A hybrid classification model in improving the classification quality of network intrusion detection systems

Thanh Hoàng Ngọc

doi:10.4108/eetcasa.6735

Authors

Thanh Hoàng Ngọc Saigon International University

DOI:

https://doi.org/10.4108/eetcasa.6735

Keywords:

Machine Learning, NIDS, Ensemble, Feature Selection, Resampling, UNSW-NB15

Abstract

Stream-based anomaly detection is an issue that continues to be researched in the cybersecurity environment. Much previous research has applied machine learning as a method to improve anomaly detection in network intrusion detection systems. Recent research shows that network intrusion detection systems still face challenges in improving accuracy, reducing false alarm rates, and detecting new attacks.

The article proposes a hybrid classification model that combines improved data preprocessing techniques with ensemble techniques. Experimental results on the UNSW-NB15 dataset show that the proposed solutions have helped improve the classification quality of network intrusion detection systems compared to some other research.

References

SM Othman, FM Ba-Alwi, NT Alsohybe and AY Al-Hashida, "Intrusion detection model using machine learning algorithm on Big Data environment," J Big Data, vol. 5, no. 34 https://doi.org/10.1186/s40537-018-0145-4, 2018.

A. Thakkar and R. Lohiya, "A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions," Artificial Intelligence Review, vol. 55, p. 453–563, 2022.

A. Khraisat, I. Gondal, P. Vamplew and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, vol. 2, no. 1, pp. 1-22, 2019.

Z. Liu, R. Wang, M. Tao and X. Cai, "A class-oriented feature selection approach for multi-class imbalanced network traffic datasets based on local and global metrics fusion," Neurocomputing, vol. 168, pp. 365-381, 2015.

HI Alsaadi, RM Almuttairi, O. Bayat and a. ON Ucani, "Computational intelligence algorithms to handle dimensionality reduction for enhancing intrusion detection system," J. Inf. Sci. Eng., vol. 36, no. 2, pp. 293-308, 2020.

O. Almomani, "A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms," Symmetry (Basel), vol. 12, no. 6, pp. 1-20, 2020.

MS Bonab, A. Ghaffari, FS Gharehchopogh and P. Alemi, "A wrapper-based feature selection for improving performance of intrusion detection systems," Int. J. Commun. Syst., vol. 33, no. 12, pp. 1-25, 2020.

Y. Zhu, J. Liang, J. Chen and Z. Ming, "An improved NSGA-III algorithm for feature selection used in intrusion detection," Knowledge-Based Systems, vol. 116, pp. 74-85, 2017.

N. Junsomboon, "Combining Over-Sampling and Under-Sampling Techniques for Imbalance Dataset," in Proceedings of the 9th International Conference on Machine Learning and Computing, 2017.

S. Bagui and K. Li, "Resampling imbalanced data for network intrusion detection datasets,"Journal of Big Data, vol. 8, no. 6, 2021.

H. Ahmed, A. Hameed and N. Bawany, "Network intrusion detection technique using oversampling and machine learning algorithms," PeerJ Computer Science 8:e820 DOI 10.7717/peerj-cs.820, 2022.

J. Leevy, T. Khoshgoftaar, R. Bauder and N. Seliya, "A survey on addressing high-class imbalance in big data," Journal of Big Data, vol. 5, no. 1, 2018.

NV Chawla, KW Bowyer, LO Hall and WP Kegelmeyer, "SMOTE: Synthetic Minority Over-sampling Technique," Journal of Artificial Intelligence Research, p. 321–357, 2002.

Y. Pristyanto, AF Nugraha, A. Dahlan, LA Wirasakti, AA Zein and I. Pratama, "Multiclass Imbalanced Handling using ADASYN Oversampling and Stacking Algorithm," 2022," in 2022 16th International Conference on Ubiquitous Information Management and Communication, doi: 10.1109/IMCOM53663.2022.9721632, 2022.

A. Pathak, "Analysis of Different SMOTE Based Algorithms on Imbalanced Datasets," International Research Journal of Engineering and Technology (IRJET), vol. 8, no. 8, pp. 4111-4114, 2021.

T. Elhassan, M. Aljurf, F. Al-Mohanna and M. Shoukri, "Classification of Imbalance Data using Tomek Link (T-Link) Combined with Random Under-Sampling (RUS) as a Data Reduction Method," Journal of Informatics and Data Mining, vol. 1, 2016.

D. Guan, W. Yuan, Y.-K. Lee and S. Lee, "Nearest neighbor editing aided by unlabeled data," Information Sciences, vol. 179, pp. 2273-2282, 2009.

G. Folino, C. Pizzuti and G. Spezzano, "An ensemble-based evolutionary framework for coping with distributed intrusion detection," Genetic Programming and Evolvable Machines, vol. 11, pp. 131-146, 2010.

M. Gudadhe, P. Prasad and K. Wankhade, "A new data mining based network intrusion detection model," in Computer and Communication Technology (ICCCT), International Conference on, IEEE, 2010.

I. Syarif, E. Zaluska, A. Prugel-Bennett and G. Wills, "Application of Bagging, Boosting and Stacking to Intrusion Detection," in International Workshop on Machine Learning and Data Mining in Pattern Recognition, 2012.

M. Govindarajan and R. Chandrasekaran, "Intrusion detection using an ensemble of classification methods," in World Congress on Engineering and Computer Science, 2012.

NF Haq, AR Onik and FM Shah, "An ensemble framework of anomaly detection using hybridized feature selection approach (HFSA)," in SAI Intelligent Systems Conference (IntelliSys), 2015.

BA Tama and KH Rhee, "A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems," Advances in Computer Science and Ubiquitous Computing, Springer, pp. 489-495, 2015.

HN Thanh, "The data preprocessing in improving the classification quality of network intrusion detection systems," EAI Endorsed Transactions on Context-aware Systems and Applications, vol. 9 (2023), pp. 1-14, 2023.

S. Rosaria, I. Adae, H. Aaron and B. Michael, Seven Techniques for Dimensionality Reduction, Zurich Switzerland: KNIME, 2014.

N. Moustafa and J. Slay, "UNSW-NB15: A comprehensive dataset for network intrusion detection systems," in Conference on Military Communications and Information Systems, 2015.

D. Papamartzivanos, FG Mármol and G. Kambourakis, "Dendron: Genetic trees driven rule induction for network intrusion detection systems," Future Generation Computer Systems, vol. 79, pp. 558-574, 2018.

J. Sharma, C. Giri, O.-C. Granmo and M. Goodwin, "Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation," EURASIP Journal on Information Security, vol. 2019, pp. 1-15, 2019.

S. Moualla, K. Khorzom and A. Jafar, "Improving the Performance of Machine Learning-Based Network Intrusion Detection Systems on the UNSW-NB15 Dataset," Computational Intelligence and Neuroscience, vol. 2021, pp. 1-13, 2021.

V. Kumar, D. Sinha, AK Das, SC Pandey and RT Goswami, "An integrated rule based intrusion detection system: analysis on UNSW-NB15 dataset and the real time online dataset," Cluster Computing, vol. 23, p. 1397–1418, 2019.