Skip to main content
SpringerLink
Log in

Dynamic Resampling Based Boosting Random Forest for Network Anomaly Traffic Detection

  • Conference paper
  • First Online:
Advances and Trends in Artificial Intelligence. Theory and Applications (IEA/AIE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13926))

  • 410 Accesses

Abstract

Network anomaly traffic detection is an important technique for detecting intrusion activities and maintaining cyberspace security. Random forest is widely used in network anomalous traffic detection due to its good detection performance. However, Random Forest suffers from the insufficient ability to handle difficult samples and poor performance in dealing with imbalanced network traffic distribution. To address these two problems, a boosting random forest for network anomaly detection, called BRF, is proposed. The proposed method embeds the random forest model into Boosting training mechanism to enhance its classification ability for difficult samples. In the iterations, Random Forest is provided with relatively balanced and diverse training sets by dynamic resampling to alleviate the traffic imbalance problem. The effectiveness of BRF is demonstrated by multi-classification experiments on the NSL-KDD and UNSW-NB15 datasets. Compared with some shallow machine learning, deep learning, and ensemble learning methods, BRF has advantages in accuracy and time efficiency, which is a promising method for network anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.unb.ca/cic/datasets/nsl.html.

  2. 2.

    https://research.unsw.edu.au/projects/unsw-nb15-dataset.

  3. 3.

    https://scikit-learn.org/stable/index.html.

  4. 4.

    https://pypi.org/project/lightgbm/.

References

  1. Kaspersky Lab: Kaspersky security bulletin 2022 (2022). https://securelist.com/ksb-2022-statistics/108129/. Accessed 6 Feb 2023

  2. Ma, Q., Sun, C., Cui, B., Jin, X.: A novel model for anomaly detection in network traffic based on kernel support vector machine. Comput. Secur. 104, 102215 (2021)

    Article  Google Scholar 

  3. Yang, J., Chen, X., Chen, S., Jiang, X., Tan, X.: Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection. IEEE Trans. Inf. Forensics Secur. 16, 3538–3553 (2021)

    Article  Google Scholar 

  4. Zhong, Y., et al.: HELAD: a novel network anomaly detection model based on heterogeneous ensemble learning. Comput. Netw. 169, 107049 (2020)

    Article  Google Scholar 

  5. Liu, Z., Wei, P., Jiang, J., Cao, W., Bian, J., Chang, Y.: MESA: boost ensemble imbalanced learning with meta-sampler. Adv. Neural. Inf. Process. Syst. 33, 14463–14474 (2020)

    Google Scholar 

  6. Casas, P., Marín, G., Capdehourat, G., Korczynski, M.: MLSEC-benchmarking shallow and deep machine learning models for network security. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 230–235. IEEE (2019). https://doi.org/10.1109/SPW.2019.00050

  7. Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)

    Article  Google Scholar 

  8. Gu, J., Lu, S.: An effective intrusion detection approach using SVM with naĂŻve Bayes feature embedding. Comput. Secur. 103, 102158 (2021)

    Article  Google Scholar 

  9. Tian, Q., Han, D., Hsieh, M.Y., Li, K.C., Castiglione, A.: A two-stage intrusion detection approach for software-defined IoT networks. Soft. Comput. 25, 10935–10951 (2021)

    Article  Google Scholar 

  10. Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019)

    Google Scholar 

  11. Zhao, X., Huang, G., Jiang, J., Gao, L., Li, M.: Research on lightweight anomaly detection of multimedia traffic in edge computing. Comput. Secur. 111, 102463 (2021)

    Article  Google Scholar 

  12. Li, W., Yi, P., Wu, Y., Pan, L., Li, J.: A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J. Electr. Comput. Eng. 2014 (2014)

    Google Scholar 

  13. Vinayakumar, R., Alazab, M., Soman, K., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)

    Article  Google Scholar 

  14. Vinayakumar, R., Soman, K., Poornachandran, P.: Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1222–1228. IEEE (2017). https://doi.org/10.1109/ICACCI.2017.8126009

  15. Vinayakumar, R., Soman, K., Poornachandran, P.: Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int. J. Inf. Syst. Model. Des. (IJISMD) 8(3), 43–63 (2017)

    Article  Google Scholar 

  16. Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)

    Article  Google Scholar 

  17. Imrana, Y., Xiang, Y., Ali, L., Abdul-Rauf, Z.: A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst. Appl. 185, 115524 (2021)

    Article  Google Scholar 

  18. Bedi, P., Gupta, N., Jindal, V.: I-SiamiDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems. Appl. Intell. 51, 1133–1151 (2021). https://doi.org/10.1007/s10489-020-01886-y

    Article  Google Scholar 

  19. Tama, B.A., Lim, S.: Ensemble learning for intrusion detection systems: a systematic mapping study and cross-benchmark evaluation. Comput. Sci. Rev. 39, 100357 (2021)

    Article  MathSciNet  Google Scholar 

  20. Çavuşoğlu, Ü.: A new hybrid approach for intrusion detection using machine learning methods. Appl. Intell. 49(7), 2735–2761 (2019). https://doi.org/10.1007/s10489-018-01408-x

    Article  Google Scholar 

  21. Rajadurai, H., Gandhi, U.D.: A stacked ensemble learning model for intrusion detection in wireless network. Neural Comput. Appl. 34, 1–9 (2020). https://doi.org/10.1007/s00521-020-04986-5

    Article  Google Scholar 

  22. Boahen, E.K., Bouya-Moko, B.E., Wang, C.: Network anomaly detection in a controlled environment based on an enhanced PSOGSARFC. Comput. Secur. 104, 102225 (2021)

    Article  Google Scholar 

  23. Nazir, A., Khan, R.A.: A novel combinatorial optimization based feature selection method for network intrusion detection. Comput. Secur. 102, 102164 (2021)

    Article  Google Scholar 

  24. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009). https://doi.org/10.1109/CISDA.2009.5356528

  25. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015). https://doi.org/10.1109/MilCIS.2015.7348942

  26. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)

    Article  Google Scholar 

Download references

Acknowledgment

This research was supported by Key R &D projects in Henan Province of China under grant number 221111210300.

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China

    Huajuan Ren, Ruimin Wang, Weiyu Dong, Junhao Li & Yonghe Tang

Authors
  1. Huajuan Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruimin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weiyu Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Junhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yonghe Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiyu Dong .

Editor information

Editors and Affiliations

  1. Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia

    Hamido Fujita

  2. Shanghai University of Finance and Economics, Shanghai, China

    Yinglin Wang

  3. Fudan University, Shanghai, China

    Yanghua Xiao

  4. Texas State University, San Marcos, TX, USA

    Ali Moonis

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ren, H., Wang, R., Dong, W., Li, J., Tang, Y. (2023). Dynamic Resampling Based Boosting Random Forest for Network Anomaly Traffic Detection. In: Fujita, H., Wang, Y., Xiao, Y., Moonis, A. (eds) Advances and Trends in Artificial Intelligence. Theory and Applications. IEA/AIE 2023. Lecture Notes in Computer Science(), vol 13926. Springer, Cham. https://doi.org/10.1007/978-3-031-36822-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36822-6_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36821-9

  • Online ISBN: 978-3-031-36822-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation