بهبود دقت سامانه تشخیص نفوذ به کمک کاهش‌ویژگی بر اساس مجموعه فازی ناهموار و ترکیب طبقه‌بندها

نوع مقاله : مقاله پژوهشی فارسی

نویسندگان

1 دانشکده مهندسی کامپیوتر و فناوری اطلاعات، دانشگاه صنعتی سجاد، مشهد، ایران.

2 دانشگاه صنعتی سجاد

چکیده

در دنیای امروز، محافظت از داده‌ها در مقابل نفوذ از طریق اینترنت یا شبکه‌، امری ضروری است و ابزارهای مختلفی در این زمینه ارائه ‌شده‌است. سامانه تشخیص نفوذ با بررسی ترافیک شبکه وظیفه شناسایی و تشخیص هرگونه استفاده غیر‌مجاز از داده‌ها را دارد. در این سامانه‌ها از روش‌های متعددی به ویژه الگوریتم‌های یادگیری ماشین بهره‌گیری می‌شود و رویکردهای مختلفی ازجمله کاهش هشدارهای غلط، کاهش ابعاد، کاهش نمونه‌ها، روش‌های ترکیبی، به‌سازی دادگان‌ آموزشی و آزمون، به‌کارگیری روش‌های چند سطحی و غیره به‌منظور بهبود این الگوریتم‌ها در فرآیند تشخیص نفوذ ارائه‌شده است. برخی از روش‌های ترکیبی ارائه‌شده توسط محققان کلیه جنبه‌های حمله را موردنظر قرار نمی‌دهد. بعضی از آن ها نیز از معیار صحت استفاده می کنند که این معیار در داده‌های حجیم و نامتوازن باعث ضعف در تشخیص حمله‌های با تعداد نمونه‌های بسیار کم می‌گردد. یکی از چالش‌ها در تشخیص نفوذ، دقت پایین طبقه‌بندها در شناسایی نوع حملات شبکه است. هدف از این تحقیق، پیشنهاد یک سامانه برای بهبود دقت در تشخیص نفوذ با استفاده از نظریه مجموعه فازی ناهموار و ترکیب وزن‌دار طبقه‌بندها است. درروش پیشنهادی ما، پس از کاهش ویژگی‌ها توسط نظریه مجموعه فازی ناهموار، از ترکیب طبقه‌بندها برای بهبود دقت در تشخیص حملات استفاده‌ شده است. دقت روش پیشنهادی در شناسایی رفتار حمله به طور میانگین به 93/98 رسید و همچنین به طور میانگین میزان شناسایی رفتارعادی 14/98، حمله‌های منع سرویس 85/96 و حمله‌های پویش 20/93 حمله‌های دسترسی از راه دور 31/91 و حمله‌های کاربر به ریشه 100 به دست آمد. نتایج حاصل از انجام آزمایش‌ها نشان دهنده برتری روش پیشنهادی نسبت به‌ سایر روش‌های موجود است.

کلیدواژه‌ها


[1]               E. Alpaydin, Introduction to machine learning: MIT press, 2009.
[2]               B. A. Tama and K.-H. Rhee, "Performance evaluation of intrusion detection system using classifier ensembles," International Journal of Internet Protocol Technology, vol. 10, pp. 22-29, 2017.
[3]               M. AMINI, N. J. REZAEE, and E. HADAVANDI, "Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method," Journal of Computing and Security, vol. 1, pp. 293-305, 2014.
[4]               S. Dhaliwal, A.-A. Nahid, and R. Abbas, "Effective intrusion detection system using XGBoost," Information, vol. 9, p. 149, 2018.
[5]               X. Gao, C. Shan, C. Hu, Z. Niu, and Z. Liu, "An Adaptive Ensemble Machine Learning Model for Intrusion Detection," IEEE Access, vol. 7, pp. 82512-82521, 2019.
[6]               N. N. Mkuzangwe and F. Nelwamondo, "Ensemble of classifiers based network intrusion detection system performance bound," in Systems and Informatics (ICSAI), 2017 4th International Conference on, 2017, pp. 970-974.
[7]               A. H. Mirza, "Computer network intrusion detection using various classifiers and ensemble learning," in 2018 26th Signal Processing and Communications Applications Conference (SIU), 2018, pp. 1-4.
[8]               W. Alhakami, A. ALharbi, S. Bourouis, R. Alroobaea, and N. Bouguila, "Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature Selection," IEEE Access, vol. 7, pp. 52181-52190, 2019.
[9]               J. Ryan, M.-J. Lin, and R. Miikkulainen, "Intrusion detection with neural networks," Advances in neural information processing systems, pp. 943-949, 1998.
[10]             C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A survey of intrusion detection techniques in cloud," Journal of Network and Computer Applications, vol. 36, pp. 42-57, 2013.
[11]             O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, "An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks," Expert systems with Applications, vol. 29, pp. 713-722, 2005.
[12]             D. M. Farid, L. Zhang, A. Hossain, C. M. Rahman, R. Strachan, G. Sexton, et al., "An adaptive ensemble classifier for mining concept drifting data streams," Expert Systems with Applications, vol. 40, pp. 5895-5906, 2013.
[13]             M. Saidi, M. E. A. Bechar, N. Settouti, and M. A. Chikh, "Instances selection algorithm by ensemble margin," Journal of Experimental & Theoretical Artificial Intelligence, pp. 1-22, 2017.
[14]             H.-s. Chae, B.-o. Jo, S.-H. Choi, and T. Park, "Feature Selection for Intrusion Detection using NSL-KDD," Recent Advances in Computer Science, ISBN, pp. 978-960, 2015.
[15]             L. Dhanabal and D. S. Shantharajah, "A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms," International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, pp. 446-452, 2015.
[16]             S. Duque and M. N. bin Omar, "Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS)," Procedia Computer Science, vol. 61, pp. 46-51, 2015.
[17]             J. Jabez and B. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," Procedia Computer Science, vol. 48, pp. 338-346, 2015.
[18]             R. Singh, H. Kumar, and R. Singla, "An intrusion detection system using network traffic profiling and online sequential extreme learning machine," Expert Systems with Applications, vol. 42, pp. 8609-8624, 2015.
[19]             D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, "A survey of distance and similarity measures used within network intrusion anomaly detection," IEEE Communications Surveys & Tutorials, vol. 17, pp. 70-91, 2015.
[20]             X. Jia, L. Shang, B. Zhou, and Y. Yao, "Generalized attribute reduct in rough set theory," Knowledge-Based Systems, vol. 91, pp. 204-218, 2016.
[21]             Y. Xiao, C. Xing, T. Zhang, and Z. Zhao, "An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks," IEEE Access, vol. 7, pp. 42210-42219, 2019.
[22]             C. Guo, Y. Ping, N. Liu, and S.-S. Luo, "A two-level hybrid approach for intrusion detection," Neurocomputing, vol. 214, pp. 391-400, 2016.
[23]             S.-Y. Ji, B.-K. Jeong, S. Choi, and D. H. Jeong, "A multi-level intrusion detection method for abnormal network behaviors," Journal of Network and Computer Applications, vol. 62, pp. 9-17, 2016.
[24]             C.-C. Huang, T.-L. B. Tseng, and C.-Y. Tang, "Feature extraction using rough set theory in service sector application from incremental perspective," Computers & Industrial Engineering, vol. 91, pp. 30-41, 2016.
[25]             W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Systems with Applications, vol. 67, pp. 296-303, 2017.
[26]             M. Rajasekaran and A. Ayyasamy, "A Novel Ensemble Approach for Effective Intrusion Detection System," in Recent Trends and Challenges in Computational Models (ICRTCCM), 2017 Second International Conference on, 2017, pp. 244-250.
[27]             Y. Shen, K. Zheng, C. Wu, M. Zhang, X. Niu, and Y. Yang, "An Ensemble Method based on Selection Using Bat Algorithm for Intrusion Detection," The Computer Journal, vol. 61, pp. 526-538, 2017.
[28]             V. Timčenko and S. Gajin, "Ensemble classifiers for supervised anomaly based network intrusion detection," in Intelligent Computer Communication and Processing (ICCP), 2017 13th IEEE International Conference on, 2017, pp. 13-19.
[29]             G. Chandrashekar and F. Sahin, "A survey on feature selection methods," Computers & Electrical Engineering, vol. 40, pp. 16-28, 2014.
[30]             V. H. Moghaddam and J. Hamidzadeh, "New Hermite orthogonal polynomial kernel and combined kernels in Support Vector Machine classifier," Pattern Recognition, vol. 60, pp. 921-935, 2016.
[31]             Z. Pawlak, "Rough sets," International Journal of Parallel Programming, vol. 11, pp. 341-356, 1982.
[32]             W.-Z. Wu, J.-S. Mi, and W.-X. Zhang, "Generalized fuzzy rough sets," Information sciences, vol. 151, pp. 263-282, 2003.
[33]             F. Fazayeli, L. Wang, and J. Mandziuk, "Feature selection based on the rough set theory and expectation-maximization clustering algorithm," in International Conference on Rough Sets and Current Trends in Computing, 2008, pp. 272-282.
[34]             S. Muthurajkumar, K. Kulothungan, M. Vijayalakshmi, N. Jaisankar, and A. Kannan, "A rough set based feature selection algorithm for effective intrusion detection in cloud model," in Proceedings of the international conference on advances in communication, network, and computing, 2013, pp. 8-13.
[35]             L. I. Kuncheva, Combining pattern classifiers: methods and algorithms: John Wiley & Sons, 2004.
[36]             J. McHugh, "Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory," ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 262-294, 2000.
[37]             S. Revathi and A. Malathi, "Network Intrusion Detection Based On Fuzzy Logic," International Journal of Computer Application, vol. 1, pp. 143-149, 2014.
[38]             "NSL-KDD Dataset," U. O. N. Brunswick, Ed., ed.
[39]             S. B. Kotsiantis, "Bagging and boosting variants for handling classifications problems: a survey," The Knowledge Engineering Review, vol. 29, pp. 78-100, 2014.