DETECTION OF NETWORK INTRUSIONS USING MACHINE LEARNING ALGORITHMS AND FUZZY LOGIC
DOI:
https://doi.org/10.28925/2663-4023.2023.19.209225Keywords:
intrusion detection system, machine learning, ensemble learning, classifier, fuzzy logic, cyber attack; cyber defense using machine learning; feature selection algorithmsAbstract
Abstract. The study proposed a model of an intrusion detection system based on machine learning using feature selection in large data sets based on ensemble learning methods. Statistical tests and fuzzy rules were used to select the necessary features. When choosing a basic classifier, the behavior of 8 machine learning algorithms was investigated. The proposed system provided a reduction in intrusion detection time (up to 60%) and a high level of attack detection accuracy. The best classification results for all studied datasets were provided by tree-based classifiers: DesignTreeClassifier, ExtraTreeClassifier, RandomForestClassifier. With the appropriate setting, choosing Stacking or Bagging classifier for model training using all data sets provides a small increase in the classification accuracy, but significantly increases the training time (by more than an order of magnitude, depending on the base classifiers or the number of data subsets). As the number of observations in the training dataset increases, the effect of increasing training time becomes more noticeable. The best indicators in terms of learning speed were provided by the VotingClassifier, built on the basis of algorithms with maximum learning speed and sufficient classification accuracy. The training time of the classifier using FuzzyLogic practically does not differ from the training time of the voting classifier (approximately 10-15% more). The influence of the number of features on the training time of the classifiers and the VotingClassifier ensemble depends on the behavior of the base classifiers. For ExtraTreeClassifier, the training time is weakly dependent on the number of features. For DesignTree or KNeibors (and, as a result, for the Voting classifier in general), the training time increases significantly with the increase in the number of features. Reducing the number of features on all datasets affects the estimation accuracy according to the criterion of average reduction of classification errors. As long as the group of features in the training dataset contains the first in the list of features with the greatest influence, the accuracy of the model is at the initial level, but when at least one of the features with a large influence is excluded from the model, the accuracy of the model drops dramatically.
Downloads
References
Chua, T.-H., & Salam, I. (2023). Evaluation of Machine Learning Algorithms in Network-Based Intrusion Detection Using Progressive Dataset. Symmetry, 15(6), 1251. https://doi.org/10.3390/sym15061251
Aleesa, A. M., Zaidan, B. B., Zaidan, A. A., & Sahar, N. M. (2019). Review of intrusion detection systems based on deep learning techniques: Coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions. Neural Computing and Applications, 32(14), 9827–9858. https://doi.org/10.1007/s00521-019-04557-3
Tama, B. A., & Lim, S. (2021). Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation. Computer Science Review, 39, 100357. https://doi.org/10.1016/j.cosrev.2020.100357
Verma, Abhishek & Ranga, Virender. (2018). On Evaluation of Network Intrusion Detection Systems: Statistical Analysis of CIDDS-001 Dataset Using Machine Learning Techniques. Pertanika Journal of Science and Technology. 26. 1307-1332. https://doi.org/10.36227/techrxiv.11454276.v1.
Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419. https://doi.org/10.1016/j.jisa.2019.102419
Kilincer, I. F., Ertam, F., & Sengur, A. (2021). Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks, 188, 107840. https://doi.org/10.1016/j.comnet.2021.107840
Rahman, M. A., Asyhari, A. T., Wen, O. W., Ajra, H., Ahmed, Y., & Anwar, F. (2021). Effective combining of feature selection techniques for machine learning-enabled IoT intrusion detection. Multimedia Tools and Applications, 80(20), 31381–31399. https://doi.org/10.1007/s11042-021-10567-y
Kocher, G., & Kumar, G. (2021). Analysis of machine learning algorithms with feature selec-tion for intrusion detection using UNSW-NB15 dataset. International Journal of Network Secu-rity & Its Applications, 13(1), 21–31. https://doi.org/10.5121/ijnsa.2021.13102
Kumar, K., & Singh, J. (2016). Network intrusion detection with feature selection techniques using machine-learning algorithms. International Journal of Computer Applications, 150(12), 1–13. https://doi.org/10.5120/ijca2016910764
Krishnaveni, S., Sivamohan, S., Sridhar, S. S., & Prabakaran, S. (2021). Efficient feature selec-tion and classification through ensemble method for network intrusion detection on cloud com-puting. Cluster Computing. https://doi.org/10.1007/s10586-020-03222-y
Shanmugavadivu, R. & Dr. Nagarajan,. N. (2011). Network Intrusion Detection System using Fuzzy Logic. Indian Journal of Computer Science and Engineering. 2. https://www.researchgate.net/publication/50417996_Network_Intrusion_Detection_System_using_Fuzzy_Logic
Almseidin, M., & Kovács, S. (2019). Intrusion Detection Mechanism Using Fuzzy Rule Interpo-lation. ArXiv, abs/1904.08790. https://api.semanticscholar.org/CorpusID:120430608
Naik, N., Diao, R., & Shen, Q. (2018). Dynamic fuzzy rule interpolation and its application to intrusion detection. IEEE Transactions on Fuzzy Systems, 26(4), 1878–1892. https://doi.org/10.1109/tfuzz.2017.2755000
Benaddi, H., Ibrahimi, K., & Benslimane, A. (2018). Improving the Intrusion Detection System for NSL-KDD Dataset based on PCA-Fuzzy Clustering-KNN. У 2018 6th international confer-ence on wireless networks and mobile communications (WINCOM). IEEE. https://doi.org/10.1109/wincom.2018.8629718
Rani, D., Gill, N. S., Gulia, P., & Chatterjee, J. M. (2022). An ensemble-based multiclass clas-sifier for intrusion detection using internet of things. Computational Intelligence and Neurosci-ence, 2022, 1–16. https://doi.org/10.1155/2022/1668676
Guo, G. (2021). A machine learning framework for intrusion detection system in iot networks using an ensemble feature selection method. In 2021 IEEE 12th annual information technology, electronics and mobile communication conference (IEMCON). IEEE. https://doi.org/10.1109/iemcon53756.2021.9623082
A. Subasi, S. Algebsani, W. Alghamdi, E. Kremic, J. Almaasrani, N. Abdulaziz, Intrusion de-tection in smart healthcare using bagging ensemble classifier, in International Conference on Medical and Biological Engineering, (2021), 164–171. https://doi.org/10.1007/978-3-030-73909-6_18
Khan, Muhammad Almas & Khattak, Muazzam & Latif, Shahid & Shah, Awais & Rehman, Mujeeb & Boulila, Wadii & Driss, Maha & Ahmad, Jawad. (2022). Voting Classifier-Based Intrusion Detection for IoT Networks. 10.1007/978-981-16-5559-3_26.
Cunningham, P., & Delany, S. J. (2021). K-Nearest neighbour classifiers - A tutorial. ACM Computing Surveys, 54(6), 1–25. https://doi.org/10.1145/3459665
J. Singh, M. J. Nene, A survey on machine learning techniques for intrusion detection systems, Int. J. Adv. Res. Comput. Commun. Eng., 2 (2013), 4349–4355.
N. Farnaaz, M. Jabbar, Random forest modeling for network intrusion detection system, Proce-dia Comput. Sci., 89 (2016), 213–217. https://doi.org/10.1016/j.procs.2016.06.047
Geurts, P., Ernst, D. & Wehenkel, L. Extremely randomized trees. Mach Learn 63, 3–42 (2006). https://doi.org/10.1007/s10994-006-6226-1
IDS 2018 Intrusion CSVs (CSE-CIC-IDS2018). https://www.kaggle.com/datasets/solarmainframe/ids-intrusion-csv
Aggarwal, P., & Sharma, S. K. (2015). Analysis of KDD dataset attributes - class wise for intru-sion detection. Procedia Computer Science, 57, 842–851. https://doi.org/10.1016/j.procs.2015.07.490
NSL-KDD dataset. URL: http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html.
Moustafa, Nour & Slay, Jill. (2015). UNSW-NB15: a comprehensive data set for network intru-sion detection systems (UNSW-NB15 network data set). https://doi.org/10.1109/MilCIS.2015.7348942.
Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys, P. (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800. https://doi.org/10.3390/electronics9050800
Emanet S., Karatas Baydogmus G., Demir O. (2023) An ensemble learning based IDS using Voting rule: VEL-IDS. PeerJ Computer Science 9: e1553 https://doi.org/10.7717/peerj-cs.1553
Zhou, Z.H. (2021). Ensemble Learning. In: Machine Learning. Springer, Singapore. https://doi.org/10.1007/978-981-15-1967-3_8
Shushura, O. M., Asieieva, L. A., Nedashkivskiy, O. L., Havrylko, Y. V., Moroz, Y. O., Smailova, S. S., & Sarsembayev, M. (2022). SIMULATION OF INFORMATION SECURI-TY RISKS OF AVAILABILITY OF PROJECT DOCUMENTS BASED ON FUZZY LOG-IC. Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska, 12(3), 64–68. https://doi.org/10.35784/iapgos.3033
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Євген Чичкарьов, Ольга Зінченко, Андрій Бондарчук , Людмила Асєєва
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
