Precision Improvement of Intrusion Detection System using feature reduction based on Fuzzy Rough Set and Ensemble Classifiers

Document Type : Persian Original Article

Authors

1 Faculty of Computer Engineering and Information Technology, Sadjad University of Technology, Mashhad, Iran.

2 Computer Engineering, Faculty of Computer Engineering and Information Technology, Sadjad University of Technology, Mashhad, Iran

Abstract

In today's world, protecting data against intrusion through the Internet or network is necessary, and various tools have been proposed in this field. Intrusion Detection System has the task of identifying and detecting any unauthorized use of data by investigating network traffic. In these systems, many different methods, especially machine learning algorithms, is used. Various approaches have been proposed to improve these algorithms in the intrusion detection process. Some of these approaches include reducing false alarms, reducing dimensionality, reducing samples, ensemble methods, improving training and test dataset, applying multilevel methods, etc. Some of the ensemble methods proposed by researchers do not consider all aspects of the attack. Some other methods use accuracy metric, which in large and unbalanced data, this criterion makes the detection of low-number attacks difficult. One of the challenges in intrusion detection is the low precision of classifiers in identifying the type of network attacks. The purpose of this paper is to propose an intrusion detection system to improve the precision by using fuzzy rough set theory and weighted classifiers ensemble. In our proposed method, after reducing the features by the fuzzy rough set theory, the classifiers ensemble is used to improve the precision of attack detection. The precision of the proposed method in detecting intrusion behavior assaults was 98.93 on average. Also, on average, the detection rate of DoS, probe, R2L, U2R attacks and normal behavior was 96.85, 93.20, 91.31, 100% and 98.14 respectively. The results of the experiments show that the proposed method has more precision than other methods.

Keywords


[1]               E. Alpaydin, Introduction to machine learning: MIT press, 2009.
[2]               B. A. Tama and K.-H. Rhee, "Performance evaluation of intrusion detection system using classifier ensembles," International Journal of Internet Protocol Technology, vol. 10, pp. 22-29, 2017.
[3]               M. AMINI, N. J. REZAEE, and E. HADAVANDI, "Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method," Journal of Computing and Security, vol. 1, pp. 293-305, 2014.
[4]               S. Dhaliwal, A.-A. Nahid, and R. Abbas, "Effective intrusion detection system using XGBoost," Information, vol. 9, p. 149, 2018.
[5]               X. Gao, C. Shan, C. Hu, Z. Niu, and Z. Liu, "An Adaptive Ensemble Machine Learning Model for Intrusion Detection," IEEE Access, vol. 7, pp. 82512-82521, 2019.
[6]               N. N. Mkuzangwe and F. Nelwamondo, "Ensemble of classifiers based network intrusion detection system performance bound," in Systems and Informatics (ICSAI), 2017 4th International Conference on, 2017, pp. 970-974.
[7]               A. H. Mirza, "Computer network intrusion detection using various classifiers and ensemble learning," in 2018 26th Signal Processing and Communications Applications Conference (SIU), 2018, pp. 1-4.
[8]               W. Alhakami, A. ALharbi, S. Bourouis, R. Alroobaea, and N. Bouguila, "Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection," IEEE Access, vol. 7, pp. 52181-52190, 2019.
[9]               J. Ryan, M.-J. Lin, and R. Miikkulainen, "Intrusion detection with neural networks," Advances in neural information processing systems, pp. 943-949, 1998.
[10]             C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A survey of intrusion detection techniques in cloud," Journal of Network and Computer Applications, vol. 36, pp. 42-57, 2013.
[11]             O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, "An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks," Expert systems with Applications, vol. 29, pp. 713-722, 2005.
[12]             D. M. Farid, L. Zhang, A. Hossain, C. M. Rahman, R. Strachan, G. Sexton, et al., "An adaptive ensemble classifier for mining concept drifting data streams," Expert Systems with Applications, vol. 40, pp. 5895-5906, 2013.
[13]             M. Saidi, M. E. A. Bechar, N. Settouti, and M. A. Chikh, "Instances selection algorithm by ensemble margin," Journal of Experimental & Theoretical Artificial Intelligence, pp. 1-22, 2017.
[14]             H.-s. Chae, B.-o. Jo, S.-H. Choi, and T. Park, "Feature Selection for Intrusion Detection using NSL-KDD," Recent Advances in Computer Science, ISBN, pp. 978-960, 2015.
[15]             L. Dhanabal and D. S. Shantharajah, "A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, pp. 446-452, 2015.
[16]             S. Duque and M. N. bin Omar, "Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS)," Procedia Computer Science, vol. 61, pp. 46-51, 2015.
[17]             J. Jabez and B. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," Procedia Computer Science, vol. 48, pp. 338-346, 2015.
[18]             R. Singh, H. Kumar, and R. Singla, "An intrusion detection system using network traffic profiling and online sequential extreme learning machine," Expert Systems with Applications, vol. 42, pp. 8609-8624, 2015.
[19]             D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, "A survey of distance and similarity measures used within network intrusion anomaly detection," IEEE Communications Surveys & Tutorials, vol. 17, pp. 70-91, 2015.
[20]             X. Jia, L. Shang, B. Zhou, and Y. Yao, "Generalized attribute reduct in rough set theory," Knowledge-Based Systems, vol. 91, pp. 204-218, 2016.
[21]             Y. Xiao, C. Xing, T. Zhang, and Z. Zhao, "An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks," IEEE Access, vol. 7, pp. 42210-42219, 2019.
[22]             C. Guo, Y. Ping, N. Liu, and S.-S. Luo, "A two-level hybrid approach for intrusion detection," Neurocomputing, vol. 214, pp. 391-400, 2016.
[23]             S.-Y. Ji, B.-K. Jeong, S. Choi, and D. H. Jeong, "A multi-level intrusion detection method for abnormal network behaviors," Journal of Network and Computer Applications, vol. 62, pp. 9-17, 2016.
[24]             C.-C. Huang, T.-L. B. Tseng, and C.-Y. Tang, "Feature extraction using rough set theory in service sector application from incremental perspective," Computers & Industrial Engineering, vol. 91, pp. 30-41, 2016.
[25]             W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Systems with Applications, vol. 67, pp. 296-303, 2017.
[26]             M. Rajasekaran and A. Ayyasamy, "A Novel Ensemble Approach for Effective Intrusion Detection System," in Recent Trends and Challenges in Computational Models (ICRTCCM), 2017 Second International Conference on, 2017, pp. 244-250.
[27]             Y. Shen, K. Zheng, C. Wu, M. Zhang, X. Niu, and Y. Yang, "An Ensemble Method based on Selection Using Bat Algorithm for Intrusion Detection," The Computer Journal, vol. 61, pp. 526-538, 2017.
[28]             V. Timčenko and S. Gajin, "Ensemble classifiers for supervised anomaly based network intrusion detection," in Intelligent Computer Communication and Processing (ICCP), 2017 13th IEEE International Conference on, 2017, pp. 13-19.
[29]             G. Chandrashekar and F. Sahin, "A survey on feature selection methods," Computers & Electrical Engineering, vol. 40, pp. 16-28, 2014.
[30]             V. H. Moghaddam and J. Hamidzadeh, "New Hermite orthogonal polynomial kernel and combined kernels in Support Vector Machine classifier," Pattern Recognition, vol. 60, pp. 921-935, 2016.
[31]             Z. Pawlak, "Rough sets," International Journal of Parallel Programming, vol. 11, pp. 341-356, 1982.
[32]             W.-Z. Wu, J.-S. Mi, and W.-X. Zhang, "Generalized fuzzy rough sets," Information sciences, vol. 151, pp. 263-282, 2003.
[33]             F. Fazayeli, L. Wang, and J. Mandziuk, "Feature selection based on the rough set theory and expectation-maximization clustering algorithm," in International Conference on Rough Sets and Current Trends in Computing, 2008, pp. 272-282.
[34]             S. Muthurajkumar, K. Kulothungan, M. Vijayalakshmi, N. Jaisankar, and A. Kannan, "A rough set based feature selection algorithm for effective intrusion detection in cloud model," in Proceedings of the international conference on advances in communication, network, and computing, 2013, pp. 8-13.
[35]             L. I. Kuncheva, Combining pattern classifiers: methods and algorithms: John Wiley & Sons, 2004.
[36]             J. McHugh, "Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory," ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 262-294, 2000.
[37]             S. Revathi and A. Malathi, "Network Intrusion Detection Based On Fuzzy Logic," International Journal of Computer Application, vol. 1, pp. 143-149, 2014.
[38]             "NSL-KDD Dataset," U. O. N. Brunswick, Ed., ed.
[39]             S. B. Kotsiantis, "Bagging and boosting variants for handling classifications problems: a survey," The Knowledge Engineering Review, vol. 29, pp. 78-100, 2014.