Skip to main content

Advertisement

Log in

Anomaly-based network intrusion detection with ensemble classifiers and meta-heuristic scale (ECMHS) in traffic flow streams

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

The exponential growth in the internet services lead to enormous growth in the network traffic. As the services are increasing the numbers of network attacks are also gradually increasing. From the contemporary literature it is proved that machine learning techniques have gained importance in addressing security issues in networks and these techniques rely on features and its values to extract the knowledge. It is evidenced that phenomenal growth in the volume of transactions leads to deviation in feature values. Hence, it is necessary to consider the associability among the transactions and its feature values. In this paper, a Meta-heuristic association scale is proposed to derive a threshold value for the transaction and further, an ensemble classifier is used to analyse the transaction as normal or attack. Ensemble classifier used in the proposed system is based on drift detection which has the ability to analyze the requests at stream level. The proposed model derives the features from the stream level and uses drift detection to analyze the stream characteristics. The experimental study is carried out on the benchmark data to analyze the statistical parameters accuracy, false alarm rate, positive predictive values. Moreover, the ECMHS is compared with the other benchmark models depicted in contemporary literature.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  • Adnan M, Abdulazeez B, Adel SI (2011) Intrusion detection and attack classifier based on three techniques, A comparative study. Eng Technol J 29(2):233–254

    Google Scholar 

  • Akamai (2016) Akamai’s [State of the Internet]/Security Q1/2016 Report. https://www.akamai.com/State of The Internet.

  • Alkasassbeh M et al (2016) Detecting distributed denial of service attacks using data mining techniques. Int J Adv Comput Sci Appl 7:1

    Google Scholar 

  • An TK, Kim MH (2010) A new diverse AdaBoost classifier. In: Proceedings of the 2010 International Conference on artificial intelligence and computational intelligence-Volume 01 2010, China (pp 359–363). IEEE Computer Society

  • Apale S, Kamble RA, Ghodekar M, Nemade H, Waghmode RM (2014) Defense mechanism for Ddos attack through machine learning. Int J Res Eng Technol 03:291–294

    Google Scholar 

  • Barford P, Plonka D (2001) Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on internet measurement. ACM

  • Berral JL et al (2008) Adaptive distributed mechanism against flooding network attacks based on machine learning. In: Proceedings of the 1st ACM workshop on Workshop on AISec. ACM

  • Bhuyan MH, Bhattacharyy DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surveys Tutor 16:303–336

    Article  Google Scholar 

  • Bivens A et al (2002) Network-based intrusion detection using neural networks. Intell Eng Syst Artif Neural Netw 12(1):579–584

    Google Scholar 

  • Cambiaso E, Papaleo G, Aiello M (2012) Taxonomy of slow DoS attacks to web applications. In: Recent trends in computer networks and distributed systems security, pp195–204

  • Claise B, Trammell B, Aitken P(2013) Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. No. RFC 7011

  • de Assis MVO, Carvalho LF, Rodrigues JJPC, Proença ML Jr (2013) Holt-winters statistical forecasting and ACO metaheuristic for traffic characterization. In: IEEE International Conference on Communications (ICC), pp 2524–2528

  • Fossaceca JM, Mazzuchi TA, Sarkani S (2015) MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst Appl 42(8):4062–4080

    Article  Google Scholar 

  • Ghanem TF, Elkilani WS, Abdul-kader HM (2015) A hybrid approach for efficient anomaly detection using meta heuristic methods. J Adv Res 6(4):609–619

    Article  Google Scholar 

  • Ghasemi A, Zahediasl S (2012) Normality tests for statistical analysis: a guide for non-statisticians. Int J Endocrinol Metab 10(2):486

    Article  Google Scholar 

  • Gong Y, Mabu S, Chen C, Wang Y, Hirasawa K (2009) Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming. In: ICCAS-SICE

  • Haddadi F et al (2010) intrusion detection and attack classification using feed-forward neural network. In: Second International Conference on computer and network technology, Minneapolis, MN, USA (pp. 262–266).

  • Hardoon DR, Szedmak S, Shawe-Taylor J (2004) Canonical correlation analysis: an overview with application to learning methods. Neural Comput 16(12):2639–2664

    Article  Google Scholar 

  • Huang G-B et al (2012) Extreme learning machine for regression and multiclass classification. IEEE Trans Syst Man Cybern Part B (Cybernetics) 42(2):513–529

    Article  Google Scholar 

  • Iglesias F, Zseby T (2015) Analysis of network traffic features for anomaly detection. Mach Learn 101(1–3):59–84

    Article  MathSciNet  Google Scholar 

  • Jawale MDR, Bhusari V (2014) Technique to detect and classify attacks in nids using ann. Int J Emerg Res Manag Technol 3(10):75–81

    Google Scholar 

  • Jyothsna V, Rama Prasad VV (2016) nomaly based Network Intrusion Detection through assessing Feature Association Impact Scale (FAIS). Indersci Int J Inf Comput Secur (IJICS) 8:241–257

    Google Scholar 

  • Kalliola A, Lee K, Lee H, Aura T (2015) Flooding DDoS mitigation and traffic management with software defined networking. In: Cloud Networking (CloudNet), 2015 IEEE 4th International Conference, Canada (pp. 248–254). IEEE

  • Karimazad R, Faraahi A (2011) An anomaly-based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on network and electronics engineering, Singapore (pp. 16–18)

  • KDD data set (1999) <https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html>.

  • Kolandaisamy R, Noor RM, Kolandaisamy I et al (2020) A stream position performance analysis model based on DDoS attack detection for cluster-based routing in VANET. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02279-2

    Article  Google Scholar 

  • Kumar PAR, Selvakumar S (2013) Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Comput Commun 36(3):303–319

    Article  Google Scholar 

  • Lu K et al (2007) Robust and efficient detection of DDoS attacks for large-scale internet. Comput Netw 51(18):5036–5056

    Article  Google Scholar 

  • Najafabadi MM et al (2016) RUDY attack: detection at the network level and its important features. In: The Twenty-Ninth International Flairs Conference. Hilton Marco Island: pp 288–293

  • Norouzian MR, Merati S (2011) Classifying attacks in a network intrusion detection system based on artificial neural networks. In: Advanced Communication Technology (ICACT), 2011, Republic of Korea, 13th International Conference (pp. 868–873). IEEE

  • Palmieri F et al (2015) Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. J Supercomput 71(5):1620–1641

    Article  Google Scholar 

  • Pan W, Li W (2005) A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: International Symposium on parallel and distributed processing and applications. Springer, Berlin, Heidelberg

  • Powers DM (2011) Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation

  • Prasad KM, Reddy ARM, Rao KV (2017) BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel Pers Commun 97:281–308

    Article  Google Scholar 

  • Prasad KM, Reddy ARM, Rao KV (2018) Ensemble classifiers with drift detection (ECDD) in traffic flow streams to detect DDOS attacks. Wirel Pers Commun 99:1639–1659

    Article  Google Scholar 

  • Seufert S, O'Brien D (2007) Machine learning for automatic defense against distributed denial of service attacks. In: Communications, 2007. ICC'07. IEEE International Conference, Scotland (pp. 1217–1222). IEEE

  • Shanthi HJ, Mary Anita EA (2014) Heuristic approach of supervised learning for intrusion detection. Indian J Sci Technol 7(6):11–14

    Article  Google Scholar 

  • Sumathi S, Karthikeyan N (2020) Detection of distributed denial of service using deep learning neural network. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-02144-2

    Article  Google Scholar 

  • Tsang C-H, Kwong S(2005) Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction. InL IEEE International Conference on Industrial Technology (ICIT), pp 51–56

  • Vijayasarathy R, Raghavan SV, Ravindran B (2011) A system approach to network modeling for DDoS detection using a Naive Bayesian classifier. In: Communication Systems and Networks (COMSNETS), Bangalore, 2011 Third International Conference (pp. 1–10). IEEE

  • VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDoS) in cloud services using HTTP and XML based DDoS attacks. Int J Comput Appl 41(20):11–16

    Google Scholar 

  • Wang X, Guo N, Gao F et al (2019) Distributed denial of service attack defence simulation based on honeynet technology. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-019-01396-x

    Article  Google Scholar 

  • Yan Q et al (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surveys Tutor 18(1):602–622

    Article  Google Scholar 

  • Zhang Z, Li J, Manikopoulos CN, Jorgenson J, Ucles J (2001) HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proc. IEEE Workshop on Information Assurance and Security, United States, (pp. 85–90)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Durga Bhavani Dasari.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations

Appendix 1

Appendix 1

See Tables 10, 11, 12, 13, 14, 15, 16 and 17.

Table 10 Canonical correlation of the fields of PROBE category under divergent labels against normal data
Table 11 Canonical correlation of the fields of PROBE category (less than the mean of the CC value)
Table 12 Canonical correlation of the fields of DOS category under divergent labels against normal data
Table 13 Optimal Features of DoS Category (less than the mean of the CC value)
Table 14 Optimal Features of U2R Category under divergent labels against normal data
Table 15 Optimal Features of U2R Category (less than the mean of the CC value)
Table 16 Optimal Features of U2R Category under divergent labels against normal data
Table 17 Optimal Features of U2R Category (less than the mean of the CC value)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dasari, D.B., Edamadaka, G., Chowdary, C.S. et al. Anomaly-based network intrusion detection with ensemble classifiers and meta-heuristic scale (ECMHS) in traffic flow streams. J Ambient Intell Human Comput 12, 9241–9268 (2021). https://doi.org/10.1007/s12652-020-02628-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-020-02628-1

Keywords

Navigation