Abstract
Network anomaly traffic detection is an important technique for detecting intrusion activities and maintaining cyberspace security. Random forest is widely used in network anomalous traffic detection due to its good detection performance. However, Random Forest suffers from the insufficient ability to handle difficult samples and poor performance in dealing with imbalanced network traffic distribution. To address these two problems, a boosting random forest for network anomaly detection, called BRF, is proposed. The proposed method embeds the random forest model into Boosting training mechanism to enhance its classification ability for difficult samples. In the iterations, Random Forest is provided with relatively balanced and diverse training sets by dynamic resampling to alleviate the traffic imbalance problem. The effectiveness of BRF is demonstrated by multi-classification experiments on the NSL-KDD and UNSW-NB15 datasets. Compared with some shallow machine learning, deep learning, and ensemble learning methods, BRF has advantages in accuracy and time efficiency, which is a promising method for network anomaly detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kaspersky Lab: Kaspersky security bulletin 2022 (2022). https://securelist.com/ksb-2022-statistics/108129/. Accessed 6 Feb 2023
Ma, Q., Sun, C., Cui, B., Jin, X.: A novel model for anomaly detection in network traffic based on kernel support vector machine. Comput. Secur. 104, 102215 (2021)
Yang, J., Chen, X., Chen, S., Jiang, X., Tan, X.: Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection. IEEE Trans. Inf. Forensics Secur. 16, 3538–3553 (2021)
Zhong, Y., et al.: HELAD: a novel network anomaly detection model based on heterogeneous ensemble learning. Comput. Netw. 169, 107049 (2020)
Liu, Z., Wei, P., Jiang, J., Cao, W., Bian, J., Chang, Y.: MESA: boost ensemble imbalanced learning with meta-sampler. Adv. Neural. Inf. Process. Syst. 33, 14463–14474 (2020)
Casas, P., MarĂn, G., Capdehourat, G., Korczynski, M.: MLSEC-benchmarking shallow and deep machine learning models for network security. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 230–235. IEEE (2019). https://doi.org/10.1109/SPW.2019.00050
Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)
Gu, J., Lu, S.: An effective intrusion detection approach using SVM with naĂŻve Bayes feature embedding. Comput. Secur. 103, 102158 (2021)
Tian, Q., Han, D., Hsieh, M.Y., Li, K.C., Castiglione, A.: A two-stage intrusion detection approach for software-defined IoT networks. Soft. Comput. 25, 10935–10951 (2021)
Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019)
Zhao, X., Huang, G., Jiang, J., Gao, L., Li, M.: Research on lightweight anomaly detection of multimedia traffic in edge computing. Comput. Secur. 111, 102463 (2021)
Li, W., Yi, P., Wu, Y., Pan, L., Li, J.: A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J. Electr. Comput. Eng. 2014 (2014)
Vinayakumar, R., Alazab, M., Soman, K., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)
Vinayakumar, R., Soman, K., Poornachandran, P.: Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1222–1228. IEEE (2017). https://doi.org/10.1109/ICACCI.2017.8126009
Vinayakumar, R., Soman, K., Poornachandran, P.: Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int. J. Inf. Syst. Model. Des. (IJISMD) 8(3), 43–63 (2017)
Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)
Imrana, Y., Xiang, Y., Ali, L., Abdul-Rauf, Z.: A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst. Appl. 185, 115524 (2021)
Bedi, P., Gupta, N., Jindal, V.: I-SiamiDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems. Appl. Intell. 51, 1133–1151 (2021). https://doi.org/10.1007/s10489-020-01886-y
Tama, B.A., Lim, S.: Ensemble learning for intrusion detection systems: a systematic mapping study and cross-benchmark evaluation. Comput. Sci. Rev. 39, 100357 (2021)
Çavuşoğlu, Ü.: A new hybrid approach for intrusion detection using machine learning methods. Appl. Intell. 49(7), 2735–2761 (2019). https://doi.org/10.1007/s10489-018-01408-x
Rajadurai, H., Gandhi, U.D.: A stacked ensemble learning model for intrusion detection in wireless network. Neural Comput. Appl. 34, 1–9 (2020). https://doi.org/10.1007/s00521-020-04986-5
Boahen, E.K., Bouya-Moko, B.E., Wang, C.: Network anomaly detection in a controlled environment based on an enhanced PSOGSARFC. Comput. Secur. 104, 102225 (2021)
Nazir, A., Khan, R.A.: A novel combinatorial optimization based feature selection method for network intrusion detection. Comput. Secur. 102, 102164 (2021)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009). https://doi.org/10.1109/CISDA.2009.5356528
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015). https://doi.org/10.1109/MilCIS.2015.7348942
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)
Acknowledgment
This research was supported by Key R &D projects in Henan Province of China under grant number 221111210300.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ren, H., Wang, R., Dong, W., Li, J., Tang, Y. (2023). Dynamic Resampling Based Boosting Random Forest for Network Anomaly Traffic Detection. In: Fujita, H., Wang, Y., Xiao, Y., Moonis, A. (eds) Advances and Trends in Artificial Intelligence. Theory and Applications. IEA/AIE 2023. Lecture Notes in Computer Science(), vol 13926. Springer, Cham. https://doi.org/10.1007/978-3-031-36822-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-031-36822-6_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36821-9
Online ISBN: 978-3-031-36822-6
eBook Packages: Computer ScienceComputer Science (R0)