Building an Effective Intrusion Detection System by Using Hybrid Data Optimization Based on Machine Learning Algorithms

Intrusion detection system (IDS) can effectively identify anomaly behaviors in the network; however, it still has low detection rate and high false alarm rate especially for anomalies with fewer records. In this paper, we propose an effective IDS by using hybrid data optimization which consists of two parts: data sampling and feature selection, called DO_IDS. In data sampling, the Isolation Forest (iForest) is used to eliminate outliers, genetic algorithm (GA) to optimize the sampling ratio, and the Random Forest (RF) classifier as the evaluation criteria to obtain the optimal training dataset. In feature selection, GA and RF are used again to obtain the optimal feature subset. Finally, an intrusion detection system based on RF is built using the optimal training dataset obtained by data sampling and the features selected by feature selection. The experiment will be carried out on the UNSW-NB15 dataset. Compared with other algorithms, the model has obvious advantages in detecting rare anomaly behaviors.

Download Full-text

An ensemble feature selection approach using hybrid kernel based SVM for network intrusion detection system

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v23.i1.pp558-565 ◽

2021 ◽

Vol 23 (1) ◽

pp. 558

Author(s):

Gaddam Venu Gopal ◽

Gatram Rama Mohan Babu

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Network Intrusion Detection ◽

Support Vector ◽

Feature Subset ◽

Network Intrusion ◽

Feature Selection Approach ◽

Hybrid Kernel

Feature selection is a process of identifying relevant feature subset that leads to the machine learning algorithm in a well-defined manner. In this paper, anovel ensemble feature selection approach that comprises of Relief Attribute Evaluation and hybrid kernel-based support vector machine (HK-SVM) approach is proposed as a feature selection method for network intrusion detection system (NIDS). A Hybrid approach along with the combination of Gaussian and Polynomial methods is used as a kernel for support vector machine (SVM). The key issue is to select a feature subset that yields good accuracy at a minimal computational cost. The proposed approach is implemented and compared with classical SVM and simple kernel. Kyoto2006+, a bench mark intrusion detection dataset,is used for experimental evaluation and then observations are drawn.

Download Full-text

Routing Attacs pada Internet Of Things Berbasis Smart Intrution Detecion System

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2020721926 ◽

2020 ◽

Vol 7 (2) ◽

pp. 329

Author(s):

Eka Lailatus Sofa ◽

Subiyanto Subiyanto

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Learning Algorithm ◽

Detection System ◽

Machine Learning Algorithms ◽

Machine Learning Algorithm ◽

Routing Attacks

Internet of Things (IoT) telah memasuki berbagai aspek kehidupan manusia, diantaranya smart city, smart home, smart street, dan smart industry yang memanfaatkan internet untuk memantau informasi yang dibutuhkan. Meskipun sudah dienkripsi dan diautentikasi, protokol jaringan <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) yang dapat menghubungkan benda-benda yang terbatas sumber daya di IoT masih belum dapat diandalkan. Hal ini dikarenakan benda-benda tersebut masih dapat terpapar oleh routing attacks yang berasal dari jaringan 6LoWPAN dan internet. Makalah ini menyajikan kinerja Smart Intrusion Detection System berdasarkan Compression Header Analyzer untuk menganalisis model routing attacks lainnya pada jaringan IoT. IDS menggunakan compression header 6LoWPAN sebagai fitur untuk machine learning algorithm dalam mempelajari jenis routing attacks. Skenario simulasi dikembangkan untuk mendeteksi routing attacks berupa selective forwarding attack dan sinkhole attack. Pengujian dilakukan menggunakan feature selection dan machine learning algorithm. Feature selection digunakan untuk menentukan fitur signifikan yang dapat membedakan antara aktivitas normal dan abnormal. Sementara machine learning algorithm digunakan untuk mengklasifikasikan routing attacks pada jaringan IoT. Ada tujuh machine learning algorithm yang digunakan dalam klasifikasi antara lain Random Forest, Random Tree, J48, Bayes Net, JRip, SMO, dan Naive Bayes. Hasil percobaan disajikan untuk menunjukkan kinerja Smart Intrusion Detection System berdasarkan Compression Header Analyzer dalam menganalisis routing attacks. Hasil evaluasi menunjukkan bahwa IDS ini dapat mendeteksi antara serangan dan non-serangan. AbstractInternet of Things (IoT) has entered various aspects of human life including smart city, smart home, smart street, and smart industries that use the internet to get the information they need. Even though it's encrypted and authenticated, Internet protocol <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) networks that can connect limited resources to IoT are still unreliable. This is because these objects can still be exposed to attacks from 6LoWPAN and the internet. This paper presents the performance of an Smart Intrusion Detection System based on Compression Header Analyzer to analyze other routing attack models on IoT networks. IDS uses a 6LoWPAN compression header as a feature for machine learning algorithms in learning the types of routing attacks. Simulation scenario was developed to detect routing attacks in the form of selective forwarding and sinkhole. Testing is done using the feature selection and machine learning algorithm. Feature selection is used to determine significant features that can distinguish between normal and abnormal activities. While machine learning algorithm is used to classify attacks on IoT networks. There were seven machine learning algorithms used in the classification including Random Forests, Random Trees, J48, Bayes Net, JRip, SMO, and Naive Bayes. Experiment Results to show the results of the Smart Intrusion Detection System based on Compression Header Analyzer in analyzing routing attacks. The evaluation results show that this IDS can protect between attacks and non-attacks.

Download Full-text

Intrusion Detection System using Feature Selection With Clustering and Classification Machine Learning Algorithms on the UNSW-NB15 dataset

2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT) ◽

10.1109/3ict51146.2020.9312002 ◽

2020 ◽

Author(s):

Mohamed Hammad ◽

Wael El-medany ◽

Yasser Ismail

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Clustering And Classification

Download Full-text

Intrusion Detection System for Malicious Traffic Using Evolutionary Search Algorithm

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813999200821162547 ◽

2020 ◽

Vol 13 ◽

Author(s):

Samar Al-Saqqa ◽

Mustafa Al-Fayoumi ◽

Malik Qasaimeh

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Search Algorithm ◽

Detection System ◽

Feature Subset Selection ◽

Intrusion Detection Systems ◽

Feature Subset ◽

Evolutionary Search ◽

Detection Systems

Introduction: Intrusion detection systems play a key role in system security by identifying potential attacks and giving appropriate responses. As new attacks are always emerging, intrusion detection systems must adapt to these attacks, and more work is continuously needed to develop and propose new methods and techniques that can improve efficient and effective adaptive intrusion systems. Feature selection is one of the challenging areas that need more work because of its importance and impact on the performance of intrusion detection systems. This paper applies evolutionary search algorithm in feature subset selection for intrusion detection systems. Methods: The evolutionary search algorithm for the feature subset selection is applied and two classifiers are used, Naïve Bayes and decision tree J48, to evaluate system performance before and after features selection. NSL-KDD dataset and its subsets are used in all evaluation experiments. Results: The results show that feature selection using the evolutionary search algorithm enhances the intrusion detection system with respect to detection accuracy and detection of unknown attacks. Furthermore, time performance is achieved by reducing training time, which is reflected positively in overall system performance. Discussion: The evolutionary search applied to select IDS algorithm features can be developed by modifying and enhancing mutation and crossover operators and applying new enhanced techniques in the selection process, which can give better results and enhance the performance of intrusion detection for rare and complicated attacks. Conclusion: The evolutionary search algorithm is applied to find the best subset of features for the intrusion detection system. In conclusion, it is a promising approach to be used as a feature selection method for intrusion detection. The results showed better performance for the intrusion detection system in terms of accuracy and detection rate.

Download Full-text

Performance Enhancement of Intrusion Detection System Using Machine Learning Algorithms with Feature Selection

10.1109/itnac53136.2021.9652151 ◽

2021 ◽

Author(s):

Anuradha Samkham Raju ◽

Md Mamunur Rashid ◽

Fariza Sabrina

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Performance Enhancement ◽

Detection System ◽

Learning Algorithms ◽

Machine Learning Algorithms

Download Full-text

Improved TLBO-JAYA Algorithm for Subset Feature Selection and Parameter Optimisation in Intrusion Detection System

Complexity ◽

10.1155/2020/5287684 ◽

2020 ◽

Vol 2020 ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Mohammad Aljanabi ◽

Mohd Arfian Ismail ◽

Vitaly Mezhuyev

Keyword(s):

Support Vector Machine ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Parameter Tuning ◽

Feature Subset Selection ◽

Supervised Machine Learning ◽

Support Vector ◽

Feature Subset

Many optimisation-based intrusion detection algorithms have been developed and are widely used for intrusion identification. This condition is attributed to the increasing number of audit data features and the decreasing performance of human-based smart intrusion detection systems regarding classification accuracy, false alarm rate, and classification time. Feature selection and classifier parameter tuning are important factors that affect the performance of any intrusion detection system. In this paper, an improved intrusion detection algorithm for multiclass classification was presented and discussed in detail. The proposed method combined the improved teaching-learning-based optimisation (ITLBO) algorithm, improved parallel JAYA (IPJAYA) algorithm, and support vector machine. ITLBO with supervised machine learning (ML) technique was used for feature subset selection (FSS). The selection of the least number of features without causing an effect on the result accuracy in FSS is a multiobjective optimisation problem. This work proposes ITLBO as an FSS mechanism, and its algorithm-specific, parameterless concept (no parameter tuning is required during optimisation) was explored. IPJAYA in this study was used to update the C and gamma parameters of the support vector machine (SVM). Several experiments were performed on the prominent intrusion ML dataset, where significant enhancements were observed with the suggested ITLBO-IPJAYA-SVM algorithm compared with the classical TLBO and JAYA algorithms.

Download Full-text

An Ensemble approach for feature selection and classification in intrusion detection using Extra-Tree algorithm

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2022010113 ◽

2022 ◽

Vol 16 (1) ◽

pp. 0-0

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Final Decision ◽

Feature Subset ◽

Tree Classifier ◽

Multiple Thresholds ◽

Feature Importance ◽

Web Communication

The number of attacks increased with speedy development in web communication in the last couple of years. The Anomaly Detection method for IDS has become substantial in detecting novel attacks in Intrusion Detection System (IDS). Achieving high accuracy are the significant challenges in designing an intrusion detection system. It also emphasizes applying different feature selection techniques to identify the most suitable feature subset. The author uses Extremely randomized trees (Extra-Tree) for feature importance. The author tries multiple thresholds on the feature importance parameters to find the best features. If single classifiers use, then the classifier's output is wrong, so that the final decision may be wrong. So The author uses an Extra-Tree classifier applied to the best-selected features. The proposed method is estimated on standard datasets KDD CUP'99, NSL-KDD, and UNSW-NB15. The experimental results show that the proposed approach performs better than existing methods in detection rate, false alarm rate, and accuracy.

Download Full-text