analysis on remote to user (R2L) attacks using random forest algorithm. International Journal of Engineering Sciences & Research Technology, 3(5), 317–319.

26.

Jeya, P. G., Ravichandran, M., & Ravichandran, C. S. (2012). Efficient classifier for R2L and U2R attacks. International Journal of Computer Applications, 45(21), 28–32.

27.

Nguyen V.Q., Nguyen V. H., Le-Khac N. A., Cao V. L., (2020) “Clustering-Based Deep Autoencoders for Network Anomaly Detection”, in International Conference on Future Data and Security Engineering, pp. 290–303, Springer, Cham.

28.

Pu, G., Wang, L., Shen, J., & Dong, F. (2020). A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology, 26(2), 146–153.CrossRef

29.

Li, M., Kashef, R., & Ibrahim, A. (2020). Multi-level clustering-based outlier’s detection (MCOD) using self-organizing maps. Big Data and Cognitive Computing, 4(4), 24.CrossRef

30.

Elmogy, A., Rizk, H., & Sarhan, A. M. (2021). OFCOD: On the fly clustering based outlier detection framework. Data, 6(1), 1–20.CrossRef

31.

Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152–160.CrossRef

32.

Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507.CrossRef

33.

Mohammed, B., & Gbashi, E. K. (2021). Intrusion detection system for NSL-KDD dataset based on deep learning and recursive feature eimination. Engineering and Technology Journal, 39(7), 1069–1079.CrossRef

34.

Manimurugan, S., Majdi, A. Q., Mohammed, M., Narmatha, C., & Varatharajan, R. (2020). Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system. Microprocessors and Microsystems, 79, 103261.CrossRef

35.

Gogoi, P., Bhattacharyya, D. K., Borah, B., & Kalita, J. K. (2011). A survey of outlier detection methods in network anomaly identification. The Computer Journal, 54(4), 570–588.CrossRef

36.

Beulah, J. R., & Punithavathani, D. S. (2015). Outlier detection methods for identifying network intrusions—A survey. International Journal of Applied Engineering Research, 10(19), 40488–40496.

37.

Hassani M., Seidl T., (2011) “Network intrusion detection using a secure ranking of hidden outliers”, In Proceedings of the Seventh International Computing Conference in Arabic, pp. 1–10.

38.

NSL-KDD Dataset [Online] Available: https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD/

39.

Hasan, M. A. M., Nasser, M., Ahmad, S., & Molla, K. I. (2016). Feature selection for intrusion detection using random forest. Journal of Information Security, 7(3), 129–140.CrossRef

40.

Beulah, J. R., & Punithavathani, D. S. (2018). A hybrid feature selection method for improved detection of wired/wireless network intrusions. Wireless Personal Communications, 98(2), 1853–1869.CrossRef

41.

Hall M.A. (1999) “Correlation-based feature selection for machine learning” Ph.D. dissertation, Dept. of Computer Science, The University of Waikato, Hamilton.

42.

Le Cessie, S., & Van Houwelingen, J. C. (1992). Ridge estimators in logistic regression. Applied Statistics, 41(1), 191–201.CrossRef

43.

Aha, D. W., Kibler, D., & Albert, M. K. (1991). Instance-based learning algorithms. Machine Learning, 6(1), 37–66.

44.

Kohavi R. (1996) “Scaling up the accuracy of naïve-Bayes classifiers: A decision tree hybrid”, In Proc. International Conference on KDD, pp. 202–207.

45.

Beulah, J. R., & Shalini Punithavathani, D. S. (2020). An efficient mixed attribute outlier detection method for identifying network intrusions. International Journal of Information Security and Privacy (IJISP), 14(3), 115–133.CrossRef

46.

Kemiche M., Beghdad R. (2014). “CAC-UA: A communicating ant for clustering to detect unknown attacks”, In Proceedings of Science and Information Conference, IEEE, pp. 515–522,

Title: Enhancing Detection of R2L Attacks by Multistage Clustering Based Outlier Detection
Authors: J. Rene Beulah
M. Nalini
D. Shiny Irene
D. Shalini Punithavathani
Publication date: 29-01-2022
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2022
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-022-09482-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2022

A Cognitive Knowledged Energy-Efficient Path Selection Using Centroid and Ant-Colony Optimized Hybrid Protocol for WSN-Assisted IoT

Circularly/Linearly Polarized Low-Profile Plasma Microstrip Antenna for MIMO Applications

Associative Zone Based Energy Balancing Routing for Expanding Energy Efficient and Routing Optimization Over the Sensor Network

Dual-Band and Dual Polarized Inverted Pentagonal Shaped Hybrid Cylindrical Dielectric Resonator Antenna for Wireless Applications

A non-ranging Fusion Location Algorithm for Concave Regions

Multi-User Transmit Beamforming for Achieving Higher Capacity and Reliability in 5G Standards