(MET’s Institute of Engineering, Nashik, Savitribai Phule Pune University, Pune, India)(2) Dipak Vitthalrao Patil
(GES R. H. Sapat College of Engineering, Management Studies and Research, Nashik, Savitribai Phule Pune University, Pune, India)*corresponding author
AbstractThe majority of network intrusion detection systems use a signature matching technique. To detect abnormalities and unfamiliar attacks using machine learning methods is a more reliable approach. However, due to significant variations in attack trends, applying a single classifier is impractical for the effective detection of all types and forms of attacks, particularly rare attacks such as User2Root (U2R) and Remote2Local (R2L). Consequently, a hybrid strategy is expected to provide more promising performance. The proposed Two-Layered Collaborative Approach (TLCA) particularly addresses the problem as mentioned earlier. Principal Component Analysis optimizes variables to handle the variation resulting from every kind of attack. The proposed method investigates several types of attacks and discovered that the behaviors of U2R and R2L attacks are similar to those of regular users’ characteristics. To identify DoS and Probe attacks, TLCA uses a Shallow Learning classifier, such as Gaussian Naïve Bayes, as Layer 1. Similarly, the Support Vector Machine at Layer 2 discriminates between U2R and R2L and typical occurrences. We have divided KDDTrain+ into Set 1 and Set 2 by observing that it involves two 2-dimensional PCA analyses. Cross-sectional Correlated Feature Selection (CCFS) is employed to choose key attributes. PCA and KPCA are applied to datasets to reduce dimensionality. The results obtained using the proposed method on the NSL-KDD dataset are compared with those of available benchmark methods. According to the experimental data, TLCA outperforms all single machine learning classifiers and surpasses many current cutting-edge IDS approaches. The proposed method achieves detection rates of 92.4%, 92.3%, 95.6%, and 100% for DoS, Probe, R2L, and U2R, respectively. The proposed TLCA also demonstrates a better ability to identify unusual attacks. It also yields improved detection rate results for known attacks, at 94.1%, and for unknown attacks, at 91.1%, when using the KDDTest+ dataset for testing.
KeywordsTwo-layered collaborative approach; Cross-sectional correlation feature selection; Gaussian Naïve Bayes; Intrusion detection system; Network security; Support Vector Machine; Kernel Principal Component Analysis.
|
DOIhttps://doi.org/10.26555/ijain.v11i3.2035 |
Article metricsAbstract views : 195 | PDF views : 22 |
Cite |
Full Text Download
|
References
[1] T. Wisanwanichthan and M. Thammawichai, “A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naive Bayes and SVM,” IEEE Access, vol. 9, pp. 138432–138450, 2021, doi: 10.1109/ACCESS.2021.3118573.
[2] M. H. and S. Kumar, “Network Intrusion Detection System using Convolution Recurrent Neural Networks and NSL-KDD Dataset,” Fusion Pract. Appl., vol. 13, no. 1, pp. 117–125, 2023, doi: 10.54216/FPA.130109.
[3] U. S. Musa, M. Chhabra, A. Ali, and M. Kaur, “Intrusion Detection System using Machine Learning Techniques: A Review,” in 2020 International Conference on Smart Electronics and Communication (ICOSEC), Sep. 2020, pp. 149–155, doi: 10.1109/ICOSEC49089.2020.9215333.
[4] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Jul. 2009, no. July, pp. 1–6, doi: 10.1109/CISDA.2009.5356528.
[5] H. H. Pajouh, R. Javidan, R. Khayami, A. Dehghantanha, and K.-K. R. Choo, “A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,” IEEE Trans. Emerg. Top. Comput., vol. 7, no. 2, pp. 314–323, Apr. 2019, doi: 10.1109/TETC.2016.2633228.
[6] I. Ahmad, M. Basheri, M. J. Iqbal, and A. Rahim, “Performance Comparison of Support Vector Machine, Random Forest, and Extreme Learning Machine for Intrusion Detection,” IEEE Access, vol. 6, pp. 33789–33795, May 2018, doi: 10.1109/ACCESS.2018.2841987.
[7] X. Gao, C. Shan, C. Hu, Z. Niu, and Z. Liu, “An Adaptive Ensemble Machine Learning Model for Intrusion Detection,” IEEE Access, vol. 7, pp. 82512–82521, 2019, doi: 10.1109/ACCESS.2019.2923640.
[8] J. Gao, S. Chai, B. Zhang, and Y. Xia, “Research on Network Intrusion Detection Based on Incremental Extreme Learning Machine and Adaptive Principal Component Analysis,” Energies, vol. 12, no. 7, p. 1223, Mar. 2019, doi: 10.3390/en12071223.
[9] Y. Zhang, Q. Yang, S. Lambotharan, K. Kyriakopoulos, I. Ghafir, and B. AsSadhan, “Anomaly-Based Network Intrusion Detection Using SVM,” in 2019 11th International Conference on Wireless Communications and Signal Processing (WCSP), Oct. 2019, pp. 1–6, doi: 10.1109/WCSP.2019.8927907.
[10] M. Li, “Application of CART decision tree combined with PCA algorithm in intrusion detection,” in 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Nov. 2017, vol. 2017-Novem, pp. 38–41, doi: 10.1109/ICSESS.2017.8342859.
[11] W. Li, P. Yi, Y. Wu, L. Pan, and J. Li, “A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network,” J. Electr. Comput. Eng., vol. 2014, no. 1, pp. 1–8, Jan. 2014, doi: 10.1155/2014/240217.
[12] R. F. Fouladi, C. E. Kayatas, and E. Anarim, “Frequency based DDoS attack detection approach using naive Bayes classification,” in 2016 39th International Conference on Telecommunications and Signal Processing (TSP), Jun. 2016, pp. 104–107, doi: 10.1109/TSP.2016.7760838.
[13] J. V. Anand Sukumar, I. Pranav, M. Neetish, and J. Narayanan, “Network Intrusion Detection Using Improved Genetic k-means Algorithm,” in 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Sep. 2018, pp. 2441–2446, doi: 10.1109/ICACCI.2018.8554710.
[14] B. A. Tama, M. Comuzzi, and K.-H. Rhee, “TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System,” IEEE Access, vol. 7, pp. 94497–94507, 2019, doi: 10.1109/ACCESS.2019.2928048.
[15] W. Feng, Q. Zhang, G. Hu, and J. X. Huang, “Mining network data for intrusion detection through combining SVMs with ant colony networks,” Futur. Gener. Comput. Syst., vol. 37, pp. 127–140, Jul. 2014, doi: 10.1016/j.future.2013.06.027.
[16] S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, and H. Karimipour, “Cyber intrusion detection by combined feature selection algorithm,” J. Inf. Secur. Appl., vol. 44, pp. 80–88, Feb. 2019, doi: 10.1016/j.jisa.2018.11.007.
[17] K. Jiang, W. Wang, A. Wang, and H. Wu, “Network Intrusion Detection Combined Hybrid Sampling With Deep Hierarchical Network,” IEEE Access, vol. 8, pp. 32464–32476, 2020, doi: 10.1109/ACCESS.2020.2973730.
[18] Y. C. C. Mohammadpour Leila, Chaw Ling Teck, Sun Liew Chee, “A Convolutional Neural Network for Network,” A Convolutional Neural Netw. Netw. Intrusion Detect. Syst., pp. 50–55, 2018, [Online]. Available at: https://core.ac.uk/download/pdf/229876031.pdf.
[19] Y. Ding and Y. Zhai, “Intrusion Detection System for NSL-KDD Dataset Using Convolutional Neural Networks,” in Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence, Dec. 2018, pp. 81–85, doi: 10.1145/3297156.3297230.
[20] C. Yin, Y. Zhu, J. Fei, and X. He, “A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks,” IEEE Access, vol. 5, pp. 21954–21961, Oct. 2017, doi: 10.1109/ACCESS.2017.2762418.
[21] H. Yao, Q. Wang, L. Wang, P. Zhang, M. Li, and Y. Liu, “An Intrusion Detection Framework Based on Hybrid Multi-Level Data Mining,” Int. J. Parallel Program., vol. 47, no. 4, pp. 740–758, Aug. 2019, doi: 10.1007/s10766-017-0537-7.
[22] N. B. Nanda and A. Parikh, “Hybrid Approach for Network Intrusion Detection System Using Random Forest Classifier and Rough Set Theory for Rules Generation,” in Communications in Computer and Information Science, vol. 1076, Springer, Singapore, 2019, pp. 274–287, doi: 10.1007/978-981-15-0111-1_25.
[23] B. S. Sukhadeo, R. N. Patil, R. Atole, Y. D. Sinkar, U. C. Patkar, and R. Chopade, “MLIDS: A Machine Learning-Based Intrusion Detection System Using the NSLKDD Data,” Int. J. Intell. Syst. Appl. Eng., vol. 12, no. 4s, pp. 167–179, Nov. 2023. [Online]. Available at: https://www.ijisae.org/index.php/IJISAE/article/view/3761.
[24] O. Article, “Stacked Ensemble-IDS Using NSL-KDD Dataset,” J. Pharm. Negat. Results, vol. 13, no. SO3, pp. 351–356, Jan. 2022, doi: 10.47750/pnr.2022.13.S03.057.
[25] A. H. Ali et al., “Unveiling machine learning strategies and considerations in intrusion detection systems: a comprehensive survey,” Front. Comput. Sci., vol. 6, p. 1387354, Jun. 2024, doi: 10.3389/fcomp.2024.1387354.
[26] E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: Hybrid Deep-Learning-Based Network Intrusion Detection System,” Appl. Sci., vol. 13, no. 8, p. 4921, Apr. 2023, doi: 10.3390/app13084921.
[27] Y. Almutairi, B. Alhazmi, and A. Munshi, “Network Intrusion Detection Using Machine Learning Techniques,” Adv. Sci. Technol. Res. J., vol. 16, no. 3, pp. 193–206, Jul. 2022, doi: 10.12913/22998624/149934.
[28] G. Li, Z. Yan, Y. Fu, and H. Chen, “Data Fusion for Network Intrusion Detection: A Review,” Secur. Commun. Networks, vol. 2018, no. 1, pp. 1–16, Jan. 2018, doi: 10.1155/2018/8210614.
[29] B. M. Aslahi-Shahri et al., “A hybrid method consisting of GA and SVM for intrusion detection system,” Neural Comput. Appl., vol. 27, no. 6, pp. 1669–1676, Aug. 2016, doi: 10.1007/s00521-015-1964-2.
[30] H. H. Pajouh, G. Dastghaibyfard, and S. Hashemi, “Two-tier network anomaly detection model: a machine learning approach,” J. Intell. Inf. Syst., vol. 48, no. 1, pp. 61–74, Feb. 2017, doi: 10.1007/s10844-015-0388-x.
[31] M. Baykara and R. Das, “A novel honeypot based security approach for real-time intrusion detection and prevention systems,” J. Inf. Secur. Appl., vol. 41, pp. 103–116, Aug. 2018, doi: 10.1016/j.jisa.2018.06.004.
[32] E. De la Hoz, E. De La Hoz, A. Ortiz, J. Ortega, and B. Prieto, “PCA filtering and probabilistic SOM for network intrusion detection,” Neurocomputing, vol. 164, pp. 71–81, Sep. 2015, doi: 10.1016/j.neucom.2014.09.083.
[33] C. Ieracitano, A. Adeel, F. C. Morabito, and A. Hussain, “A novel statistical analysis and autoencoder driven intelligent intrusion detection approach,” Neurocomputing, vol. 387, pp. 51–62, 2020, doi: 10.1016/j.neucom.2019.11.016.
[34] P. Gogoi, D. K. Bhattacharyya, B. Borah, and J. K. Kalita, “MLH-IDS: A Multi-Level Hybrid Intrusion Detection Method,” Comput. J., vol. 57, no. 4, pp. 602–623, Apr. 2014, doi: 10.1093/comjnl/bxt044.
[35] M. S. Pervez and D. M. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs,” in The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014), Dec. 2014, pp. 1–6, doi: 10.1109/SKIMA.2014.7083539.
[36] T. D. Diwan, S. Choubey, and H. S. Hota, “A Detailed Analysis on NSL-KDD Dataset using various Machine Learning Techniques for Intrusion Detection,” Turkish J. Comput. Math. Educ., vol. 12, no. 11, pp. 2954–2968, 2021, [Online]. Available at: https://d1wqtxts1xzle7.cloudfront.net/96437866/a-detailed-analysis-on-nsl-kdd-dataset-using-various-machine-learning-techniques-for-intrusion-detection-libre.pdf?1672161868=&response-content-.
[37] N. A. Biswas, F. M. Shah, W. M. Tammi, and S. Chakraborty, “FP-ANK: An improvised intrusion detection system with hybridization of neural network and K-means clustering over feature selection by PCA,” in 2015 18th International Conference on Computer and Information Technology (ICCIT), Dec. 2015, pp. 317–322, doi: 10.1109/ICCITechn.2015.7488089.
[38] N. K. Kanakarajan and K. Muniasamy, “Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection,” in Advances in Intelligent Systems and Computing, vol. 404, Springer, New Delhi, 2016, pp. 539–547, doi: 10.1007/978-81-322-2695-6_45.
[39] C. Liu, Z. Gu, and J. Wang, “A Hybrid Intrusion Detection System Based on Scalable K-Means+ Random Forest and Deep Learning,” IEEE Access, vol. 9, pp. 75729–75740, 2021, doi: 10.1109/ACCESS.2021.3082147.
[40] H. Benaddi, K. Ibrahimi, And A. Benslimane, “Improving the Intrusion Detection System for NSL-KDD Dataset based on PCA-Fuzzy Clustering-KNN,” in 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), Oct. 2018, pp. 1–6, doi: 10.1109/WINCOM.2018.8629718.
[41] S.-J. Horng et al., “A novel intrusion detection system based on hierarchical clustering and support vector machines,” Expert Syst. Appl., vol. 38, no. 1, pp. 306–313, Jan. 2011, doi: 10.1016/j.eswa.2010.06.066.
[42] S. M. Kasongo, “A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework,” Comput. Commun., vol. 199, pp. 113–125, Feb. 2023, doi: 10.1016/j.comcom.2022.12.010.
[43] R. Ben Said, Z. Sabir, and I. Askerzade, “CNN-BiLSTM: A Hybrid Deep Learning Approach for Network Intrusion Detection System in Software-Defined Networking With Hybrid Feature Selection,” IEEE Access, vol. 11, pp. 138732–138747, 2023, doi: 10.1109/ACCESS.2023.3340142.
[44] V. Hnamte and J. Hussain, “DCNNBiLSTM: An Efficient Hybrid Deep Learning-Based Intrusion Detection System,” Telemat. Informatics Reports, vol. 10, p. 100053, Jun. 2023, doi: 10.1016/j.teler.2023.100053.
[45] M. Sajid et al., “Enhancing intrusion detection: a hybrid machine and deep learning approach,” J. Cloud Comput., vol. 13, no. 1, p. 123, Jul. 2024, doi: 10.1186/s13677-024-00685-x.
[46] Z. Li, C. Huang, and W. Qiu, “An intrusion detection method combining variational auto-encoder and generative adversarial networks,” Comput. Networks, vol. 253, p. 110724, Nov. 2024, doi: 10.1016/j.comnet.2024.110724.
[47] C. Rajathi and P. Rukmani, “Hybrid Learning Model for intrusion detection system: A combination of parametric and non-parametric classifiers,” Alexandria Eng. J., vol. 112, pp. 384–396, Jan. 2025, doi: 10.1016/j.aej.2024.10.101.
[48] C. Guo, Y. Ping, N. Liu, and S.-S. Luo, “A two-level hybrid approach for intrusion detection,” Neurocomputing, vol. 214, pp. 391–400, Nov. 2016, doi: 10.1016/j.neucom.2016.06.021.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
___________________________________________________________
International Journal of Advances in Intelligent Informatics
ISSN 2442-6571 (print) | 2548-3161 (online)
Organized by UAD and ASCEE Computer Society
Published by Universitas Ahmad Dahlan
W: http://ijain.org
E: info@ijain.org (paper handling issues)
andri.pranolo.id@ieee.org (publication issues)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0