Skip to main content
SpringerLink
Log in

Evaluation of Anomaly-Based Intrusion Detection with Combined Imbalance Correction and Feature Selection

  • Conference paper
  • First Online:
Book cover Network and System Security (NSS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12570))

Included in the following conference series:

Abstract

Intrusion detection systems (IDSs) are an important security mechanism to protect computing resources under various environments. To detect malicious unknown events, machine learning is often used to support anomaly-based detection. However, such kind of detection often requires high quality data to ensure accuracy, which may face several issues like imbalanced data and ineffective features. In this work, we aim to evaluate a combined approach of both imbalance correction and feature selection, and explore how much it can mitigate the issues. As a study, we generate several feature-selected and imbalance-corrected datasets based on NSL-KDD data and conduct experiments on Random Forests, Neural Networks and Gradient-Boosting Machines. The results indicate that the combined approach can significantly improve the detection performance on the refined data as compared to being trained on the original data, by 10% in overall accuracy and 24% in overall F1-score.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Arauzo-Azofra, A., Benitez, J.M., Castro, J.L.: Consistency measures for feature selection J. Intell. Inf. Syst. 30, 273–292 (2007). https://doi.org/10.1007/s10844-007-0037-0

  2. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2016)

    Article  Google Scholar 

  3. Dash, M., Liu, H.: Consistency-based search in feature selection. Artif. Intell. 151(1–2), 155–176 (2003)

    Article  MathSciNet  Google Scholar 

  4. Diederik P. Kingma, J.L.B.: Adam: a method for stochastic optimization (2015)

    Google Scholar 

  5. Grünwald, P.: A tutorial introduction to the minimum description length principle (2004)

    Google Scholar 

  6. Hall, M.A.: Correlation-based feature selection for machine learning. Ph.D. thesis, The University of Waikato, April 1999

    Google Scholar 

  7. Huang, S., Lei, K.: IGAN-IDS: an imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Netw. 105, 102177 (2020)

    Article  Google Scholar 

  8. Li, X., Chen, W., Zhang, Q., Wu, L.: Building auto-encoder intrusion detection system based on random forest feature selection. Comput. Secur. 95, 101851 (2020)

    Article  Google Scholar 

  9. Li, Y., Wang, J., Tian, Z., Lu, T., Young, C.: Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Comput. Secur. 28(6), 466–475 (2009)

    Article  Google Scholar 

  10. Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9(20), 4396 (2019)

    Article  Google Scholar 

  11. Meng, Y.: The practice on using machine learning for network anomaly intrusion detection. In: 2011 International Conference on Machine Learning and Cybernetics, vol. 2, pp. 576–581 (2011)

    Google Scholar 

  12. Meng, Y., Kwok, L.: Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection. In: 7th International Conference on Information Assurance and Security, IAS, pp. 74–79. IEEE (2011)

    Google Scholar 

  13. Meng, Y., Kwok, L.-F.: Enhancing false alarm reduction using pool-based active learning in network intrusion detection. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 1–15. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38033-4_1

    Chapter  Google Scholar 

  14. Morgan, S.: Global cybercrime damages predicted to reach \$6 trillion annually by 2021. Accessed 25 Apr 2020. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/

  15. Nisioti, A., Mylonas, A., Yoo, P.D., Katos, V.: From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun. Surv. Tutorials 20(4), 3369–3388 (2018)

    Article  Google Scholar 

  16. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set (2009)

    Google Scholar 

  17. Tharwat, A.: Classification assessment methods. Appl. Comput. Inform. 16, 1–25 (2018)

    Google Scholar 

  18. Yu, L., Liu, H.: Efficient feature selection via analysis of relevance and redundancy. J. Mach. Learn. Res. 5, 1205–1224 (2004)

    MathSciNet  MATH  Google Scholar 

  19. Zhou, Q., Gu, L., Wang, C., Wang, J., Chen, S.: Using an improved C4.5 for imbalanced dataset of intrusion. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust PST, vol. 380, p. 67. ACM (2006)

    Google Scholar 

Download references

Acknowledgments

This work was partially supported by National Natural Science Foundation of China (No. 61802077).

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computer Science, Technical University of Denmark, Kongens Lyngby, Denmark

    Andreas Heidelbach Engly, Anton Ruby Larsen & Weizhi Meng

  2. Institute of Artificial Intelligence and Blockchain, Guangzhou University, Guangzhou, China

    Weizhi Meng

Authors
  1. Andreas Heidelbach Engly
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anton Ruby Larsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng .

Editor information

Editors and Affiliations

  1. Wrocław University of Technology, Wroclaw, Poland

    Mirosław Kutyłowski

  2. Swinburne University of Technology, Hawthorn, VIC, Australia

    Jun Zhang

  3. James Cook University, Douglas, QLD, Australia

    Chao Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Engly, A.H., Larsen, A.R., Meng, W. (2020). Evaluation of Anomaly-Based Intrusion Detection with Combined Imbalance Correction and Feature Selection. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65745-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65744-4

  • Online ISBN: 978-3-030-65745-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation