Tytuł artykułu
Autorzy
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
Security threats, among other intrusions affecting the availability, confidentiality and integrity of IT resources and services, are spreading fast and can cause serious harm to organizations. Intrusion detection has a key role in capturing intrusions. In particular, the application of machine learning methods in this area can enrich the intrusion detection efficiency. Various methods, such as pattern recognition from event logs, can be applied in intrusion detection. The main goal of our research is to present a possible intrusion detection approach using recent machine learning techniques. In this paper, we suggest and evaluate the usage of stacked ensembles consisting of neural network (SNN) and autoencoder (AE) models augmented with a tree-structured Parzen estimator hyperparameter optimization approach for intrusion detection. The main contribution of our work is the application of advanced hyperparameter optimization and stacked ensembles together. We conducted several experiments to check the effectiveness of our approach. We used the NSL-KDD dataset, a common benchmark dataset in intrusion detection, to train our models. The comparative results demonstrate that our proposed models can compete with and, in some cases, outperform existing models.
Wydawca
Rocznik
Tom
Strony
149--163
Opis fizyczny
Bibliogr. 55 poz., rys.
Twórcy
autor
- Department of Information Systems, Corvinus University of Budapest Fővám tér 13-15, 1093 Budapest, Hungary
autor
- Department of Information Systems, Corvinus University of Budapest Fővám tér 13-15, 1093 Budapest, Hungary
autor
- Department of Computer Science, Corvinus University of Budapest Fővám tér 13-15, 1093 Budapest, Hungary
Bibliografia
- [1] Martin Abadi, Ashish Agarwal, Paul Barham, Eugene Brevdo, Zhifeng Chen, Craig Citro, reg S Corrado, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Ian Goodfellow, Andrew Harp, Geoffrey Irving, Michael Isard, Yangqing Jia, Rafal Jozefowicz, Lukasz Kaiser, Manjunath Kudlur, Josh Levenberg, Dan Mane, Rajat Monga, Sherry Moore, Derek Murray, Chris Olah, Mike Schuster, Jonathon Shlens, Benoit Steiner, Ilya Sutskever, Kunal Talwar, Paul Tucker, Vincent Vanhoucke, Vijay Vasudevan, Fernanda Viegas, Oriol Vinyals, Pete Warden, Martin Wattenberg, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems, 2016.
- [2] Oludare Isaac Abiodun, Aman Jantan, Abiodun Esther Omolara, Kemi Victoria Dada, Nachaat AbdElatif Mohamed, and Humaira Arshad. State-of-the-art in artificial neural network applications: A survey. Heliyon , 4(11): e00938, 2018.
- [3] Abdulla Amin Aburomman and Mamun Bin Ibne Reaz. A survey of intrusion detection systems based on ensemble and hybrid classifiers. Computers & Security , 65: 135–152, 2017.
- [4] Majjed Al-Qatf, Yu Lasheng, Mohammed AlHabib, and Kamal Al-Sabahi. Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 6:52843–52856, 2018.
- [5] Wathiq Laftah Al-Yaseen, Zulaiha Ali Othman, and Mohd Zakree Ahmad Nazri. Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Systems with Applications , 67: 296–303, 2017.
- [6] Sikha Bagui and Kunqi Li. Resampling imbalanced data for network intrusion detection datasets. Journal of Big Data, 8(1): 1–41, 2021.
- [7] Amelia A Baldwin, Carol E Brown, and Brad S Trinkle. Opportunities for artificial intelligence development in the accounting domain: the case for auditing. Intelligent Systems in Accounting, Finance & Management: International Journal, 14(3): 77–86, 2006.
- 8] Rachid Beghdad. Critical study of neural networks in detecting intrusions. Computers & security, 27(5-6): 168–175, 2008.
- [9] James Bergstra, Brent Komer, Chris Eliasmith, Dan Yamins, and David D Cox. Hyperopt: a python library for model selection and hyperparameter optimization. Computational Science & Discovery, 8(1): 14008, 2015.
- [10] James Bergstra, Dan Yamins, and David D Cox. Hyperopt: A python library for optimizing the hyperparameters of machine learning algorithms. In Proceedings of the 12th Python in science conference, pages 13–20. Citeseer, 2013.
- [11] James Bergstra, Daniel Yamins, and David Daniel Cox. Making a science of model search: Hyperparameter optimization in hundreds of dimensions for vision architectures. 2013.
- [12] James S Bergstra, Remi Bardenet, Yoshua Bengio, and Balazs Kegl. Algorithms for hyper-parameter optimization. In Advances in neural information processing systems, pages 2546–2554, 2011.
- [13] Monowar H Bhuyan, Dhruba Kumar Bhattacharyya, and Jugal K Kalita. Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials, 16(1): 303–336, 2013.
- [14] Nassima Bougueroua, Smaine Mazouzi, Mohamed Belaoued, Noureddine Seddari, Abdelouahid Derhab, and Abdelghani Bouras. A survey on multiagent based collaborative intrusion detection systems. J. Artif. Intell. Soft Comput. Res., 11(2): 111–142, 2021.
- [15] Anna L Buczak and Erhan Guven. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2): 1153–1176, 2015.
- [16] Sarin E Chandy, Amin Rasekh, Zachary A Barker, and M Ehsan Shafiee. Cyberattack detection using deep generative models with variational inference. Journal of Water Resources Planning and Management, 145(2): 4018093, 2019.
- [17] Zouhair Chiba, Noureddine Abghour, Khalid Moussaid, Amina El Omri, and Mohamed Rida. A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security, 75: 36–58, 2018.
- [18] Franc¸ois Chollet. KERAS Documentation, 2015.
- [19] Sumeet Dua and Xian Du. Data mining and machine learning in cybersecurity. CRC press, 2016.
- [20] ISACA. CISA Review Manual. ISACA, 26 edition, 2015.
- [21] ISACA. CISM Review Manual. ISACA, 15 edition, nov 2016.
- [22] Ahmad Javaid, Quamar Niyaz, Weiqing Sun, and Mansoor Alam. A deep learning approach for network intrusion detection system. In Proceedings of the 9th EAI International Conference on Bioinspired Information and Communications Technologies (formerly BIONETICS), pages 21–26, 2016.
- [23] Yuta Kawachi, Yuma Koizumi, and Noboru Harada. Complementary set variational autoencoder for supervised anomaly detection. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2366–2370. IEEE, 2018.
- [24] Diederik P Kingma and Jimmy Ba. Adam: A Method for Stochastic Optimization. arXiv preprint arXiv: 1412.6980, 2014.
- [25] Diederik P Kingma and Max Welling. Autoencoding variational bayes. arXiv preprint arXiv: 1312.6114, 2013.
- [26] Durk P Kingma, Shakir Mohamed, Danilo Jimenez Rezende, and Max Welling. Semi-supervised learning with deep generative models. In Advances in neural information processing systems, pages 3581–3589, 2014.
- [27] Solomon Kullback. Information Theory and Statistics. John Riley and Sons. Inc. New York, 1959.
- [28] Manuel Lopez-Martin, Belen Carro, and Antonio Sanchez-Esguevillas. Variational data generative model for intrusion detection. Knowledge and Information Systems, 60(1): 569–590, 2019.
- [29] Manuel Lopez-Martin, Belen Carro, Antonio Sanchez-Esguevillas, and Jaime Lloret. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot. Sensors, 17(9): 1967, 2017.
- [30] Simone A Ludwig. Applying a neural network ensemble to intrusion detection. Journal of Artificial Intelligence and Soft Computing Research, 9, 2019.
- [31] Borja Molina-Coronado, Usue Mori, Alexander Mendiburu, and Jose Miguel-Alonso. Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process. arXiv preprint arXiv: 2001.09697, 2020.
- [32] N Moustafa and J Slay. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6, 2015.
- [33] Srinivas Mukkamala, Andrew H. Sung, and Ajith Abraham. Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications, 28(2): 167–182, 2005.
- [34] Hien M Nguyen, Eric W Cooper, and Katsuari Kamei. Borderline over-sampling for imbalanced data classification. In Proceedings: Fifth International Workshop on Computational Intelligence & Applications, volume 2009, pages 24–29. IEEE SMC Hiroshima Chapter, 2009.
- [35] Genki Osada, Kazumasa Omote, and Takashi Nishide. Network intrusion detection based on semi-supervised variational auto-encoder. In European Symposium on Research in Computer Security, pages 344–361. Springer, 2017.
- [36] Nikunj C Oza and Kagan Tumer. Classifier ensembles: Select real-world applications. Information Fusion, 9(1): 4–20, 2008.
- [37] Yoshihiko Ozaki, Yuki Tanigaki, Shuhei Watanabe, and Masaki Onishi. Multiobjective tree-structured parzen estimator for computationally expensive optimization problems. In Proceedings of the 2020 Genetic and Evolutionary Computation Conference, pages 533–541, 2020.
- [38] Sandhya Peddabachigari, Ajith Abraham, and Johnson Thomas. Intrusion detection systems using decision trees and support vector machines. International Journal of Applied Science and Computations, 11(3): 118–134, 2004.
- [39] Karen Scarfone and Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS) Recommendations of the National Institute of Standards and Technology. Nist Special Publication, 800-94: 127, 2007.
- [40] Benedetto Marco Serinelli, Anastasija Collen, and Niels Alexander Nijdam. Training guidance with kdd cup 1999 and nsl-kdd data sets of anidinr: Anomaly-based network intrusion detection system. Procedia Computer Science, 175: 560–565, 2020.
- [41] Bobak Shahriari, Kevin Swersky, Ziyu Wang, Ryan P Adams, and Nando De Freitas. Taking the human out of the loop: A review of Bayesian optimization. Proceedings of the IEEE, 104(1): 148–175, 2015.
- [42] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSP, pages 108–116, 2018.
- [43] Rahul Sharma, Chien Aun Chan, and Christopher Leckie. Evaluation of centralised vs distributed collaborative intrusion detection systems in multiaccess edge computing. In 2020 IFIP Networking Conference (Networking), pages 343–351. IEEE, 2020.
- [44] Vadim Smolyakov. Ensemble Learning to Improve Machine Learning Results, 2017.
- [45] Steven R Snapp, James Brentano, Gihan Dias, Terrance L Goan, L Todd Heberlein, Che-Lin Ho, and Karl N Levitt. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. 2017.
- [46] Salvatore J Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis, and Philip K Chan. Cost-based modeling for fraud and intrusion detection: Results from the jam project. In Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, volume 2, pages 130–144. IEEE, 2000.
- [47] Jiayu Sun, Xinzhou Wang, Naixue Xiong, and Jie Shao. Learning sparse representation with variational auto-encoder for anomaly detection. IEEE Access, 6: 33353–33361, 2018.
- [48] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A Ghorbani. A Detailed Analysis of the KDD CUP 99 Data Set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications - CISDA, pages 1–6. IEEE, IEEE, 2009.
- [49] Daxin Tian, Yanheng Liu, and Yang Xiang. Largescale network intrusion detection based on distributed learning algorithm. International Journal of Information Security, 8(1): 25–35, 2009.
- [50] Michal Tkac and Robert Verner. Artificial neural networks in business: Two decades of research. Applied Soft Computing, 38: 788–804, 2016.
- [51] Chih Fong Tsai, Yu Feng Hsu, Chia Ying Lin, and Wei Yang Lin. Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10): 11994–12000, 2009.
- [52] Bo K Wong, Thomas A Bodnovich, and Yakup Selvi. Neural network applications in business: A review and analysis of the literature (1988–1995). Decision Support Systems, 19(4): 301–320, 1997.
- [53] Yanqing Yang, Kangfeng Zheng, Chunhua Wu, and Yixian Yang. Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors, 19(11): 2528, 2019.
- [54] Chuanlong Yin, Yuefei Zhu, Jinlong Fei, and Xinzheng He. A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5: 21954–21961, 2017.
- [55] Anazida Zainal, Mohd Aizaini Maarof, and Siti Mariyam Shamsuddin. Ensemble classifiers for network intrusion detection system. Journal of Information Assurance and Security, 4(3): 217–225, 2009.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-80b5121b-45de-4d0a-ad9d-01fe24c41a1b