تکنیک تشخیص نفوذ اکتشافی مبتنی بر رگرسیون غیرخطی و تابع سیگموئید

نوع مقاله : مقاله پژوهشی انگلیسی

نویسندگان

1 مدیر گروه فناوری اطلاعات / دانشگاه خواجه نصیرالدین طوسی دانشکده مهندسی صنایع

2 فناوری اطلاعات، دانشگاه خواجه نصیرالدین طوسی، تهران، ایران

چکیده

گسترش فن آوری های اینترنتی طی دهه های گذشته به وابستگی فعالیت های کاربران در فضای مجازی به خدمات ارائه شده توسط شبکه های رایانه ای منجر شده است. در این فضا سیستمی به نام سیستم تشخیص نفوذ(IDS) وجود دارد که ترافیک شبکه را برای تشخیص رفتارهای غیرطبیعی و همچنین فعالیتهای ناهنجاری کنترل می کند. استحکام و کارآیی زمان IDS به عنوان یک مسئله اساسی در شبکه ها در نظر گرفته می شود. در این مقاله ، مدل جدیدی مبتنی بر الگوریتم های فرا اکتشافی برای شناسایی بسته های غیر طبیعی به کار گرفته شده است. به منظور توسعه استراتژی با کارایی بالا از موارد ذیل استفاده شده است:  یک مجموعه داده مرجع (NSL-KDD) ، روش انتخاب ویژگی با دقت بالا و چهار الگوریتم فرا اکتشافی. این مجموعه داده شامل 150490 بسته نرمال و غیر طبیعی است که از یک شبکه نظامی ضبط شده است و 16 ویژگی مهم با استفاده از روش انتخاب ویژگی wrapper از این مجموعه داده استخراج می شوند. روش انتخاب ویژگی ذکر شده از روش Naïve-Bayesian برای ارزیابی زیر مجموعه های ویژگی استفاده می کند. پس از فرآیند انتخاب ویژگی ، از چهار الگوریتم فرا اکتشافی برای تشخیص ناهنجاری در اتصالات شبکه استفاده می شود. پارامترهای تابع هزینه (ترکیب رگرسیون غیر خطی و سیگموئید) با استفاده از الگوریتم های فرا اکتشافی بهینه می شوند. نتایج به دست آمده نشان می دهد که الگوریتم رقابت استعماری از لحاظ دقت نسبت به سایر الگوریتم های فرا اکتشافی بهتر است و همچنین همگرایی قابل قبولی جهت پیدا کردن جواب بهینه دارد.

کلیدواژه‌ها


[1]     W.-C. Lin, S.-W. Ke, and C.-F. J. K.-b. s. Tsai, "CANN: An intrusion detection system based on combining cluster centers and nearest neighbors," vol. 78, pp. 13-21, 2015.

[2]     N. Hubballi and V. J. C. C. Suryanarayanan, "False alarm minimization techniques in signature-based intrusion detection systems: A survey," vol. 49, pp. 1-17, 2014.

[3]     P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, no. 1-2, pp. 18-28, 2009.

[4]     R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, and Y.-L. J. I. S. He, "Fuzziness based semi-supervised learning approach for intrusion detection system," vol. 378, pp. 484-497, 2017.

[5]     M. A. M. Hasan, M. Nasser, S. Ahmad, and K. I. J. J. o. i. s. Molla, "Feature selection for intrusion detection using random forest," vol. 7, no. 03, p. 129, 2016.

[6]     M. Xiao, H. J. I. Nagamochi, and Computation, "Exact algorithms for maximum independent set," vol. 255, pp. 126-146, 2017.

[7]     J. Wang, M. Yin, and J. J. T. C. S. Wu, "Two approximate algorithms for model counting," vol. 657, pp. 28-37, 2017.

[8]     E. K. Burke, M. Hyde, G. Kendall, G. Ochoa, E. Özcan, and J. R. Woodward, "A classification of hyper-heuristic approaches," in Handbook of metaheuristics: Springer, 2010, pp. 449-468.

[9]     G. L. Pappa et al., "Contrasting meta-learning and hyper-heuristic research: the role of evolutionary algorithms," vol. 15, no. 1, pp. 3-35, 2014.

[10]   M. Babagoli, M. P. Aghababa, and V. J. S. C. Solouk, "Heuristic nonlinear regression strategy for detecting phishing websites," pp. 1-13, 2018.

[11]   X.-S. Yang, Nature-inspired metaheuristic algorithms. Luniver press, 2010.

[12]   J. M. Framinan, J. N. Gupta, and R. J. J. o. t. O. R. S. Leisten, "A review and classification of heuristics for permutation flow-shop scheduling with makespan objective," vol. 55, no. 12, pp. 1243-1255, 2004.

[13]   A. M. Shaheen, S. R. Spea, S. M. Farrag, and M. A. J. A. S. E. J. Abido, "A review of meta-heuristic algorithms for reactive power planning problem," vol. 9, no. 2, pp. 215-231, 2018.

[14]   M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1-6: IEEE.

[15]   A. Waskita, H. Suhartanto, P. Persadha, and L. T. Handoko, "A simple statistical analysis approach for intrusion detection system," in Systems, Process & Control (ICSPC), 2013 IEEE Conference on, 2013, pp. 193-197: IEEE.

[16]   N. Moustafa and J. J. I. S. J. A. G. P. Slay, "The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set," vol. 25, no. 1-3, pp. 18-31, 2016.

[17]   J. Jabez and B. J. P. C. S. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," vol. 48, pp. 338-346, 2015.

[18]   H. Sadreazami, A. Mohammadi, A. Asif, K. N. J. I. T. o. S. Plataniotis, and I. P. o. Networks, "Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems," vol. 4, no. 1, pp. 137-147, 2018.

[19]   C. Manikopoulos and S. J. I. C. M. Papavassiliou, "Network intrusion and fault detection: a statistical anomaly approach," vol. 40, no. 10, pp. 76-82, 2002.

[20]   O. Almomani, "A Hybrid Model Using Bio-Inspired Metaheuristic Algorithms for Network Intrusion Detection System," CMC-COMPUTERS MATERIALS & CONTINUA, vol. 68, no. 1, pp. 409-429, 2021.

[21]   S. Hosseini and B. M. H. Zade, "New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN," Computer Networks, vol. 173, p. 107168, 2020.

[22]   C. I. Rene and J. J. I. Abdullah, "Malicious Code Intrusion Detection using Machine Learning And Indicators of Compromise," 2017.

[23]   C. Kruegel and T. Toth, "Using decision trees to improve signature-based intrusion detection," in International Workshop on Recent Advances in Intrusion Detection, 2003, pp. 173-191: Springer.

[24]   R. R. Patel and C. S. Thaker, "Zero-day attack signatures detection using honeypot," in International Conference on Computer Communication and Networks (CSI-COMNET), 2011.

[25]   S. O. Al-Mamory and H. Zhang, "A survey on IDS alerts processing techniques," in Proceeding of the 6th WSEAS international conference on information security and privacy (ISP’07), Spain, 2007, pp. 69-78.

[26]   P. A. Porras, M. W. Fong, and A. Valdes, "A mission-impact-based approach to INFOSEC alarm correlation," in International Workshop on Recent Advances in Intrusion Detection, 2002, pp. 95-114: Springer.

[27]   M. J. I. J. o. C. A. Gupta, "Hybrid Intrusion Detection System: Technology and Development," vol. 115, no. 9, 2015.

[28]   I. Dutt, S. Borah, I. K. Maitra, K. Bhowmik, A. Maity, and S. Das, "Real-Time Hybrid Intrusion Detection System Using Machine Learning Techniques," in Advances in Communication, Devices and Networking: Springer, 2018, pp. 885-894.

[29]   C. Amza, C. Leordeanu, and V. Cristea, "Hybrid network intrusion detection," in Intelligent Computer Communication and Processing (ICCP), 2011 IEEE International Conference on, 2011, pp. 503-510: IEEE.

[30]   C. Estan and G. Magin, "Interactive Traffic Analysis and Visualization with Wisconsin Netpy," in LISA, 2005, vol. 5, pp. 17-17.

[31]   D. Santoro, G. Escudero-Andreu, K. G. Kyriakopoulos, F. J. Aparicio-Navarro, D. J. Parish, and M. J. M. Vadursi, "A hybrid intrusion detection system for virtual jamming attacks on wireless networks," vol. 109, pp. 79-87, 2017.

[32]   N. V. Abhishek, T. J. Lim, B. Sikdar, and A. Tandon, "An Intrusion Detection System for Detecting Compromised Gateways in Clustered IoT Networks," in 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), 2018, pp. 1-6: IEEE.

[33]   H. Bostani and M. J. C. C. Sheikhan, "Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach," vol. 98, pp. 52-71, 2017.

[34]   S. Aljawarneh, M. Aldwairi, and M. B. J. J. o. C. S. Yassein, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," vol. 25, pp. 152-160, 2018.

[35]   G. J. N. I. D'Agostini, S. Methods in Physics Research Section A: Accelerators, Detectors, and A. Equipment, "A multidimensional unfolding method based on Bayes' theorem," vol. 362, no. 2-3, pp. 487-498, 1995.

[36]   J. Chen, H. Huang, S. Tian, and Y. J. E. S. w. A. Qu, "Feature selection for text classification with Naïve Bayes," vol. 36, no. 3, pp. 5432-5435, 2009.

[37]   S. Shamshirband, A. Amini, N. B. Anuar, M. L. M. Kiah, Y. W. Teh, and S. J. M. Furnell, "D-FICCA: A density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks," vol. 55, pp. 212-226, 2014.

[38]   W. Feng, Q. Zhang, G. Hu, and J. X. J. F. G. C. S. Huang, "Mining network data for intrusion detection through combining SVMs with ant colony networks," vol. 37, pp. 127-140, 2014.

[39]   D. J. S. Whitley and computing, "A genetic algorithm tutorial," vol. 4, no. 2, pp. 65-85, 1994.

[40]   P. N. Suganthan, "Particle swarm optimiser with neighbourhood operator," in Evolutionary Computation, 1999. CEC 99. Proceedings of the 1999 Congress on, 1999, vol. 3, pp. 1958-1962: IEEE.

[41]   B. S. Bhati and C. Rai, "Ensemble Based Approach for Intrusion Detection Using Extra Tree Classifier," in Intelligent Computing in Engineering: Springer, 2020, pp. 213-220.

[42]   Z.-H. Chen and C.-W. Tsai, "An Effective Metaheuristic Algorithm for Intrusion Detection System," in 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), 2018, pp. 154-159: IEEE.

[43]   O. C. Abikoye, T. O. Aro, R. O. Obisesan, and A. N. Babatunde, "Hybridized Intrusion Detection System Using Genetic and Tabu Search Algorithm," 2017.

[44]   A. J. Wilson and S. Giriprasad, "A Feature Selection Algorithm for Intrusion Detection System Based On New Meta-Heuristic Optimization," Journal of Soft Computing and Engineering Applications, vol. 1, no. 1, 2020.