Abstract
Artificial intelligence and machine learning are in widespread use nowadays in order to develop automatic and precise models for different tasks especially in the Internet. In this paper, by the use of machine learning techniques, an intrusion detection system is proposed. An intrusion detection system is involved extensive mass of data; such data is naturally characterized with repetitions and noise which leads to the reduction in the stability and the accuracy of the intrusion detection system. Hence, the issue of reducing features dimensions for achieving a smaller subset of features which can precisely express the results and status of network observations has attracted a lot of researchers’ attention. In the proposed method, by using gradually feature removal method, 16 critical features were selected for representing various network visits. By combining ant colony algorithm and ensemble of decision trees, we proposed an efficient and stable classifier for judging a network visit to be normal or not. Despite the selection of 16 features, high accuracy, i.e. 99.92%, and the average value of Matthews correlation coefficient 0.91 are obtained.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes—class wise for intrusion detection. Procedia Comput Sci 57:842–851
Alamiedy TA, Anbar M, Alqattan ZNM, Alzubi QM (2019) Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm. J Ambient Intell Humaniz Comput 2019:1–22
Aloqaily M, Otoum S, Ridhawi I, Jararweh Y (2019) An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw 90:101842
Alrawashdeh K, Purdy C (2016) Toward an online anomaly intrusion detection system based on deep learning. In: 15th IEEE international conference on machine learning and applications (ICMLA), IEEE, Anaheim, CA, USA, pp 195–200. https://doi.org/10.1109/ICMLA.2016.0040
Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303
Amor N, Benferhat S, Elouedi Z (2004) Naive bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM symposium on applied computing, ACM, Nicosia, Cyprus, pp 420–424. https://doi.org/10.1145/967900.967989
Aslam JA, Popa RA, Rivest RL (2007) On estimating the size and confidence of a statistical audit. In: Proceedings of the USENIX workshop on accurate electronic voting technology, USENIX Association, Boston, MA, p 8–8
Besharati E, Naderan M, Namjoo E (2019) LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J Ambient Intell Humaniz Comput 10(9):3669–3692
Breiman L, Friedman J, Olshen R, Stone C (1984) Classification and regression trees. Chapman and Hall, Wadsworth
Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24:295–307
Chimphlee W, Abdullah AH, Sap MNM, Srinoy S, Chimphlee S (2006) Anomaly-based intrusion detection using fuzzy rough clustering. In: International conference on hybrid information technology, IEEE, Cheju Island, South Korea, pp 329–334. https://doi.org/10.1109/ICHIT.2006.253508
Dada EG (2017) A hybridized SVM-kNN-pdAPSO approach to intrusion detection system. Fac Semin Ser Univ Maid 8:48–54
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13:222–232
Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29:713–722
Dorigo M, Maniezzo V, Colorni A (1991) The ant system: An autocatalytic optimizing process. Technical Report No. 91-016, Politecnico di Milano, Italy, pp 1–21
Elhag S, Fernández A, Altalhi A, AlshomraniS Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23:1321
Fleuret F (2004) Fast binary feature selection with conditional mutual information. J Mach Learn Res 5:1531–1555
Freund Y, Schapire RE (1997) A decision-theoretic generalization of on-line learning and an application to boosting. J Comput Syst Sci 55:119–139
Hoque MS, Mukit MA, Bikas MAN, Sazzadul Hoque M (2012) An implementation of intrusion detection system using genetic algorithm. Int J Netw Secur Appl 4:109–120
Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324
Horng SJ, Su M-Y, Chen YH, Kao TK, Chen RJ, Lai JL, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38:306–313
Jo S, Sung H, Ahn B (2015) A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J Korea Soc Digit Ind Inf Manag 11:33–45
Joseph JFC, Das A, Lee B-S, Seet B-C (2010) CARRADS: cross layer based adaptive real-time routing attack detection system for MANETS. Comput Netw 54:1126–1141
Karimi Z, Harounabadi A (2013) Feature ranking in intrusion detection dataset using combination of filtering methods. Int J Comput Appl 78:21–27
Kearns M (1988) Thoughts on hypothesis boosting. Unpublished manuscript, Machine Learning class project 45:105
Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J 16:507–521
Kohavi R, John GH (1997) Wrappers for feature subset selection. Artif Intell 97:273–324
Langin C, Rahimi S (2010) Soft computing in intrusion detection: the state of the art. J Ambient Intell Humaniz Comput 1(2):133–145
Li Y, Guo L (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection. Comput Secur 26:459–467
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430
Lytras M, Raghavan V, Damiani E (2017) Big data and data analytics research: from metaphores to value space for collective wisdom in human decision making and smart machines. Int J Semant Web Inf Syst 13(1):1–10
Lytras M, Visvizi A, Sarirete A (2019) Clustering smart city services: perceptions, expectations responses. Sustainability 11(6):1–19
Mukherjee S, Sharma N (2012) Intrusion detection using Naïve Bayes classifier with feature reduction. Procedia Technol 4:119–128
Mukkamala S, Sung AH (2003) Feature selection for intrusion detection with neural networks and support vector machines. Transp Res Rec 1822(1):33–39
Mukkamala S, Sung AH, Abraham A (2004) Modeling intrusion detection systems using linear genetic programming approach. Innov Appl Artif Intell 1:633–642
Onik AR, Samad T (2017) A network intrusion detection framework based on Bayesian network using wrapper approach. Int J Comput Appl 166:13–17
Park ST, Li G, Hong JC (2018) A study on smart factory-based ambient intelligence context-aware intrusion detection system using machine learning. J Ambient Intell Humaniz Comput 2018:1–8
Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res 2:1848–1854
Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34:2227–2235
Selvakumar K, Karuppiah M, SaiRamesh L, Islam SKH, Hasan MM, Fortino G, Choo KKR (2019) Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs. Inf Sci 497:77–90
Shafi K, Abbass HA (2009) An adaptive genetic-based signature learning system for intrusion detection. Expert Syst Appl 36:12036–12043
Sharifi AM, Amirgholipour SK, Pourebrahimi A (2015) Intrusion detection based on joint of K-means and KNN. J Converg Inf Technol 10:42–51
Sheltami T, Basabaa A, Shakshuki E (2014) A3ACKs: adaptive three acknowledgments intrusion detection system for MANETs. J Ambient Intell Humaniz Comput 5(4):611–620
Sruit M, Lytras M (2018) Applied data science in patient-centric healthcare. Telemat Inf 35(4):643–653
Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recogn 43:222–229
Tsang CH, Kwong S, Wang H (2007) Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recogn 40:2373–2391
Vapnik VN (1998) Statistical learning theory. Adapt Learn Syst Signal Process Commun Control 2:1–740
Wang W, Battiti R (2006) Identifying intrusions in computer networks with principal component analysis. In: Proceedings of first international conference on availability, reliability and security. ARES06, IEEE, Vienna, Austria, pp 271–279. https://doi.org/10.1109/ARES.2006.73
Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37:6225–6232
Xiang C, Yong PC, Meng LS (2008) Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recogn Lett 29:918–924
Xiao L, Liu Y (2009) A two step feature selection algorithm adapting to intrusion detection. In: International joint conference on artificial intelligence, IEEE, Hainan Island, China, pp 618–622. https://doi.org/10.1109/JCAI.2009.214
Zhao G, Zhang C, Zheng L (2017) Intrusion detection using deep belief network and probabilistic neural network. In: IEEE international conference on computational science and engineering (CSE) and IEEE international conference on embedded and ubiquitous computing (EUC), IEEE, Guangzhou, China, pp 639–642. https://doi.org/10.1109/CSE-EUC.2017.119
Acknowledgements
Thank you for all people who helped us with this research and its hard way.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mousavi, S.M., Majidnezhad, V. & Naghipour, A. A new intelligent intrusion detector based on ensemble of decision trees. J Ambient Intell Human Comput 13, 3347–3359 (2022). https://doi.org/10.1007/s12652-019-01596-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01596-5