Abstract
The modern society is greatly benefited by the advancement of Internet. The contemporary humanity is significantly profited by the Internet. The ease of access to the Internet have given rise to tremendous security threats. With the emergence of new varieties of attacks, the attack prevention techniques like firewall, data encryption and user authentication are not adequate in making a system completely secure because guaranteed prevention of all kinds of security breaches is impractical. Intrusions pose a serious threat to individuals and organizations in this digital era. An Intrusion Detection System operates as part of a set of system security tools to achieve a defined level of assurance for the protection of information systems. In this work, a novel multistage clustering-based approach is proposed and implemented which addresses the challenge of increasing DR while maintaining a low FAR. The novelty of this work lies in the way of clustering which works in a reverse manner and forms clusters in a more meaningful way and which is applicable for mixed attribute types. In addition, the multiple stages of clustering help in identifying most of the Remote to Local (R2L) attacks. The performance of the proposed method is evaluated on the standard NSL-KDD benchmark dataset and the experimental results yielded 99.52% detection rate (DR), 1.15% false alarm rate and 99.22% classification accuracy. In specific, it deliberates on detecting R2L attacks and has detected 98.73% of such attacks.
Data Availability
The datasets analysed during the current study are available in https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD/ and also in the KAGGLE repository, https://www.kaggle.com/hassan06/nslkdd.
References
Yeung D. Y., Chow C. (2002). “Parzen-window network intrusion detectors”, In: Object recognition supported by user interaction for service robots, IEEE, vol. 4, pp. 385–388
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176.
Ahmad I., Abdullah A. B., Alghamdi A. S., (2010). “Remote to Local attack detection using supervised neural network”, In IEEE International Conference for Internet Technology and Secured Transactions, pp. 1–6.
Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 2, 222–232.
Lazarevic A., Ertoz L., Kumar V., Ozgur A., Srivastava J. (2003). “A comparative study of anomaly detection schemes in network intrusion detection”, In Proceedings of the 2003 SIAM international conference on data mining, Society for Industrial and Applied Mathematics, pp. 25–36.
Tavallaee, M., Stakhanova, N., & Ghorbani, A. A. (2010). “Toward credible evaluation of anomaly-based intrusion-detection methods.” IEEE Transactions on Systems, Man and Cybernetics Part C (Applications and Reviews), 40(5), 516–524.
Gogoi, P., Borah, B., & Bhattacharyya, D. K. (2010). Anomaly detection analysis of intrusion data using supervised & unsupervised approach. Journal of Convergence Information Technology, 5(1), 95–110.
Bhuyan M. H., Bhattacharyya D. K., Kalita J. K. (2011). “NADO: Network anomaly detection using outlier approach”, In Proceedings of the International Conference on Communication, Computing & Security, ACM, pp. 531–536, 2011.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1), 303–336.
Nalini, M., & Anbu, S. (2014). Anomaly detection via eliminating data redundancy and rectifying data error in uncertain data streams. International Journal of Applied Engineering Research, 9(24), 30795–30812.
Nalini M., Priyadarsini U. (2019). “To improve the performance of wireless networks for resizing the buffer”, In Proceedings of the 1st International Conference on Innovations in Information and Communication Technology, pp. 1–5, IEEE, 2019.
Nalini, M., & Chakram, A. (2019). “Digital risk management for data attacks against state evaluation.” International Journal of Innovative Technology and Exploring Engineering, 8, 197–201.
Lee W., Stolfo S. (1998). “Data mining approaches for intrusion detection”, In Proceedings of USENIX Security, pp. 79–93.
Boudia, M. A., Hamou, R. M., & Amine, A. (2017). A new meta-heuristics for intrusion detection system inspired from the protection system of social bees. International Journal of Information Security and Privacy (IJISP), 11(1), 18–34.
Arul R., Moorthy R. S., Bashir A. K., (2019) “Ensemble learning mechanisms for threat detection: A Survey”, In Machine Learning and Cognitive Science Applications in Cyber Security, IGI Global, pp. 240–281.
Blazquez-Gracia A., Conde A., Mori U., Lozano J. A. “A review on outlier/anomaly detection in time series data” arXiv preprint arXiv:2002.04236 (2020).
De la Hoz, E., De la Hoz, E., Ortiz, A., Ortega, J., & Prie, B. (2015). PCA filtering and probabilistic SOM for network anomaly detection. Neurocomputing, 164, 71–81.
Mohamad Tahir H., Hasan W., Md Said A., Zakaria N. H., Katuk N., Kabir N. F., Omar M. H., Ghazali O., & Yahaya N. I., (2015). “Hybrid machine learning technique for intrusion detection system”, In Proc. ICOCI, pp. 464–472.
Singh, R., Kumar, H., & Singla, R. K. (2015). An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Systems with Applications, 42(22), 8609–8624.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2016). A multi-step outlier-based anomaly detection approach to network-wide traffic. Information Science, 348, 243–271.
Bamakan, S. M. H., Wang, H., Yingjie, T., & Shi, Y. (2016). An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing, 199, 90–102.
Enache A. C., Sgarciu V., (2015) “Anomaly intrusions detection based on support vector machines with an improved bat algorithm”, In Proc. CSCS, pp. 317–321.
Hassan, D. (2017). Cost-sensitive access control for detecting remote to local (R2L) and user to root (U2R) attacks. International Journal of Computer Trends and Technology (IJCTT), 43(2), 124–129.
Paliwal, S., & Gupta, R. (2012). Denial-of-service, probing & remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications, 60(19), 57–62.
Revathi, S., & Malathi, A. (2014). Effective analysis on remote to user (R2L) attacks using random forest algorithm. International Journal of Engineering Sciences & Research Technology, 3(5), 317–319.
Jeya, P. G., Ravichandran, M., & Ravichandran, C. S. (2012). Efficient classifier for R2L and U2R attacks. International Journal of Computer Applications, 45(21), 28–32.
Nguyen V.Q., Nguyen V. H., Le-Khac N. A., Cao V. L., (2020) “Clustering-Based Deep Autoencoders for Network Anomaly Detection”, in International Conference on Future Data and Security Engineering, pp. 290–303, Springer, Cham.
Pu, G., Wang, L., Shen, J., & Dong, F. (2020). A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology, 26(2), 146–153.
Li, M., Kashef, R., & Ibrahim, A. (2020). Multi-level clustering-based outlier’s detection (MCOD) using self-organizing maps. Big Data and Cognitive Computing, 4(4), 24.
Elmogy, A., Rizk, H., & Sarhan, A. M. (2021). OFCOD: On the fly clustering based outlier detection framework. Data, 6(1), 1–20.
Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152–160.
Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507.
Mohammed, B., & Gbashi, E. K. (2021). Intrusion detection system for NSL-KDD dataset based on deep learning and recursive feature eimination. Engineering and Technology Journal, 39(7), 1069–1079.
Manimurugan, S., Majdi, A. Q., Mohammed, M., Narmatha, C., & Varatharajan, R. (2020). Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system. Microprocessors and Microsystems, 79, 103261.
Gogoi, P., Bhattacharyya, D. K., Borah, B., & Kalita, J. K. (2011). A survey of outlier detection methods in network anomaly identification. The Computer Journal, 54(4), 570–588.
Beulah, J. R., & Punithavathani, D. S. (2015). Outlier detection methods for identifying network intrusions—A survey. International Journal of Applied Engineering Research, 10(19), 40488–40496.
Hassani M., Seidl T., (2011) “Network intrusion detection using a secure ranking of hidden outliers”, In Proceedings of the Seventh International Computing Conference in Arabic, pp. 1–10.
NSL-KDD Dataset [Online] Available: https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD/
Hasan, M. A. M., Nasser, M., Ahmad, S., & Molla, K. I. (2016). Feature selection for intrusion detection using random forest. Journal of Information Security, 7(3), 129–140.
Beulah, J. R., & Punithavathani, D. S. (2018). A hybrid feature selection method for improved detection of wired/wireless network intrusions. Wireless Personal Communications, 98(2), 1853–1869.
Hall M.A. (1999) “Correlation-based feature selection for machine learning” Ph.D. dissertation, Dept. of Computer Science, The University of Waikato, Hamilton.
Le Cessie, S., & Van Houwelingen, J. C. (1992). Ridge estimators in logistic regression. Applied Statistics, 41(1), 191–201.
Aha, D. W., Kibler, D., & Albert, M. K. (1991). Instance-based learning algorithms. Machine Learning, 6(1), 37–66.
Kohavi R. (1996) “Scaling up the accuracy of naïve-Bayes classifiers: A decision tree hybrid”, In Proc. International Conference on KDD, pp. 202–207.
Beulah, J. R., & Shalini Punithavathani, D. S. (2020). An efficient mixed attribute outlier detection method for identifying network intrusions. International Journal of Information Security and Privacy (IJISP), 14(3), 115–133.
Kemiche M., Beghdad R. (2014). “CAC-UA: A communicating ant for clustering to detect unknown attacks”, In Proceedings of Science and Information Conference, IEEE, pp. 515–522,
Funding
The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and design. Material preparation, data collection and analysis were performed by JRB, MN, DSI and DSP. All authors read and approved the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Beulah, J.R., Nalini, M., Irene, D.S. et al. Enhancing Detection of R2L Attacks by Multistage Clustering Based Outlier Detection. Wireless Pers Commun 124, 2637–2659 (2022). https://doi.org/10.1007/s11277-022-09482-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-022-09482-8