Abstract
The exponential growth of services in the internet with rapid development of technologies results produces huge growth in the traffic, which maximizes the possibility of increase in attacks by the attackers in the network. Several researchers have developed various techniques to defend these attacks and most of them are machine learning based approaches. The machine learning based techniques relay on features to extract the knowledge from the traffic and the performance is dependent on the characteristics of features extracted at packet level. The increase in the volume of traffic in the networks results deviation of feature characteristics with the diversified behavior. Hence, it is required to defined the traffic characteristics at flow level rather than packet or request, because the flow features are independent to the network behavior and doesn’t not influenced the performance of the detection process. In this paper a set of unique flow features are defined to extract the traffic from the network at flow level and train the system with diversity of the flow characteristics identified using Kolmogorov–Smirnov Test (K–S Test). The diversity of each flow characteristic defines a unique behavior and it is addressed with ensemble classifiers by evaluating the meta-heuristic scale for each attack class and normal flow. The experimentation is carried out on bench mark dataset and analyzed the performance. The proposed model exhibits better detection accuracy and low false alarm rate with low processing time compared to the contemporary models described in the literature.
Similar content being viewed by others
References
Kasim, O.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Comput. Netw. 180, 107390 (2020)
Çakmakçı, S.D., Kemmerich, T., Ahmed, T., Baykal, N.: Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm. J. Netw. Comput. Appl. 168, 102756 (2020)
Kshirsagar, D., Kumar, S.: An efficient feature reduction method for the detection of DoS attack. ICT Express (2021)
Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. Comput. Inf. Sci. 31(4), 541–553 (2019)
Guo, C., Ping, Y., Liu, N., Luo, S.S.: A two level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)
Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41, 1690–1700 (2014)
Qassim, Q.S., Zin, A.M., Aziz, M.J.A.: Anomalies classification approach for network based intrusion detection system. Int. J. Netw. Secur. 18, 1159–1172 (2016)
Hezavehi, S.M., Rahmani, R.: An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments. Cluster Comput. 23, 2609–2627 (2020). https://doi.org/10.1007/s10586-019-03031-y
Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)
Claise, B., Trammell, B., Aitken, P.: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. No. RFC 7011 (2013)
Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of slow DoS attacks to web applications. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 195–204. Springer, Berlin (2012)
Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. http://www.akamai.com/ State of The Internet (2016)
Alkasassbeh, M., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)
Siddiqui, A.J., Boukerche, A.: TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Cluster Comput. 24, 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8
Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on 2015, Canada (pp. 248–254). IEEE.
Umamaheswari, N., Renuga Devi, R.: TPF-IEHO: tuning phantom features on traffic flow network behavioral conditions to detected DDos based on improved elephant herding optimization neural classification. Mater. Today (2021). https://doi.org/10.1016/j.matpr.2020.11.994
David, J., Thomas, C.: Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput. Secur. 82, 284–295 (2019)
Muraleedharan, N., Janet B.: A deep learning based HTTP slow DoS classification approach using flow data. ICT Express (2020)
Srimuang, W., Intarasothonchun, S.: Classification model of network intrusion using Weighted Extreme Learning Machine. In: Computer Science and Software Engineering (JCSSE), 2015 12th International Joint Conference on 2015, Thailand (pp. 190–194). IEEE.
Fossaceca, J.M., Mazzuchi, T.A., Sarkani, S.: MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst. Appl. 42(8), 4062–4080 (2015)
Bhuvaneswari Amma, N.G., Selvakumar, S.: A statistical class center based triangle area vector method for detection of denial of service attacks. Cluster Comput. 24, 393–415 (2021). https://doi.org/10.1007/s10586-020-03120-3
Ghasemi, A., Zahediasl, S.: Normality tests for statistical analysis: a guide for non-statisticians. Int. J. Endocrinol. Metab. 10(2), 486 (2012)
Prasad, K.M., Reddy, A.R.M., Rao, K.V.: BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel. Pers. Commun. 97(1), 281–308 (2017)
Prasad, K.M., Reddy, A.R.M., Rao, K.V.: DEFAD: ensemble classifier for DDOS enabled flood attack defense in distributed network environment. Cluster Comput. 21, 1765–1783 (2018). https://doi.org/10.1007/s10586-018-2808-5
Jain, M., Kaur, G.: Distributed anomaly detection using concept drift detection based hybrid ensemble techniques in streamed network data. Cluster Comput. (2021). https://doi.org/10.1007/s10586-021-03249-9
KDD data set. <http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html> (1999)
Prasad, K.M., Reddy, A.R.M., Rao, K.V.: Ensemble classifiers with drift detection (ECDD) in traffic flow streams to detect DDOS attacks. Wirel. Pers. Commun. 99, 1639–1659 (2018)
Jyothsna, V., Rama Prasad, V.V.: Anomaly based network intrusion detection through assessing Feature Association Impact Scale (FAIS). Int. J. Inf. Comput. Secur. (IJICS) 8, 241–257 (2016)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jyothsna, V., Prasad, K.M., Rajiv, K. et al. Flow based anomaly intrusion detection system using ensemble classifier with Feature Impact Scale. Cluster Comput 24, 2461–2478 (2021). https://doi.org/10.1007/s10586-021-03277-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-021-03277-5