Abstract
Intrusion detection systems (IDSs) are an important security mechanism to protect computing resources under various environments. To detect malicious unknown events, machine learning is often used to support anomaly-based detection. However, such kind of detection often requires high quality data to ensure accuracy, which may face several issues like imbalanced data and ineffective features. In this work, we aim to evaluate a combined approach of both imbalance correction and feature selection, and explore how much it can mitigate the issues. As a study, we generate several feature-selected and imbalance-corrected datasets based on NSL-KDD data and conduct experiments on Random Forests, Neural Networks and Gradient-Boosting Machines. The results indicate that the combined approach can significantly improve the detection performance on the refined data as compared to being trained on the original data, by 10% in overall accuracy and 24% in overall F1-score.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arauzo-Azofra, A., Benitez, J.M., Castro, J.L.: Consistency measures for feature selection J. Intell. Inf. Syst. 30, 273–292 (2007). https://doi.org/10.1007/s10844-007-0037-0
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2016)
Dash, M., Liu, H.: Consistency-based search in feature selection. Artif. Intell. 151(1–2), 155–176 (2003)
Diederik P. Kingma, J.L.B.: Adam: a method for stochastic optimization (2015)
Grünwald, P.: A tutorial introduction to the minimum description length principle (2004)
Hall, M.A.: Correlation-based feature selection for machine learning. Ph.D. thesis, The University of Waikato, April 1999
Huang, S., Lei, K.: IGAN-IDS: an imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Netw. 105, 102177 (2020)
Li, X., Chen, W., Zhang, Q., Wu, L.: Building auto-encoder intrusion detection system based on random forest feature selection. Comput. Secur. 95, 101851 (2020)
Li, Y., Wang, J., Tian, Z., Lu, T., Young, C.: Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Comput. Secur. 28(6), 466–475 (2009)
Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9(20), 4396 (2019)
Meng, Y.: The practice on using machine learning for network anomaly intrusion detection. In: 2011 International Conference on Machine Learning and Cybernetics, vol. 2, pp. 576–581 (2011)
Meng, Y., Kwok, L.: Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection. In: 7th International Conference on Information Assurance and Security, IAS, pp. 74–79. IEEE (2011)
Meng, Y., Kwok, L.-F.: Enhancing false alarm reduction using pool-based active learning in network intrusion detection. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 1–15. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38033-4_1
Morgan, S.: Global cybercrime damages predicted to reach \$6 trillion annually by 2021. Accessed 25 Apr 2020. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
Nisioti, A., Mylonas, A., Yoo, P.D., Katos, V.: From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun. Surv. Tutorials 20(4), 3369–3388 (2018)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set (2009)
Tharwat, A.: Classification assessment methods. Appl. Comput. Inform. 16, 1–25 (2018)
Yu, L., Liu, H.: Efficient feature selection via analysis of relevance and redundancy. J. Mach. Learn. Res. 5, 1205–1224 (2004)
Zhou, Q., Gu, L., Wang, C., Wang, J., Chen, S.: Using an improved C4.5 for imbalanced dataset of intrusion. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust PST, vol. 380, p. 67. ACM (2006)
Acknowledgments
This work was partially supported by National Natural Science Foundation of China (No. 61802077).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Engly, A.H., Larsen, A.R., Meng, W. (2020). Evaluation of Anomaly-Based Intrusion Detection with Combined Imbalance Correction and Feature Selection. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-65745-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65744-4
Online ISBN: 978-3-030-65745-1
eBook Packages: Computer ScienceComputer Science (R0)