Top

Evolutionary Intelligence

Published in:

12-05-2021 | Research Paper

Optimum-path forest stacking-based ensemble for intrusion detection

Authors: Mateus A. Bertoni, Gustavo H. de Rosa, Jose R. F. Brega

Published in: Evolutionary Intelligence | Issue 3/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Machine learning techniques have been extensively researched in the last years, mainly due to their effectiveness when dealing with recognition or classification applications. Typically, one can comprehend using a Machine Learning system to autonomously delegate routines, save human efforts, and produce great insights regarding decision-making tasks. This paper introduces and validates a stacking-based ensemble approach using Optimum-Path Forest classifiers in intrusion detection tasks. Instead of only using the famous NSL-KDD dataset, we propose a new dataset called uneSPY, which we believe will fill the gap concerning new intrusion detection datasets. Both datasets were evaluated under several classifiers, including Logistic Regression, Decision Trees, Support Vector Machines, Optimum-Path Forests, and compared against Optimum-Path Forest stacking-based ensembles. Experimental results showed an Optimum-Path Forest stacking-based ensemble classification suitability, particularly when considering its ability to generalize large volumes of data while sustaining its performance.

previous article MRMR-SSA: a hybrid approach for optimal feature selection

next article Higher order ANN parameter optimization using hybrid opposition-elitism based metaheuristic

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Prototypes are master nodes representing a specific class and conquer other nodes.

MSTs are subgraphs that connect all nodes within the same set using the minimum possible cost.

Regions more likely to classification mistakes.

Described in Appendix 1 and available in http://recogna.tech/files/datasets/unespy.rar.

Wi-Fi adapter model: TP-Link TL-WN725N V2.

Available in http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

https://scikit-learn.org.

The source code is available at https://github.com/malvesbertoni/ensemble_opf.

Amarudin, Ferdiana, R., Widyawan: A systematic literature review of intrusion detection system for network security: Research trends, datasets and methods. In: 2020 4th international conference on informatics and computational sciences (ICICoS), pp 1–6 (2020). https://doi.org/10.1109/ICICoS51170.2020.9299068

Asrafi N, Lo DCT, Parizi RM, Shi Y, Chen YW (2020) Comparing performance of malware classification on automated stacking. In: Proceedings of the 2020 ACM southeast conference, ACM SE ’20, pp 307–308. Association for Computing Machinery, New York, NY, USA . https://doi.org/10.1145/3374135.3385316. https://doi.org/10.1145/3374135.3385316

Balajinath B, Raghavan S (2001) Intrusion detection through learning behavior model. Comput Commun 24(12):1202–1212. https://doi.org/10.1016/S0140-3664(00)00364-9CrossRef

Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutor 16(1):303–336. https://doi.org/10.1109/SURV.2013.052213.00046CrossRef

Breiman L (1996) Stacked regressions. Mach Learn 24(1):49–64. https://doi.org/10.1023/A:1018046112532.CrossRefMATH

Chand N, Mishra P, Krishna CR, Pilli ES, Govil MC (2016) A comparative analysis of svm and its stacking with other classification algorithm for intrusion detection. In: 2016 international conference on advances in computing, communication, automation (ICACCA) (Spring), pp 1–6 . https://doi.org/10.1109/ICACCA.2016.7578859

Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3), 15:1–15:58 . https://doi.org/10.1145/1541880.1541882

Cisco: The 2018 cisco annual security report. In: The 2018 Cisco annual security report, pp. 46–47. Cisco Systems (2013)

Demšar J (2006) Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res 7:1–30MathSciNetMATH

10.

Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng SE-13(2), 222–232 . https://doi.org/10.1109/TSE.1987.232894

11.

Friedman M (1937) The use of ranks to avoid the assumption of normality implicit in the analysis of variance. J Am Stat Assoc 32(200), 675–701 . http://www.jstor.org/stable/2279372

12.

Hansen LK, Salamon P (1990) Neural network ensembles. IEEE Trans Pattern Anal Mach Intell 12(10):993–1001. https://doi.org/10.1109/34.58871CrossRef

13.

Hsu Y, He Z, Tarutani Y, Matsuoka M (2019) Toward an online network intrusion detection system based on ensemble learning. In: 2019 IEEE 12th international conference on cloud computing (CLOUD), pp 174–178 . https://doi.org/10.1109/CLOUD.2019.00037

14.

Kaushik SS, Deshmukh DR (2011) Detection of attacks in an intrusion detection system

15.

Kendall KKR (1999) A database of computer attacks for the evaluation of intrusion detection systems. Ph.D. thesis, Massachusetts Institute of Technology

16.

Krishnaveni S, Sivamohan S, Sridhar S, Prabakaran S (2021) Efficient feature selection and classification through ensemble method for network intrusion detection on cloud computing. Cluster Comput. https://doi.org/10.1007/s10586-020-03222-y

17.

Mirza AH (2018) Computer network intrusion detection using various classifiers and ensemble learning. In: 2018 26th signal processing and communications applications conference (SIU), pp 1–4 . https://doi.org/10.1109/SIU.2018.8404704

18.

Mukhopadhyay I, Chakraborty M, Chakrabarti S (2011) A comparative study of related technologies of intrusion detection & prevention systems. J Inf Secur 2:28–38. https://doi.org/10.4236/jis.2011.21003CrossRef

19.

Musa US, Chhabra M, Ali A, Kaur M (2020) Intrusion detection system using machine learning techniques: A review. In: 2020 international conference on smart electronics and communication (ICOSEC), pp 149–155 . https://doi.org/10.1109/ICOSEC49089.2020.9215333

20.

Nemenyi P (1963) Distribution-free multiple comparisons. Princeton University . https://books.google.com.br/books?id=nhDMtgAACAAJ

21.

P. Lippmann, R., J. Fried, D., Graf, I., W. Haines, J., R. Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. pp 12–26 vol.2 (2000). https://doi.org/10.1109/DISCEX.2000.821506

22.

Papa JP, Falcao AX, Suzuki CT (2009) Supervised pattern classification based on optimum-path forest. Int J Imaging Syst Technol 19(2):120–131CrossRef

23.

Rajadurai H, Gandhi UD (2020) A stacked ensemble learning model for intrusion detection in wireless network. Neural Comput Appl

24.

Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur Commun Netw. https://doi.org/10.1155/2020/4586875

25.

Resende PAA, Drummond AC (2018) A survey of random forest based methods for intrusion detection systems 51:3. https://doi.org/10.1145/3178582.CrossRef

26.

Revathi S, Malathi A (2013) A detailed analysis on nsl-kdd dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (IJERT) 2:1848–1853

27.

de Rosa GH, Papa JP, Falcão AX (2020) Opfython: A python-inspired optimum-path forest classifier

28.

Schapire RE (1990) The strength of weak learnability. Mach Learn 5(2):197–227. https://doi.org/10.1023/A:1022648800760CrossRef

29.

Tama BA, Patil AS, Rhee K (2017) An improved model of anomaly detection using two-level classifier ensemble. In: 2017 12th Asia joint conference on information security (AsiaJCIS), pp 1–4 . https://doi.org/10.1109/AsiaJCIS.2017.9

30.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the kdd cup 99 data set. In: Proceedings of the second IEEE international conference on computational intelligence for security and defense applications, CISDA’09, pp 53–58. IEEE Press, Piscataway, NJ, USA

31.

Timčenko V, Gajin S (2017) Ensemble classifiers for supervised anomaly based network intrusion detection. In: 2017 13th IEEE international conference on intelligent computer communication and processing (ICCP), pp 13–19 . https://doi.org/10.1109/ICCP.2017.8116977

32.

Wolpert DH (1992) Stacked generalization. Neural Netw 5(2):241–259. https://doi.org/10.1016/S0893-6080(05)80023-1 (http://www.sciencedirect.com/science/article/pii/S0893608005800231)CrossRef

33.

Yang P, Wan X, Shi G, Qu H, Li J, Yang L (2020) Naruto: DNS Covert Channels Detection Based on Stacking Model, p. 109–115. Association for Computing Machinery, New York, NY, USA . https://doi.org/10.1145/3425329.3425336

34.

Zhou Y, Cheng G (2019) An efficient network intrusion detection system based on feature selection and ensemble classifier. CoRR abs/1904.01352 . http://arxiv.org/abs/1904.01352

Title: Optimum-path forest stacking-based ensemble for intrusion detection
Authors: Mateus A. Bertoni
Gustavo H. de Rosa
Jose R. F. Brega
Publication date: 12-05-2021
Publisher: Springer Berlin Heidelberg
Published in: Evolutionary Intelligence / Issue 3/2022
Print ISSN: 1864-5909
Electronic ISSN: 1864-5917
DOI: https://doi.org/10.1007/s12065-021-00609-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2022

An adaptive mutation strategy for differential evolution algorithm based on particle swarm optimization

Chaotic vortex search algorithm: metaheuristic algorithm for feature selection

Higher order ANN parameter optimization using hybrid opposition-elitism based metaheuristic

Online product recommendation system using gated recurrent unit with Broyden Fletcher Goldfarb Shanno algorithm

Automatic sleep stage classification with reduced epoch of EEG

A novel improved atom search optimization algorithm for designing power system stabilizer

Premium Partner