Skip to main content
SpringerLink
Log in

Modified parallel random forest for intrusion detection systems

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Intrusion detection system (IDS) is one of the important elements for providing the security in networks. Increasing the number of network-based applications on the one hand and increasing the data volumes on the other hand forced the designers to conduct some research on the novel methods for improving network security. One of the recent efforts to improve IDS performance is developing the machine learning algorithms. Random forest is one of the powerful algorithms employed in data mining. It operates based on classifier fusion principles and is implemented as detection engine in some anomaly-based IDSs. In this paper, we present a novel parallel random forest algorithm for intrusion detection systems. The original random forest algorithm has some weaknesses in feature selection, selecting efficient numbers of classifiers, number of random features for training and also in combination steps. In this research we investigate aforementioned challenges and propose solutions for them. The simulation results show the superiority of our method regarding performance, scalability and cost of misclassified samples in our method in comparison with the original random forest algorithm and Hadoop-based version of the random forest.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Technical report

  2. Computer Emergency Response Team. http://www.cert.org/

  3. Thomason S (2012) Improving network security: next generation firewalls and advanced packet inspection devices. GJCST-E: Network, Web & Security 12(13)

  4. Mairh A, Barik D, Verma K, Jena D (2011) Honeypot in network security: a survey. In: Proceedings of the 2011 international conference on communication, computing & security, pp 600–605

  5. Bace R, Mell P (2001) NIST special publication on intrusion detection systems. DTIC document

  6. Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57

    Article  Google Scholar 

  7. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28

    Article  Google Scholar 

  8. Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput Secur 29:124–140

    Article  Google Scholar 

  9. Tumeo A, Villa O, Chavarria-Miranda DG (2012) Aho–Corasick string matching on shared and distributed-memory parallel architectures. IEEE Trans Parall Distrib Syst 23:436–443

    Article  Google Scholar 

  10. Illinois Computer Science Course: Network Security. http://web.engr.illinois.edu/~caesar/courses/CS598.S13/

  11. SNORT. http://www.snort.com

  12. Al-Mamory SO, Zhang H (2007) A survey on IDS alerts processing techniques. In: Proceeding of the 6th WSEAS international conference on information security and privacy (ISP’07), Spain, pp 69–78

  13. Devaraju S, Ramakrishnan S (2013) Detection of accuracy for intrusion detection system using neural network classifier. Int J Emerg Technol Adv Eng 3(1):338–345

    Google Scholar 

  14. Hofmann A, Schmitz C, Sick B (2003) Rule extraction from neural networks for intrusion detection in computer networks. In: IEEE international conference on systems, man and cybernetics, pp 1259–1265

  15. Zhang C, Jiang J, Kamel M (2003) Comparison of BPL and RBF network in intrusion detection system. In: Rough sets, fuzzy sets, data mining, and granular computing. Springer, Berlin, pp 466-470

  16. Mukkamala S, Sung AH (2003) A comparative study of techniques for intrusion detection. In: 15th IEEE international conference on tools with artificial intelligence. Proceedings, pp 570–577

  17. Chan A, Ng WW, Yeung DS, Tsang EC (2005) Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN. In: Proceedings of 2005 international conference on machine learning and cybernetics, pp 3846–3851

  18. Cheng E, Jin H, Han Z, Sun J (2005) Network-based anomaly detection using an elman network. In: Networking and mobile computing. Springer, Berlin, pp 471–480

  19. Mitrokotsa A, Douligeris C (2005) Detecting denial of service attacks using emergent self-organizing maps. In: Proceedings of the fifth IEEE international symposium on signal processing and information technology, pp 375–380

  20. Mitrokotsa A, Komninos N, Douligeris C (2008) Towards an effective intrusion response engine combined with intrusion detection in ad hoc networks. arXiv:0807.2053

  21. Amini M, Jalili R, Shahriari HR (2006) RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput Secur 25:459–468

    Article  Google Scholar 

  22. Dastanpour A, Ibrahim S, Mashinchi R (2014) Using genetic algorithm to supporting artificial neural network for intrusion detection system. In: The international conference on computer security and digital investigation (ComSec2014), pp 1–13

  23. Tillapart P, Thumthawatworn T, Santiprabhob P (2002) Fuzzy intrusion detection system. AU JT 6:109–114

    Google Scholar 

  24. Chavan S, Shah K, Dave N, Mukherjee S, Abraham A, Sanyal S (2004) Adaptive neuro-fuzzy intrusion detection systems. In: Information technology: coding and computing, 2004. International conference on proceedings. ITCC 2004, pp 70–74

  25. Su M-Y, Yu G-J, Lin C-Y (2009) A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Comput Secur 28:301–309

    Article  Google Scholar 

  26. Panigrah A, Patra MR (2014) Enhancing the capability of IDS using fuzzy rough classifier with genetic search feature reduction. Trans Netw Commun 2:01–13

    Article  Google Scholar 

  27. Abadi M, Jalili S (2006) An ant colony optimization algorithm for network vulnerability analysis. Iran J Electric Electron Eng 2:106–120

    Google Scholar 

  28. Lianying Z, Fengyu L (2006) A swarm-intelligence-based intrusion detection technique. IJCSNS Int J Comput Sci Netw Secur 6:146e50

    Google Scholar 

  29. He J, Long D (2007) An improved ant-based classifier for intrusion detection. In: Third international conference on natural computation, 2007. ICNC 2007, pp 819–823

  30. Chang Z, Wei-ping W (2009) An improved PSO-based rule extraction algorithm for intrusion detection. In: International conference on computational intelligence and natural computing, 2009. CINC’09, pp 56–58

  31. Rajeswari LP, Kannan A, Baskaran R (2008) An escalated approach to ant colony clustering algorithm for intrusion detection system. In: Distributed computing and networking. Springer, Berlin, pp 393–400

  32. Guolong C, Qingliang C, Wenzhong G (2007) A PSO-based approach to rule learning in network intrusion detection. In: Fuzzy information and engineering. Springer, Berlin, pp 666–673

  33. Gong RH, Zulkernine M, Abolmaesumi P (2005) A software implementation of a genetic algorithm based approach to network intrusion detection. In: Sixth international conference on software engineering, artificial intelligence, networking and parallel/distributed computing, 2005 and first ACIS international workshop on self-assembling wireless networks. SNPD/SAWN 2005, pp 246–253

  34. Guerrero GD, Cecilia JM, Llanes A, García JM, Amos M, Ujaldón M (2014) Comparative evaluation of platforms for parallel ant colony optimization. J Supercomput 69:318–329

    Article  Google Scholar 

  35. Aickelin U, Dasgupta D, Gu F (2014) Artificial immune systems. In: Search methodologies. Springer, Berlin, pp 187–211

  36. Li L, Yang D-Z, Shen F-C (2010) A novel rule-based intrusion detection system using data mining. In: 2010 3rd IEEE international conference on computer science and information technology (ICCSIT), pp 169–172

  37. Li Y, Guo L (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection. Comput Secur 26:459–467

    Article  Google Scholar 

  38. Chen W-H, Hsu S-H, Shen H-P (2005) Application of SVM and ANN for intrusion detection. Comput Oper Res 32:2617–2634

    Article  MATH  Google Scholar 

  39. Horng S-J, Su M-Y, Chen Y-H, Kao T-W, Chen R-J, Lai J-L et al (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Exp Syst Appl 38:306–313

    Article  Google Scholar 

  40. He J, Zheng S-H (2014) Intrusion detection model with twin support vector machines. J Shanghai Jiaotong Univ Sci 19:448–454

    Article  Google Scholar 

  41. Scott SL (2004) A Bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45:69–83

    Article  MathSciNet  MATH  Google Scholar 

  42. Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Recent advances in intrusion detection, pp 203–222

  43. Fan W, Miller M, Stolfo S, Lee W, Chan P (2004) Using artificial anomalies to detect unknown and known network intrusions. Knowl Inf Syst 6:507–527

    Article  Google Scholar 

  44. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Exp Syst Appl 29:713–722

    Article  Google Scholar 

  45. Wang Y, Kim I, Mbateng G, Ho S-Y (2006) A latent class modeling approach to detect network intrusion. Comput Commun 30:93–100

    Article  Google Scholar 

  46. Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybernet Part C Appl Rev 38:649–659

    Article  Google Scholar 

  47. Yasser Y, Saadat P (2010) MA novel unsupervised classification approach for network anomaly detection by k-means cluster-ing and ID3decision tree learning methods. J Supercomput 53:231–245

    Article  Google Scholar 

  48. Lin W-C, Ke S-W, Tsai C-F (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl Based Syst 78:13–21

    Article  Google Scholar 

  49. Ma J, Liu X, Liu S (2008) A new intrusion detection method based on BPSO-SVM. In: International symposium on computational intelligence and design, 2008. ISCID’08, pp 473–477

  50. Abadeh MS, Habibi J, Soroush E (2008) Induction of fuzzy classification systems via evolutionary ACO-based algorithms. Computer 35:37

    Google Scholar 

  51. Alipour H, Asl EK, Esmaeili M, Nourhosseini M (2008) ACO-FCR: applying ACO-based algorithms to induct FCR. In: Proceedings of the world congress on engineering

  52. Srinoy S (2007) Intrusion detection model based on particle swarm optimization and support vector machine. In: IEEE symposium on computational intelligence in security and defense applications, 2007. CISDA 2007, pp 186–192

  53. Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30:114–132

    Article  Google Scholar 

  54. Stein G, Chen B, Wu AS, Hua KA (2005) Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd annual southeast regional conference, vol 2, pp 136–141

  55. Hoang XD, Hu J, Bertok P (2009) A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference. J Netw Comput Appl 32:1219–1228

    Article  Google Scholar 

  56. Katar C (2006) Combining multiple techniques for intrusion detection. Int J Comput Sci Netw Secur 6:208–218

    Google Scholar 

  57. Chandrashekhar A, Raghuveer K (2014) Amalgamation of K-means clustering algorithm with standard MLP and SVM based neural networks to implement network intrusion detection system. In: Advanced computing, networking and informatics, vol 2. Springer, Berlin, pp 273–283

  58. Masarat S, Taheri H, Sharifian S (2014) A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems. In: 2014 4th international conference on computer and knowledge engineering (ICCKE), pp 165–170

  59. Cho J, Shon T, Choi K, Moon J (2013) Dynamic learning model update of hybrid-classifiers for intrusion detection. J Supercomput 64:522–526

    Article  Google Scholar 

  60. Wang L, Tao J, Ranjan R, Marten H, Streit A, Chen J et al (2013) G-hadoop: mapreduce across distributed data centers for data-intensive computing. Future Gener Comput Syst 29:739–750

    Article  Google Scholar 

  61. Breiman L (2001) Random forests. Mach Learn 45:5–32

    Article  MATH  Google Scholar 

  62. Gislason PO, Benediktsson JA, Sveinsson JR (2006) Random forests for land cover classification. Pattern Recognit Lett 27:294–300

    Article  Google Scholar 

  63. Woźniak M, Graña M, Corchado E (2014) A survey of multiple classifier systems as hybrid systems. Inf Fus 16:3–17

    Article  Google Scholar 

  64. KDDCup dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  65. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newslett 11:10–18

    Article  Google Scholar 

  66. Holtz MD, David BM, de Sousa Júnior RT (2011) Building scalable distributed intrusion detection systems based on the mapreduce framework. Revista Telecommun 13(2):22

  67. Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30:2201–2212

    Article  Google Scholar 

  68. Nguyen HA, Choi D (2008) Application of data mining to network intrusion detection: classifier selection model. In: Challenges for next generation network operations and service management. Springer, Berlin, pp 399–408

  69. Levin I (2000) KDD-99 classifier learning contest: LLSoft’s results overview. SIGKDD Explor 1:67–75

    Article  Google Scholar 

  70. Abraham A, Grosan C, Martin-Vide C (2007) Evolutionary design of intrusion detection programs. IJ Netw Secur 4:328–339

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Switching and Network Lab, Amirkabir University of Technology (Tehran Polytechnic), 15914, Tehran, Iran

    Saman Masarat

  2. Department of Electrical and Electronic, Amirkabir University of Technology (Tehran Polytechnic), 15914, Tehran, Iran

    Saeed Sharifian & Hassan Taheri

Authors
  1. Saman Masarat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saeed Sharifian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hassan Taheri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saeed Sharifian.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Masarat, S., Sharifian, S. & Taheri, H. Modified parallel random forest for intrusion detection systems. J Supercomput 72, 2235–2258 (2016). https://doi.org/10.1007/s11227-016-1727-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1727-6

Keywords

Search

Navigation