nach oben

Cognitive Computation

Erschienen in:

05.06.2018

Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space

verfasst von: Buse Gul Atli, Yoan Miche, Aapo Kalliola, Ian Oliver, Silke Holtmanns, Amaury Lendasse

Erschienen in: Cognitive Computation | Ausgabe 5/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, with the increased use of network communication, the risk of compromising the information has grown immensely. Intrusions have become more sophisticated and few methods can achieve efficient results while the network behavior constantly changes. This paper proposes an intrusion detection system based on modeling distributions of network statistics and Extreme Learning Machine (ELM) to achieve high detection rates of intrusions. The proposed model aggregates the network traffic at the IP subnetwork level and the distribution of statistics are collected for the most frequent IPv4 addresses encountered as destination. The obtained probability distributions are learned by ELM. This model is evaluated on the ISCX-IDS 2012 dataset, which is collected using a real-time testbed. The model is compared against leading approaches using the same dataset. Experimental results show that the presented method achieves an average detection rate of 91% and a misclassification rate of 9%. The experimental results show that our methods significantly improve the performance of the simple ELM despite a trade-off between performance and time complexity. Furthermore, our methods achieve good performance in comparison with the other few state-of-the-art approaches evaluated on the ISCX-IDS 2012 dataset.

Vorheriger Artikel Conditional Random Mapping for Effective ELM Feature Representation

Nächster Artikel A Brain-Inspired Trust Management Model to Assure Security in a Cloud Based IoT Framework for Neuroscience Applications

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Akusok A, Miche Y, Hegedus J, Nian R, Lendasse A. A two-Stage methodology using k-NN and false-positive minimizing ELM for nominal data classification. Cogn Comput 2014;6(3):432–445.CrossRef

Ammar A. Decision tree classifier for intrusion detection priority tagging. J Comput Commun 2015;3(4):52.CrossRef

Argus. Auditing network activity.

Bace R, Mell P. 2001. NIST special publication on intrusion detection systems. US Department of Defense.

Baeza-Yates R, Ribeiro-Neto B, Vol. 463. Modern information retrieval. New York: ACM press; 1999.

Barayas O. How the Internet of Things Is Changing the Cybersecurity Landscape.

Bhuyan MH, Bhattacharyya DK, Kalita JK. Network anomaly detection: methods systems and tools. IEEE commun Surveys Tutor 2014;16:303–336.CrossRef

Bishop CM. 2006. Pattern recognition and machine learning.

Cormode G, Korn F, Muthukrishnan S, Srivastava D. Finding hierarchical heavy hitters in data streams. Proceedings of the 29th international conference on Very large data bases; 2003. p. 464–475.CrossRef

10.

Deng C, Wang S, Li Z, Huang GB, Lin W. Content-Insensitive blind image blurriness assessment using weibull statistics and sparse extreme learning machine. IEEE Trans Syst Man Cybern: Syst 2017;PP(99):1–12.

11.

Ding S, Zhang J, Jia H, Qian J. An adaptive density data stream clustering algorithm. Cogn Comput 2016;8(1):30–38.CrossRef

12.

Folino G, Pisani FS, Sabatino P. A distributed intrusion detection framework based on evolved specialized ensembles of classifiers. European conference on the applications of evolutionary computation. International Publishing; 2016. p. 315–331.

13.

Gaddam SR, Phoha VV, Balagani KS. K-means+ id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 2007;19(3): 345–354.CrossRef

14.

Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 2009;28:18–28.CrossRef

15.

Gu G, Fogla P, Dagon D, Lee W, Skorić B. Measuring intrusion detection capability: an information-theoretic approach. Proceedings of the 2006 ACM Symposium on Information computer and communications security; 2006. p. 90–101.

16.

Huang GB, Chen L, Siew CK. Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Netw 2006;17:879–892.CrossRefPubMed

17.

Huang G-B, Liang N-Y, Rong H-J, Saratchran P, Sundararajan N. On-line sequential extreme learning machine. Calgary: ACTA Press; 2005.

18.

Huang GB, Zhu QY, Siew CK. Extreme learning machine: theory and applications. Neurocomputing 2006; 70:489–501.CrossRef

19.

Huang G-B. An insight into extreme learning machines: random neurons, random features and kernels. Cogn Comput 2014;6(3):376–390.CrossRef

20.

Huang G-B. What are extreme learning machines? filling the gap between frank Rosenblatt’s dream and John von Neumann’s puzzle. Cogn Comput 2015;7(3):263–278.CrossRef

21.

Khan L, Awad M, Thuraisingham B. A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J—The Int J Very Large Data Bases 2007;16(4):507–521.CrossRef

22.

Kumar G, Kumar K. 2013. Design of an evolutionary approach for intrusion detection. The Scientific World Journal.

23.

Liao Y, Vemuri VR. Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 2002;21(5): 439–448.CrossRef

24.

Lim SY, Jones A. 2008. Network anomaly detection system: the state of art of network behaviour analysis pages 459–465.

25.

Liu X, Wang L, Yin J, Zhu E, Zhang J. An efficient approach to integrating radius information into multiple kernel learning. IEEE Tran Cybern 2013;43(2):557–569.CrossRef

26.

Liu X, Wang L, Huang G-B, Zhang J, Yin J. Multiple kernel extreme learning machine. Neurocomputing 2015;149:253–264.CrossRef

27.

Lucas M. Network flow analysis. San Francisco: No Starch Press; 2010.

28.

Mao W, Jiang M, Wang J, Li Y. Online extreme learning machine with hybrid sampling strategy for sequential imbalanced data. Cogn Comput 2017;9(6):780–800.CrossRef

29.

Miche Y, Sorjamaa A, Bas P, Simula O, Jutten C, Lendasse A. Op-elm: optimally pruned extreme learning machine. IEEE Trans Neural Netw 2010;21:158–162.CrossRefPubMed

30.

Patcha A, Jung-Min P. An overview of anomaly detection techniques Existing solutions and latest technological trends. Comput Netw 2007;51:3448–3470.CrossRef

31.

Perkins CE. 2010. IP mobility support for IPv4.

32.

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 2012;31:357–374.CrossRef

33.

Srinivasan V, Varghese G. Faster ip lookups using controlled prefix expansion. ACM SIGMETRICS Performance Evaluation Rev 1998;26:1–10.CrossRef

34.

Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J. Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 2015;64(9):2519–2533.CrossRef

35.

Vasan KK, Surendiran B. Dimensionality reduction using principal component analysis for network intrusion detection. Perspectives Sci 2016;8:510–512.CrossRef

36.

Wang G, Hao J, Ma J, Huang L. A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 2010;37(9):6225–6232.CrossRef

37.

Wang S, Deng C, Lin W, Huang GB, Zhao B. NMF-based image quality assessment using extreme learning machine. IEEE Trans Cybern 2017;47(1):232–243.CrossRefPubMed

38.

Xu K, Zhang ZL, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans Netw 2008;16:1241–1252.CrossRef

39.

Yassin W, Udzir NI, Muda Z, Sulaiman MN. Anomaly-based intrusion detection through k-means clustering and naives bayes classification. Proceedings of the 4th International Conference on Computing and Informatics; 2013. p. 298–303.

Titel: Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space
verfasst von: Buse Gul Atli
Yoan Miche
Aapo Kalliola
Ian Oliver
Silke Holtmanns
Amaury Lendasse
Publikationsdatum: 05.06.2018
Verlag: Springer US
Erschienen in: Cognitive Computation / Ausgabe 5/2018
Print ISSN: 1866-9956
Elektronische ISSN: 1866-9964
DOI: https://doi.org/10.1007/s12559-018-9564-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2018

Dual Hesitant Fuzzy Soft Aggregation Operators and Their Application in Decision-Making

A Brain-Inspired Trust Management Model to Assure Security in a Cloud Based IoT Framework for Neuroscience Applications

End-to-End ConvNet for Tactile Recognition Using Residual Orthogonal Tiling and Pyramid Convolution Ensemble

Outranking Decision-Making Method with Z-Number Cognitive Information

A Generative Model of Cognitive State from Task and Eye Movements

A Projection-Based Outranking Method with Multi-Hesitant Fuzzy Linguistic Term Sets for Hotel Location Selection