Abstract
A multi-agent artificial immune system for network intrusion detection and classification is proposed and tested in this paper. The multi-layer detection and classification process is proposed to be executed on each agent, for each host in the network. The experiment shows very good results in detection layer, where 90% of anomalies are detected. For the classification layer, 88% of false positives were successfully labeled as normal traffic connections, and 79% of DoS and Probe attacks were labeled correctly. An analysis is given for future work to enhance results for low-presented attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Dasgupta, D., Yu, S., Nino, F.: Advances in artificial immune systems: Models and applications. Applied Soft Computing 11(2), 1574–1587 (2011)
Aickelin, U., Greensmith, J., Twycross, J.: Immune system approaches to intrusion detection - a review. In: Artificial Immune Systems, pp. 316–329. Springer, Heidelberg (2004)
Khoshgoftaar, T.M., Gao, K., Ibrahim, N.H.: Evaluating indirect and direct classification techniques for network intrusion detection. Intelligent Data Analysis 9(3), 309–326 (2005)
Kotsiantis, S.B.: Supervised machine learning: A review of classification techniques. Informatica (03505596) 31(3), 249–268 (2007)
Wozniak, M., Grana, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Information Fusion 16, 3–17 (2014)
Calvo-Rolle, J.L., Corchado, E.: A bio-inspired knowledge system for improving combined cycle plant control tuning. Neurocomputing 126, 95–105 (2014)
Zhang, H.: The optimality of naive bayes. In: Proceedings of the FLAIRS Conference, vol. 1, pp. 3–9 (2004)
Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a hidden nave bayes multiclass classifier. Original Research Article Expert Systems with Applications 39(18), 13492–13500 (2012)
Shi, H.: Best-first decision tree learning. Phd dissertation, The University of Waikato (2007)
Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Mitchell, T.M.: Machine learning. McGraw Hill (1997) ISBN-10: 0070428077
Anderson, J.R.: Machine learning: An artificial intelligence approach. Morgan Kaufmann (1986) ISBN-10: 0934613095
Caruana, R., Niculescu-mizil, A.: An empirical comparison of supervised learning algorithms. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 161–168. ACM (2006)
Damgaard, C.: Gini coefficient, http://mathworld.wolfram.com/GiniCoefficient.html
Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Continuous features discretization for anomaly intrusion detectors generation. In: Soft Computing in Industrial Applications, pp. 209–221. Springer International Publishing (2014)
Aha, D.W., Bankert, R.L.: A comparative evaluation of sequential feature selection algorithms. In: Learning from Data, pp. 199–206. Springer New York (1996)
Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafy, S.E.O.: Genetic algorithm with different feature selection techniques for anomaly detectors generation. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 769–774. IEEE (2013)
Weka 3: Data mining software in java, http://www.cs.waikato.ac.nz/~ml/weka/
Nsl-kdd intrusion detection data set (March 2009), http://iscx.ca/NSL-KDD/
Kdd cup’99 intrusion detection data set (October 2007), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Aziz, A.S.A., Hassanien, A.E., Hanafy, S.E.O., Tolba, M.F.: Multi-layer hybrid machine learning techniques for anomalies detection and classification approach. In: 13th International Conference on Hybrid Intelligent Systems (HIS), pp. 216–221. IEEE (2013)
Abdel-Aziz, A.S., Hassanien, A.E., Azar, A.T., Hanafi, S.E.-O.: Machine learning techniques for anomalies detection and classification. In: Awad, A.I., Hassanien, A.E., Baba, K. (eds.) SecNet 2013. CCIS, vol. 381, pp. 219–229. Springer, Heidelberg (2013)
Java agent development framework (December 2013), http://jade.tilab.com
Bellifemine, F., Poggi, A., Rimassa, G.: Developing multi-agent systems with a fipa-compliant agent framework. Software-Practice and Experience (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Aziz, A.S.A., Hanafi, S.EO., Hassanien, A.E. (2014). Multi-agent Artificial Immune System for Network Intrusion Detection and Classification. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-07995-0_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07994-3
Online ISBN: 978-3-319-07995-0
eBook Packages: EngineeringEngineering (R0)