IJE TRANSACTIONS A: Basics Vol. 30, No. 10 (October 2017) 1494-1502    Article in Press

PDF URL: http://www.ije.ir/Vol30/No10/A/10-2585.pdf  
downloaded Downloaded: 186   viewed Viewed: 1840

J. Ghasemi and J. Esmaily
( Received: April 09, 2017 – Accepted in Revised Form: July 07, 2017 )

Abstract    Intrusion detection systems (IDS) by exploiting Machine learning techniques are able to diagnose attack traffics behaviors. Because of relatively large numbers of features in IDS standard benchmark dataset, like KDD CUP 99 and NSL_KDD, features selection methods play an important role. Optimization algorithms like Genetic algorithms (GA) are capable of finding near-optimum combination of the features intended for construction of the final model. This paper proposes an innovative method called chain method, for evaluation of the given test record. The main intuition of our method is to concentrate merely on one attack type at every stage. In the beginning, datasets with the proposed features by GA based on different labels will be assembled. Based on a specific sequence– which is found on different permutation of four existed labels- the test record will be entered the chain module. If the first stage –which is correlated to the input sequence-, is able to diagnose the first label, the final output has been indicated. If is not, the records will pass through the next stage until the final output be obtained. Simulations on proposed chain method, illustrate this technique is able to outperform other conventional methods especially in R2L and U2R detection with the accuracy of 98.83% and 98.88% respectively.


Keywords    Intrusion Detection Systems (IDS); Feature Selection; Genetic Algorithms (GA)


چکیده    سیستم های تشخیص نفوذ با بهره گیری از روش های یادگیری ماشین، قادر به شناسایی رفتار ترافیک های مشکوک به حمله هستند. به علت وجود تعداد نسبتا زیادی ویژگی در دیتاست های استاندارد این حوزه، مثل دیتاست های KDD و NSL، روش های استخراج ویژگی بسیار می‌توانند مفید بعمل آیند. روش های بهینه سازی ترکیبی مثل ژنتیک نیز قادر به یافتن یک راه حل نزدیک به بهینه در مورد ویژگی های مفید استخراجی هستند. این مقاله یک روش خلاقانه به نام "زنجیر" ارائه می‌دهد. تمرکز اصلی ما توجه به یک نوع حمله در هر مرحله است. در شروع کار، ویژگی های استخراجی توسط ژنتیک بدست می‌آیند. بر اساس دنباله ورودی – که از جایگشت ترتیب برچسب ها بدست می‌آید- یک نمونه از ترافیک وارد تابع زنجیر می‌گردد. در هر مرحله یک برچسب – بر اساس ترتیب وارده- شناسایی می‌شود. در صورت موفقیت در مرحله، نمونه به عنوان حمله شناخته شده و در غیر این صورت نمونه سالم تشخیص داده می‌شود. شبیه سازی انجام شده حاکی از برتری روش پیشنهادی نسبت به روش های سنتی است. روش پیشنهادی قادر به تشخیص حملات پیچیده R2L و U2R با دقت بترتیب 98.83% و 98.88% است.


1.      Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A.A., "A detailed analysis of the kdd cup 99 data set", in Computational Intelligence for Security and Defense Applications. CISDA. IEEE Symposium on, IEEE., (2009), 1-6.

2.      Jain, A.K., Duin, R.P.W. and Mao, J., "Statistical pattern recognition: A review", IEEE Transactions on Pattern Analysis and Machine Intelligence,  Vol. 22, No. 1, (2000), 4-37.

3.      Trunk, G.V., "A problem of dimensionality: A simple example", IEEE Transactions on Pattern Analysis and Machine Intelligence,  Vol., No. 3, (1979), 306-307.

4.      Erfani, S.M., Rajasegarar, S., Karunasekera, S. and Leckie, C., "High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning", Pattern Recognition,  Vol. 58, (2016), 121-134.

5.      Wang, W., Guyet, T., Quiniou, R., Cordier, M.-O., Masseglia, F. and Zhang, X., "Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks", Knowledge-Based Systems,  Vol. 70, (2014), 103-117.

6.      Kuang, F., Xu, W. and Zhang, S., "A novel hybrid kpca and svm with ga model for intrusion detection", Applied Soft Computing,  Vol. 18, (2014), 178-184.

7.      de la Hoz, E., Ortiz, A., Ortega, J. and de la Hoz, E., "Network anomaly classification by support vector classifiers ensemble and non-linear projection techniques", in International Conference on Hybrid Artificial Intelligence Systems, Springer., (2013), 103-111.

8.      Lakhina, S., Joseph, S. and Verma, B., "Feature reduction using principal component analysis for effective anomaly–based intrusion detection on nsl-kdd",  (2010).

9.      Sindhu, S.S.S., Geetha, S. and Kannan, A., "Decision tree based light weight intrusion detection using a wrapper approach", Expert Systems with Applications,  Vol. 39, No. 1, (2012), 129-141.

10.    Kim, G., Lee, S. and Kim, S., "A novel hybrid intrusion detection method integrating anomaly detection with misuse detection", Expert Systems with Applications,  Vol. 41, No. 4, (2014), 1690-1700.

11.    Saied, A., Overill, R.E. and Radzik, T., "Detection of known and unknown ddos attacks using artificial neural networks", Neurocomputing,  Vol. 172, (2016), 385-393.

12.    Wang, G., Hao, J., Ma, J. and Huang, L., "A new approach to intrusion detection using artificial neural networks and fuzzy clustering", Expert Systems with Applications,  Vol. 37, No. 9, (2010), 6225-6232.

13.    Meng, W., Li, W. and Kwok, L.-F., "Efm: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism", Computers & Security,  Vol. 43, (2014), 189-204.

14.    Lin, W.-C., Ke, S.-W. and Tsai, C.-F., "Cann: An intrusion detection system based on combining cluster centers and nearest neighbors", Knowledge-Based Systems,  Vol. 78, (2015), 13-21.

15.    Bukhtoyarov, V. and Zhukov, V., "Ensemble-distributed approach in classification problem solution for intrusion detection systems", in International Conference on Intelligent Data Engineering and Automated Learning, Springer., (2014), 255-265.

16.    Catania, C.A., Bromberg, F. and Garino, C.G., "An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection", Expert Systems with Applications,  Vol. 39, No. 2, (2012), 1822-1829.

17.    Li, W., "Using genetic algorithm for network intrusion detection", Proceedings of the United States Department of Energy Cyber Security Group,  Vol. 1, (2004), 1-8.

18.    Fidelis, M.V., Lopes, H.S. and Freitas, A.A., "Discovering comprehensible classification rules with a genetic algorithm", in Evolutionary Computation. Proceedings of the 2000 Congress on, IEEE. Vol. 1, (2000), 805-810.

19.    De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J. and Prieto, B., "Pca filtering and probabilistic som for network intrusion detection", Neurocomputing,  Vol. 164, (2015), 71-81.

20.    De la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J. and Martínez-Álvarez, A., "Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps", Knowledge-Based Systems,  Vol. 71, (2014), 322-338.

21.    Shafi, K. and Abbass, H.A., "An adaptive genetic-based signature learning system for intrusion detection", Expert Systems with Applications,  Vol. 36, No. 10, (2009), 12036-12043.

22.    Tsang, C.-H., Kwong, S. and Wang, H., "Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection", Pattern Recognition,  Vol. 40, No. 9, (2007), 2373-2391.

23.    Eesa, A.S., Orman, Z. and Brifcani, A.M.A., "A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems", Expert Systems with Applications,  Vol. 42, No. 5, (2015), 2670-2679.

24.    Fossaceca, J.M., Mazzuchi, T.A. and Sarkani, S., "Mark-elm: Application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection", Expert Systems with Applications,  Vol. 42, No. 8, (2015), 4062-4080.

25.    Bamakan, S.M.H., Wang, H., Yingjie, T. and Shi, Y., "An effective intrusion detection framework based on mclp/svm optimized by time-varying chaos particle swarm optimization", Neurocomputing,  Vol. 199, (2016), 90-102.

26.    Bhuyan, M.H., Bhattacharyya, D. and Kalita, J.K., "A multi-step outlier-based anomaly detection approach to network-wide traffic", Information Sciences,  Vol. 348, (2016), 243-271.

27.    Amiri, F., Yousefi, M.R., Lucas, C., Shakery, A. and Yazdani, N., "Mutual information-based feature selection for intrusion detection systems", Journal of Network and Computer Applications,  Vol. 34, No. 4, (2011), 1184-1199.

28.    Sangkatsanee, P., Wattanapongsakorn, N. and Charnsripinyo, C., "Practical real-time intrusion detection using machine learning approaches", Computer Communications,  Vol. 34, No. 18, (2011), 2227-2235.

29.             Pereira, C.R., Nakamura, R.Y., Costa, K.A. and Papa, J.P., "An optimum-path forest framework for intrusion detection in computer networks", Engineering Applications of Artificial Intelligence,  Vol. 25, No. 6, (2012), 1226-1234.

Download PDF 

International Journal of Engineering
E-mail: office@ije.ir
Web Site: http://www.ije.ir