Abstract
The exponential growth in the internet services lead to enormous growth in the network traffic. As the services are increasing the numbers of network attacks are also gradually increasing. From the contemporary literature it is proved that machine learning techniques have gained importance in addressing security issues in networks and these techniques rely on features and its values to extract the knowledge. It is evidenced that phenomenal growth in the volume of transactions leads to deviation in feature values. Hence, it is necessary to consider the associability among the transactions and its feature values. In this paper, a Meta-heuristic association scale is proposed to derive a threshold value for the transaction and further, an ensemble classifier is used to analyse the transaction as normal or attack. Ensemble classifier used in the proposed system is based on drift detection which has the ability to analyze the requests at stream level. The proposed model derives the features from the stream level and uses drift detection to analyze the stream characteristics. The experimental study is carried out on the benchmark data to analyze the statistical parameters accuracy, false alarm rate, positive predictive values. Moreover, the ECMHS is compared with the other benchmark models depicted in contemporary literature.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Adnan M, Abdulazeez B, Adel SI (2011) Intrusion detection and attack classifier based on three techniques, A comparative study. Eng Technol J 29(2):233–254
Akamai (2016) Akamai’s [State of the Internet]/Security Q1/2016 Report. https://www.akamai.com/State of The Internet.
Alkasassbeh M et al (2016) Detecting distributed denial of service attacks using data mining techniques. Int J Adv Comput Sci Appl 7:1
An TK, Kim MH (2010) A new diverse AdaBoost classifier. In: Proceedings of the 2010 International Conference on artificial intelligence and computational intelligence-Volume 01 2010, China (pp 359–363). IEEE Computer Society
Apale S, Kamble RA, Ghodekar M, Nemade H, Waghmode RM (2014) Defense mechanism for Ddos attack through machine learning. Int J Res Eng Technol 03:291–294
Barford P, Plonka D (2001) Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on internet measurement. ACM
Berral JL et al (2008) Adaptive distributed mechanism against flooding network attacks based on machine learning. In: Proceedings of the 1st ACM workshop on Workshop on AISec. ACM
Bhuyan MH, Bhattacharyy DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surveys Tutor 16:303–336
Bivens A et al (2002) Network-based intrusion detection using neural networks. Intell Eng Syst Artif Neural Netw 12(1):579–584
Cambiaso E, Papaleo G, Aiello M (2012) Taxonomy of slow DoS attacks to web applications. In: Recent trends in computer networks and distributed systems security, pp195–204
Claise B, Trammell B, Aitken P(2013) Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. No. RFC 7011
de Assis MVO, Carvalho LF, Rodrigues JJPC, Proença ML Jr (2013) Holt-winters statistical forecasting and ACO metaheuristic for traffic characterization. In: IEEE International Conference on Communications (ICC), pp 2524–2528
Fossaceca JM, Mazzuchi TA, Sarkani S (2015) MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst Appl 42(8):4062–4080
Ghanem TF, Elkilani WS, Abdul-kader HM (2015) A hybrid approach for efficient anomaly detection using meta heuristic methods. J Adv Res 6(4):609–619
Ghasemi A, Zahediasl S (2012) Normality tests for statistical analysis: a guide for non-statisticians. Int J Endocrinol Metab 10(2):486
Gong Y, Mabu S, Chen C, Wang Y, Hirasawa K (2009) Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming. In: ICCAS-SICE
Haddadi F et al (2010) intrusion detection and attack classification using feed-forward neural network. In: Second International Conference on computer and network technology, Minneapolis, MN, USA (pp. 262–266).
Hardoon DR, Szedmak S, Shawe-Taylor J (2004) Canonical correlation analysis: an overview with application to learning methods. Neural Comput 16(12):2639–2664
Huang G-B et al (2012) Extreme learning machine for regression and multiclass classification. IEEE Trans Syst Man Cybern Part B (Cybernetics) 42(2):513–529
Iglesias F, Zseby T (2015) Analysis of network traffic features for anomaly detection. Mach Learn 101(1–3):59–84
Jawale MDR, Bhusari V (2014) Technique to detect and classify attacks in nids using ann. Int J Emerg Res Manag Technol 3(10):75–81
Jyothsna V, Rama Prasad VV (2016) nomaly based Network Intrusion Detection through assessing Feature Association Impact Scale (FAIS). Indersci Int J Inf Comput Secur (IJICS) 8:241–257
Kalliola A, Lee K, Lee H, Aura T (2015) Flooding DDoS mitigation and traffic management with software defined networking. In: Cloud Networking (CloudNet), 2015 IEEE 4th International Conference, Canada (pp. 248–254). IEEE
Karimazad R, Faraahi A (2011) An anomaly-based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on network and electronics engineering, Singapore (pp. 16–18)
KDD data set (1999) <https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html>.
Kolandaisamy R, Noor RM, Kolandaisamy I et al (2020) A stream position performance analysis model based on DDoS attack detection for cluster-based routing in VANET. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02279-2
Kumar PAR, Selvakumar S (2013) Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Comput Commun 36(3):303–319
Lu K et al (2007) Robust and efficient detection of DDoS attacks for large-scale internet. Comput Netw 51(18):5036–5056
Najafabadi MM et al (2016) RUDY attack: detection at the network level and its important features. In: The Twenty-Ninth International Flairs Conference. Hilton Marco Island: pp 288–293
Norouzian MR, Merati S (2011) Classifying attacks in a network intrusion detection system based on artificial neural networks. In: Advanced Communication Technology (ICACT), 2011, Republic of Korea, 13th International Conference (pp. 868–873). IEEE
Palmieri F et al (2015) Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. J Supercomput 71(5):1620–1641
Pan W, Li W (2005) A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: International Symposium on parallel and distributed processing and applications. Springer, Berlin, Heidelberg
Powers DM (2011) Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation
Prasad KM, Reddy ARM, Rao KV (2017) BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel Pers Commun 97:281–308
Prasad KM, Reddy ARM, Rao KV (2018) Ensemble classifiers with drift detection (ECDD) in traffic flow streams to detect DDOS attacks. Wirel Pers Commun 99:1639–1659
Seufert S, O'Brien D (2007) Machine learning for automatic defense against distributed denial of service attacks. In: Communications, 2007. ICC'07. IEEE International Conference, Scotland (pp. 1217–1222). IEEE
Shanthi HJ, Mary Anita EA (2014) Heuristic approach of supervised learning for intrusion detection. Indian J Sci Technol 7(6):11–14
Sumathi S, Karthikeyan N (2020) Detection of distributed denial of service using deep learning neural network. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02144-2
Tsang C-H, Kwong S(2005) Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction. InL IEEE International Conference on Industrial Technology (ICIT), pp 51–56
Vijayasarathy R, Raghavan SV, Ravindran B (2011) A system approach to network modeling for DDoS detection using a Naive Bayesian classifier. In: Communication Systems and Networks (COMSNETS), Bangalore, 2011 Third International Conference (pp. 1–10). IEEE
VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDoS) in cloud services using HTTP and XML based DDoS attacks. Int J Comput Appl 41(20):11–16
Wang X, Guo N, Gao F et al (2019) Distributed denial of service attack defence simulation based on honeynet technology. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-019-01396-x
Yan Q et al (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surveys Tutor 18(1):602–622
Zhang Z, Li J, Manikopoulos CN, Jorgenson J, Ucles J (2001) HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proc. IEEE Workshop on Information Assurance and Security, United States, (pp. 85–90)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations
Appendix 1
Appendix 1
See Tables 10, 11, 12, 13, 14, 15, 16 and 17.
Rights and permissions
About this article
Cite this article
Dasari, D.B., Edamadaka, G., Chowdary, C.S. et al. Anomaly-based network intrusion detection with ensemble classifiers and meta-heuristic scale (ECMHS) in traffic flow streams. J Ambient Intell Human Comput 12, 9241–9268 (2021). https://doi.org/10.1007/s12652-020-02628-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02628-1