Impact of Features Reduction on Machine Learning Based Intrusion Detection Systems

Masooma Fatima; Osama Rehman; Ibrahim M. H. Rahman

doi:10.4108/eetsis.vi.447

Authors

Masooma Fatima Systems Ltd, Karachi, Pakistan
Osama Rehman Bahria University
Ibrahim M. H. Rahman Open Polytechnic

DOI:

https://doi.org/10.4108/eetsis.vi.447

Keywords:

DDoS attacks, Random Forest, Naïve Bayes, SVM, WEKA, IDS

Abstract

INTRODUCTION: As the use of the internet is increasing rapidly, cyber-attacks over user’s personal data and network resources are on the rise. Due to the easily accessible cyber-attack tools, attacks on cyber resources are becoming common including Distributed Denial-of-Service (DDoS) attacks. Intruders are using enhanced techniques for executing DDoS attacks.

OBJECTIVES: Machine Learning (ML) based classification modules integrated with Intrusion Detection System (IDS) has the potential to detect cyber-attacks. This research aims to study the performance of several machine learning algorithms, namely Naïve Bayes, Decision Tree, Random Forest, and Support Vector Machine in classifying DDoS attacks from normal traffic.

METHODS: The paper focuses on DDoS attacks identification for which multiclass dataset is being used including Smurf, SIDDoS, HTTP-Flood and UDP-Flood. balanced datasets are used for both training and testing purposes in order to obtain biased free results. four experimental scenarios are conducted in which each experiment contains a different set of reduced features.

RESULTS: Result of each experiment is computed individually and the best algorithm among the four is highlighted by mean of its accuracy, detection rates and processing time required to build and test the classifiers.

CONCLUSION: Based on all experimental results, it is found that Decision Tree algorithm has shown promising cumulative performances in terms of the metrics investigated.

References

M. Alkasassbeh, G. Al-Naymat, A. Hassanat, and M. Almseidin, "Detecting distributed denial of service attacks using data mining techniques," International Journal of Advanced Computer Science and Applications, vol. 7, pp. 436-445, 2016.

R. M. George and J. A. Mathew, "Emotion classification using machine learning and data preprocessing approach on Tulu speech data," Int. J. Comput. Sci. Mobile Comput., vol. 5, pp. 589-600, 2016.

B. P. Salmon, W. Kleynhans, C. P. Schwegmann, and J. C. Olivier, "Proper comparison among methods using a confusion matrix," in 2015 IEEE International Geoscience and Remote Sensing Symposium (IGARSS), 2015, pp. 3057-3060.

M. A. Teixeira, T. Salman, M. Zolanvari, R. Jain, N. Meskin, and M. Samaka, "SCADA system testbed for cybersecurity research using machine learning approach," Future Internet, vol. 10, p. 76, 2018.

A. Kumra, W. Jeberson, and K. Jeberson, "Intrusion Detection System Based on Data Mining Techniques," Oriental Journal of Computer Science and Technology, vol. 10, pp. 491-496, 2017.

D. K. Denatious and A. John, "Survey on data mining techniques to enhance intrusion detection," in 2012 International Conference on Computer Communication and Informatics, 2012, pp. 1-5.

J. Han, J. Pei, and M. Kamber, Data mining: concepts and techniques: Elsevier, 2011.

S. Dua and X. Du, Data mining and machine learning in cybersecurity: CRC press, 2016.

G. L. Agrawal and H. Gupta, "Optimization of C4. 5 decision tree algorithm for data mining application," International Journal of Emerging Technology and Advanced Engineering, vol. 3, pp. 341-345, 2013.

J. Patel and K. Panchal, "Effective intrusion detection system using data mining technique," Journal of Emerging Technologies and Innovative Research, vol. 2, pp. 1869-1878, 2015.

M. Stampar and K. Fertalj, "Artificial intelligence in network intrusion detection," in 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015, pp. 1318-1323.

G. S. Sajja, M. Mustafa, R. Ponnusamy, and S. Abdufattokhov, "Machine Learning Algorithms in Intrusion Detection and Classification," Annals of the Romanian Society for Cell Biology, vol. 25, pp. 12211-12219, 2021.

A. Agarwal, P. Sharma, M. Alshehri, A. A. Mohamed, and O. Alfarraj, "Classification model for accuracy and intrusion detection using machine learning approach," PeerJ Computer Science, vol. 7, p. e437, 2021.

I. F. Kilincer, F. Ertam, and A. Sengur, "Machine learning methods for cyber security intrusion detection: Datasets and comparative study," Computer Networks, vol. 188, p. 107840, 2021.

R. Samrin and D. Vasumathi, "Review on anomaly based network intrusion detection system," in 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), 2017, pp. 141-147.

A. Dey, J. Singh, and N. Singh, "Analysis of supervised machine learning algorithms for heart disease prediction with reduced number of attributes using principal component analysis," International Journal of Computer Applications, vol. 140, pp. 27-31, 2016.

H. Kong, C. Jong, and U. Ryang, "Rare association rule mining for network intrusion detection," arXiv preprint arXiv:1610.04306, 2016.

N. Ashraf, W. Ahmad, and R. Ashraf, "A comparative study of data mining algorithms for high detection rate in intrusion detection system," Annals of Emerging Technologies in Computing (AETiC), Print ISSN, pp. 2516-0281, 2018.

G. Nadiammai and M. Hemalatha, "Research Article Handling Intrusion Detection System using Snort Based Statistical Algorithm and Semi-supervised Approach," Research Journal of Applied Sciences, Engineering and Technology, vol. 6, pp. 2914-2922, 2013.

N. D Harale and D. B. Meshram, "Data mining techniques for network intrusion detection and prevention systems," International Journal of Innovative Research in Computer Science & Technology (IJIRCST) ISSN, pp. 2347-5552, 2016.

V. Jyothsna, R. Prasad, and K. M. Prasad, "A review of anomaly based intrusion detection systems," International Journal of Computer Applications, vol. 28, pp. 26-35, 2011.

K. K. Tiwari, S. Tiwari, and S. Yadav, "Intrusion detection using data mining techniques," International Journal of Advanced Computer Technology, vol. 2, pp. 21-25, 2013.

A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications surveys & tutorials, vol. 18, pp. 1153-1176, 2015.

H. Tianfield, "Data mining based cyber-attack detection," System simulation technology, vol. 13, 2017.

J. Jabez and B. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," Procedia Computer Science, vol. 48, pp. 338-346, 2015.

J. Ali, R. Khan, N. Ahmad, and I. Maqsood, "Random forests and decision trees," International Journal of Computer Science Issues (IJCSI), vol. 9, p. 272, 2012.

D. M. Farid, N. Harbi, and M. Z. Rahman, "Combining naive bayes and decision tree for adaptive intrusion detection," arXiv preprint arXiv:1005.4496, 2010.

H. E. Ibrahim, S. M. Badr, and M. A. Shaheen, "Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems," arXiv preprint arXiv:1210.7650, 2012.

G. MeeraGandhi, "Machine learning approach for attack prediction and classification using supervised learning algorithms," Int. J. Comput. Sci. Commun, vol. 1, pp. 247-250, 2010.

Y. K. Jain, "Upendra,“An Efficient Intrusion Detection based on Decision Tree Classifier Using Feature Reduction,”" International Journal of Scientific and Research Publication, vol. 2, pp. 1-6, 2012.

S. Agrawal and G. Jain, "A review on intrusion detection system based data mining techniques," Int. Res. J. Eng. Technol (IRJET), vol. 4, pp. 402-407, 2017.

J. K. Chahal and A. Kaur, "Use of data mining techniques in intrusion detection–a survey," Imperial Journal of Interdisciplinary Research, vol. 2, pp. 452-6, 2016.

K. Kaliyamurthie, D. Parameswari, and R. Suresh, "Intrusion Detection System using Memtic Algorithm Supporting with Genetic and Decision Tree Algorithms," IJCSI International Journal of Computer Science Issues, vol. 9, 2012.

P. Gupta, S. Tandan, and R. Miri, "Decision Tree Applied For Detecting Intrusion," International Journal of Engineering Research & Technology (IJERT) Vol, vol. 2, pp. 2278-0181, 2013.

R. ur Rasool, H. Wang, U. Ashraf, K. Ahmed, Z. Anwar, and W. Rafique, "A survey of link flooding attacks in software defined network ecosystems," Journal of Network and Computer Applications, vol. 172, p. 102803, 2020.

R. U. Rasool, K. Ahmed, Z. Anwar, H. Wang, U. Ashraf, and W. Rafique, "CyberPulse++: A machine learning‐based security framework for detecting link flooding attacks in software defined networks," International Journal of Intelligent Systems, vol. 36, pp. 3852-3879, 2021.

F. Zhang, Y. Wang, S. Liu, and H. Wang, "Decision-based evasion attacks on tree ensemble classifiers," World Wide Web, vol. 23, pp. 2957-2977, 2020.

J. Yin, M. Tang, J. Cao, and H. Wang, "Apply transfer learning to cybersecurity: Predicting exploitability of vulnerabilities by description," Knowledge-Based Systems, vol. 210, p. 106529, 2020.

B. Ingre, A. Yadav, and A. K. Soni, "Decision tree based intrusion detection system for NSL-KDD dataset," in International conference on information and communication technology for intelligent systems, 2017, pp. 207-218.

L. Dhanabal and S. Shantharajah, "A study on NSL-KDD dataset for intrusion detection system based on classification algorithms," International journal of advanced research in computer and communication engineering, vol. 4, pp. 446-452, 2015.

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in 2009 IEEE symposium on computational intelligence for security and defense applications, 2009, pp. 1-6.

S. T. Brugger and J. Chow, "An assessment of the DARPA IDS Evaluation Dataset using Snort," UCDAVIS department of Computer Science, vol. 1, p. 22, 2007.

W. J. Abhinav Kumra, and Klinsega Jeberson, "Intrusion Detection System Based on Data Mining Techniques" Orient.J. Comp. Sci. and Tech, vol. vol. vol. 10, 2017.