nach oben

Neural Computing and Applications

Erschienen in:

17.06.2016 | Original Article

An effective combining classifier approach using tree algorithms for network intrusion detection

verfasst von: Jasmin Kevric, Samed Jukic, Abdulhamit Subasi

Erschienen in: Neural Computing and Applications | Sonderheft 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we developed a combining classifier model based on tree-based algorithms for network intrusion detection. The NSL-KDD dataset, a much improved version of the original KDDCUP’99 dataset, was used to evaluate the performance of our detection algorithm. The task of our detection algorithm was to classify whether the incoming network traffics are normal or an attack, based on 41 features describing every pattern of network traffic. The detection accuracy of 89.24 % was achieved using the combination of random tree and NBTree algorithms based on the sum rule scheme, outperforming the individual random tree algorithm. This result represents the highest result achieved so far using the complete NSL-KDD dataset. Therefore, combining classifier approach based on the sum rule scheme can yield better results than individual classifiers, giving us hope of better anomaly based intrusion detection systems in the future.

Vorheriger Artikel Application of PSO to develop a powerful equation for prediction of flyrock due to blasting

Nächster Artikel GRASP for connected dominating set problems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Stallings W, Brown L (2008) Computer security principals and practice. Pearson Education, Upper Saddle River

C. S. Institute and F. Investigation (2005) In: Proceedings of the 10th annual computer crime and security survey

Anderson JP (1980) Computer security threat monitoring and surveillance. James P. Anderson Co., Fort Washington

Debar H, Dacier M, Wespi A (2000) A revised taxonomy for intrusion detection systems. Ann Telecommun 55(7):361–378

Stallings W (2006) Cryptography and network security principles and practices. Prentice Hall, Englewood Cliffs

Tsai C, Hsu Y, Lin C, Lin W (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36:11994–12000CrossRef

Salama MA, Eid HF, Ramadan RA, Darwish A, Hassanien AE (2011) Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha A, Takahashi R, Schaefer G,Costa L (eds) Soft computing in industrial applications, Springer, Berlin, Heidelberg, pp 293–303

Natesan P, Rajesh P (2012) Cascaded classifier approach based on Adaboost to increase detection rate of rare network attack categories. Paper presented at the international conference on recent trends In information technology (ICRTIT), pp 417–422.

Mohammadi M, Raahemi B, Akbari A, Nassersharif B (2011) Class dependent feature transformation for intrusion detection systems. In: 19th Iranian conference on electrical engineering (ICEE)

10.

Tavallaee M, Bagheri E, Lu W, Ghorbani A-A (2009) A detailed analysis of the KDD CUP 99 data set. In: Second IEEE symposium on computational intelligence for security and defence applications

11.

Wang T, Mabu S, Lu N, Hirasawa K (2011) A novel intrusion detection system based on the 2-dimensional space distribution of average matching degree. In: SICE annual conference, Tokyo

12.

Harb HM, Desuky AS (2011) Adaboost ensemble with genetic algorithm postoptimization for intrusion detection. Int J Comput Sci Issues 8(5):28–33

13.

Wu S, Banzhaf W (2010) The use of computational intelligence in intrusion detection: a review. Appl Soft Comput 10:1–35CrossRef

14.

KDD Cup (1999) [Online]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

15.

The NSL-KDD Data Set [Online]. http://iscx.ca/NSL-KDD/

16.

McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans Inf Syst Secur 3(4):262–294CrossRef

17.

Mahoney MV, Chan PK (2003) An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In recent advances in intrusion detection (RAID2003), Lecture Notes in Computer Science, vol. 2820. Springer-Verlag, pp 220–237

18.

Kohavi R (1996) Scaling up the accuracy of Naive-Bayes classifiers: a decision-tree hybrid. In: Proceedings of the second international conference on knowledge discovery and data mining

19.

Quinlan JR (1993) C4.5: programs for machine learning. Morgan Kaufmann Publishers, Inc., Los Altos

20.

Aldous D (1991) The continuum random tree. I. Ann Probab 19:1–28MathSciNetCrossRefMATH

21.

Kromer P, Platos J, Snasel V, Abraham A (2011) Fuzzy classification by evolutionary algorithms. In: IEEE international conference on systems, man, and cybernetics

22.

Panda M, Abraham A, Patra MR (2010) Discriminative multinomial Naive Bayes for network intrusion detection. In: Sixth international conference on information assurance and security

23.

Panda M, Abraham A, Patra MR (2012) A hybrid intelligent approach for network intrusion detection. Procedia Eng 30:1–9CrossRef

24.

Sethuramalingam S, Naganathan ER (2011) Hybrid feature selection for network intrusion. Int J Comput Sci Eng 3(5):1773–1780

25.

Koshal J, Bag M (2012) Cascading of C4.5 decision tree and support vector machine for rule based intrusion detection system. Int J Comput Netw Inf Secur 4(8):8–20

26.

Naoum RS, Abid NA, Al-Sultani ZN (2012) An enhanced resilient backpropagation artificial neural network for intrusion detection system. Int J Comput Sci Netw Secur 12(3):11–16

27.

Naoum RS, Al-Sultani ZN (2012) Learning vector quantization (LVQ) and k-nearest neighbor for intrusion classification. World Comput Sci Inf Technol J 2(3):105–109

28.

Eid HF, Darwish A, Hassanien AE, Abraham A (2010) Principle components analysis and support vector machine based intrusion detection system. In: 10th International conference on intelligent systems design and applications (ISDA)

29.

Zhang Yichi, Wang Lingfeng, Sun Weiqing, Green Robert C, Mansoor A (2011) Distributed intrusion detection system in a multi-layer network architecture of smart grids. IEEE Trans Smart Grid 2(4):796–808CrossRef

30.

Lakhina S, Joseph S, Bhupendra V (2010) Feature reduction using principal component analysis for effective anomaly–based intrusion detection on NSL-KDD. Int J Eng Sci Technol 2(6):1790–1799

31.

Saurabh M, Neelam S (2012) Intrusion detection using Naive Bayes classifier with feature reduction. Procedia Technol 4:119–128CrossRef

32.

Kumar S, Nandi S, Biswas S (2011) Research and application of one-class small hypersphere support vector machine for network anomaly detection. In: Third international conference on communication systems and networks (COMSNETS)

33.

Gandhi GM, Appavoo K, Srivatsa SK (2010) Effective network intrusion detection using classifiers decision trees and decision rules. Int J Adv Netw Appl 2(3):686–692

34.

Kim G, Lee S, Sehun K (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41:1690–1700CrossRef

35.

Pereira CR, Nakamura RYM, Costa KA, Papa JP (2012) An optimum-path forest frame work for intrusion detection in computer networks. Eng Appl Artif Intell 25:1226–1234CrossRef

36.

Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18CrossRef

37.

Good IJ (1965) The estimation of probabilities: an essay on modern Bayesian methods. MIT Press, CambridgeMATH

38.

Langley P, Iba W, Thompson K (1992) An analysis of Bayesian classifiers. In: Proceedings of the tenth national conference on artificial intelligence

39.

Fayyad UM, Irani KB (1993) Multi-interval discretization of continuous-valued attributes for classification learning. In: Proceedings of the 13th international joint conference on artificial intelligence

40.

Dougherty J, Kohavi R, Sahami M (1995) Supervised and unsupervised discretization of continuous features. In: Prieditis A, Russell S (eds) Machine learning: proceedings of the twelfth international conference. Morgan Kaufmann, Los Altos, pp 194–202

41.

Breiman L, Friedman J, Olshen R, Stone P (1984) Classification and regression trees. Wadsworth, BelmontMATH

42.

Utgoff PE (1988) Perceptron trees: a case study in hybrid concept representation. In: Proceedings of the seventh national conference on artificial intelligence

43.

Brachman RJ, Anand T (1996) The process of knowledge discovery in databases. In: Advances in knowledge discovery and data mining. AAAI Press, CA, USA, pp 37–57

44.

Jagannathan G, Pillaipakkamnatt K, Wright RN (2012) A practical differentially private random decision tree classifier. Trans Data Priv 5:273–295MathSciNet

45.

Zhang K, Fan W (2007) Forecasting skewed biased stochastic ozone days: analyses, solutions and beyond. Knowl Inf Syst 14(3):299–326MathSciNetCrossRef

46.

Kittler J, Hatef M, Duin RPW, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Learn 20(3):226–239CrossRef

Titel: An effective combining classifier approach using tree algorithms for network intrusion detection
verfasst von: Jasmin Kevric
Samed Jukic
Abdulhamit Subasi
Publikationsdatum: 17.06.2016
Verlag: Springer London
Erschienen in: Neural Computing and Applications / Ausgabe Sonderheft 1/2017
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-016-2418-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Sonderheft 1/2017

A novel approach to prediction of rheological characteristics of jet grout cement mixtures via genetic expression programming

Embedded real-time speed limit sign recognition using image processing and machine learning techniques

NADTW: new approach for detecting TCP worm

Development of chaotically improved meta-heuristics and modified BP neural network-based model for electrical energy demand prediction in smart grid

A parallel feature selection method study for text classification

Neural computing for walking gait pattern identification based on multi-sensor data fusion of lower limb muscles