Skip to main content
SpringerLink
Log in

Enhancing Detection of R2L Attacks by Multistage Clustering Based Outlier Detection

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The modern society is greatly benefited by the advancement of Internet. The contemporary humanity is significantly profited by the Internet. The ease of access to the Internet have given rise to tremendous security threats. With the emergence of new varieties of attacks, the attack prevention techniques like firewall, data encryption and user authentication are not adequate in making a system completely secure because guaranteed prevention of all kinds of security breaches is impractical. Intrusions pose a serious threat to individuals and organizations in this digital era. An Intrusion Detection System operates as part of a set of system security tools to achieve a defined level of assurance for the protection of information systems. In this work, a novel multistage clustering-based approach is proposed and implemented which addresses the challenge of increasing DR while maintaining a low FAR. The novelty of this work lies in the way of clustering which works in a reverse manner and forms clusters in a more meaningful way and which is applicable for mixed attribute types. In addition, the multiple stages of clustering help in identifying most of the Remote to Local (R2L) attacks. The performance of the proposed method is evaluated on the standard NSL-KDD benchmark dataset and the experimental results yielded 99.52% detection rate (DR), 1.15% false alarm rate and 99.22% classification accuracy. In specific, it deliberates on detecting R2L attacks and has detected 98.73% of such attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Data Availability

The datasets analysed during the current study are available in https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD/ and also in the KAGGLE repository, https://www.kaggle.com/hassan06/nslkdd.

References

  1. Yeung D. Y., Chow C. (2002). “Parzen-window network intrusion detectors”, In: Object recognition supported by user interaction for service robots, IEEE, vol. 4, pp. 385–388

  2. Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176.

    Article  Google Scholar 

  3. Ahmad I., Abdullah A. B., Alghamdi A. S., (2010). “Remote to Local attack detection using supervised neural network”, In IEEE International Conference for Internet Technology and Secured Transactions, pp. 1–6.

  4. Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 2, 222–232.

    Article  Google Scholar 

  5. Lazarevic A., Ertoz L., Kumar V., Ozgur A., Srivastava J. (2003). “A comparative study of anomaly detection schemes in network intrusion detection”, In Proceedings of the 2003 SIAM international conference on data mining, Society for Industrial and Applied Mathematics, pp. 25–36.

  6. Tavallaee, M., Stakhanova, N., & Ghorbani, A. A. (2010). “Toward credible evaluation of anomaly-based intrusion-detection methods.” IEEE Transactions on Systems, Man and Cybernetics Part C (Applications and Reviews), 40(5), 516–524.

    Article  Google Scholar 

  7. Gogoi, P., Borah, B., & Bhattacharyya, D. K. (2010). Anomaly detection analysis of intrusion data using supervised & unsupervised approach. Journal of Convergence Information Technology, 5(1), 95–110.

    Article  Google Scholar 

  8. Bhuyan M. H., Bhattacharyya D. K., Kalita J. K. (2011). “NADO: Network anomaly detection using outlier approach”, In Proceedings of the International Conference on Communication, Computing & Security, ACM, pp. 531–536, 2011.

  9. Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1), 303–336.

    Article  Google Scholar 

  10. Nalini, M., & Anbu, S. (2014). Anomaly detection via eliminating data redundancy and rectifying data error in uncertain data streams. International Journal of Applied Engineering Research, 9(24), 30795–30812.

    Google Scholar 

  11. Nalini M., Priyadarsini U. (2019). “To improve the performance of wireless networks for resizing the buffer”, In Proceedings of the 1st International Conference on Innovations in Information and Communication Technology, pp. 1–5, IEEE, 2019.

  12. Nalini, M., & Chakram, A. (2019). “Digital risk management for data attacks against state evaluation.” International Journal of Innovative Technology and Exploring Engineering, 8, 197–201.

    Google Scholar 

  13. Lee W., Stolfo S. (1998). “Data mining approaches for intrusion detection”, In Proceedings of USENIX Security, pp. 79–93.

  14. Boudia, M. A., Hamou, R. M., & Amine, A. (2017). A new meta-heuristics for intrusion detection system inspired from the protection system of social bees. International Journal of Information Security and Privacy (IJISP), 11(1), 18–34.

    Article  Google Scholar 

  15. Arul R., Moorthy R. S., Bashir A. K., (2019) “Ensemble learning mechanisms for threat detection: A Survey”, In Machine Learning and Cognitive Science Applications in Cyber Security, IGI Global, pp. 240–281.

  16. Blazquez-Gracia A., Conde A., Mori U., Lozano J. A. “A review on outlier/anomaly detection in time series data” arXiv preprint arXiv:2002.04236 (2020).

  17. De la Hoz, E., De la Hoz, E., Ortiz, A., Ortega, J., & Prie, B. (2015). PCA filtering and probabilistic SOM for network anomaly detection. Neurocomputing, 164, 71–81.

    Article  Google Scholar 

  18. Mohamad Tahir H., Hasan W., Md Said A., Zakaria N. H., Katuk N., Kabir N. F., Omar M. H., Ghazali O., & Yahaya N. I., (2015). “Hybrid machine learning technique for intrusion detection system”, In Proc. ICOCI, pp. 464–472.

  19. Singh, R., Kumar, H., & Singla, R. K. (2015). An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Systems with Applications, 42(22), 8609–8624.

    Article  Google Scholar 

  20. Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2016). A multi-step outlier-based anomaly detection approach to network-wide traffic. Information Science, 348, 243–271.

    Article  Google Scholar 

  21. Bamakan, S. M. H., Wang, H., Yingjie, T., & Shi, Y. (2016). An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing, 199, 90–102.

    Article  Google Scholar 

  22. Enache A. C., Sgarciu V., (2015) “Anomaly intrusions detection based on support vector machines with an improved bat algorithm”, In Proc. CSCS, pp. 317–321.

  23. Hassan, D. (2017). Cost-sensitive access control for detecting remote to local (R2L) and user to root (U2R) attacks. International Journal of Computer Trends and Technology (IJCTT), 43(2), 124–129.

    Article  Google Scholar 

  24. Paliwal, S., & Gupta, R. (2012). Denial-of-service, probing & remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications, 60(19), 57–62.

    Google Scholar 

  25. Revathi, S., & Malathi, A. (2014). Effective analysis on remote to user (R2L) attacks using random forest algorithm. International Journal of Engineering Sciences & Research Technology, 3(5), 317–319.

    Google Scholar 

  26. Jeya, P. G., Ravichandran, M., & Ravichandran, C. S. (2012). Efficient classifier for R2L and U2R attacks. International Journal of Computer Applications, 45(21), 28–32.

    Google Scholar 

  27. Nguyen V.Q., Nguyen V. H., Le-Khac N. A., Cao V. L., (2020) “Clustering-Based Deep Autoencoders for Network Anomaly Detection”, in International Conference on Future Data and Security Engineering, pp. 290–303, Springer, Cham.

  28. Pu, G., Wang, L., Shen, J., & Dong, F. (2020). A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology, 26(2), 146–153.

    Article  Google Scholar 

  29. Li, M., Kashef, R., & Ibrahim, A. (2020). Multi-level clustering-based outlier’s detection (MCOD) using self-organizing maps. Big Data and Cognitive Computing, 4(4), 24.

    Article  Google Scholar 

  30. Elmogy, A., Rizk, H., & Sarhan, A. M. (2021). OFCOD: On the fly clustering based outlier detection framework. Data, 6(1), 1–20.

    Article  Google Scholar 

  31. Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152–160.

    Article  Google Scholar 

  32. Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507.

    Article  Google Scholar 

  33. Mohammed, B., & Gbashi, E. K. (2021). Intrusion detection system for NSL-KDD dataset based on deep learning and recursive feature eimination. Engineering and Technology Journal, 39(7), 1069–1079.

    Article  Google Scholar 

  34. Manimurugan, S., Majdi, A. Q., Mohammed, M., Narmatha, C., & Varatharajan, R. (2020). Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system. Microprocessors and Microsystems, 79, 103261.

    Article  Google Scholar 

  35. Gogoi, P., Bhattacharyya, D. K., Borah, B., & Kalita, J. K. (2011). A survey of outlier detection methods in network anomaly identification. The Computer Journal, 54(4), 570–588.

    Article  Google Scholar 

  36. Beulah, J. R., & Punithavathani, D. S. (2015). Outlier detection methods for identifying network intrusions—A survey. International Journal of Applied Engineering Research, 10(19), 40488–40496.

    Google Scholar 

  37. Hassani M., Seidl T., (2011) “Network intrusion detection using a secure ranking of hidden outliers”, In Proceedings of the Seventh International Computing Conference in Arabic, pp. 1–10.

  38. NSL-KDD Dataset [Online] Available: https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD/

  39. Hasan, M. A. M., Nasser, M., Ahmad, S., & Molla, K. I. (2016). Feature selection for intrusion detection using random forest. Journal of Information Security, 7(3), 129–140.

    Article  Google Scholar 

  40. Beulah, J. R., & Punithavathani, D. S. (2018). A hybrid feature selection method for improved detection of wired/wireless network intrusions. Wireless Personal Communications, 98(2), 1853–1869.

    Article  Google Scholar 

  41. Hall M.A. (1999) “Correlation-based feature selection for machine learning” Ph.D. dissertation, Dept. of Computer Science, The University of Waikato, Hamilton.

  42. Le Cessie, S., & Van Houwelingen, J. C. (1992). Ridge estimators in logistic regression. Applied Statistics, 41(1), 191–201.

    Article  Google Scholar 

  43. Aha, D. W., Kibler, D., & Albert, M. K. (1991). Instance-based learning algorithms. Machine Learning, 6(1), 37–66.

    Google Scholar 

  44. Kohavi R. (1996) “Scaling up the accuracy of naïve-Bayes classifiers: A decision tree hybrid”, In Proc. International Conference on KDD, pp. 202–207.

  45. Beulah, J. R., & Shalini Punithavathani, D. S. (2020). An efficient mixed attribute outlier detection method for identifying network intrusions. International Journal of Information Security and Privacy (IJISP), 14(3), 115–133.

    Article  Google Scholar 

  46. Kemiche M., Beghdad R. (2014). “CAC-UA: A communicating ant for clustering to detect unknown attacks”, In Proceedings of Science and Information Conference, IEEE, pp. 515–522,

Download references

Funding

The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computing Technologies, College of Engineering and Technology, Faculty of Engineering and Technology, SRM Institute of Science and Technology, Kattankulathur, Chennai, Tamilnadu, India

    J. Rene Beulah & D. Shiny Irene

  2. Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India

    M. Nalini

  3. Department of Computer Science and Engineering, Government College of Engineering, Tirunelveli, India

    D. Shalini Punithavathani

Authors
  1. J. Rene Beulah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Nalini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. D. Shiny Irene
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. D. Shalini Punithavathani
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and design. Material preparation, data collection and analysis were performed by JRB, MN, DSI and DSP. All authors read and approved the manuscript.

Corresponding author

Correspondence to J. Rene Beulah.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Beulah, J.R., Nalini, M., Irene, D.S. et al. Enhancing Detection of R2L Attacks by Multistage Clustering Based Outlier Detection. Wireless Pers Commun 124, 2637–2659 (2022). https://doi.org/10.1007/s11277-022-09482-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-022-09482-8

Keywords

Search

Navigation