Skip to main content
SpringerLink
Log in

An intelligent intrusion detection system

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

With the introduction of emerging technologies cybersecurity has become an inherited and amplified problem. New technologies bring significant developments but also come with new challenges in the cybersecurity area. The fight against malicious attacks is an everyday battle for every company. Challenges brought by security breaches can be devastating for a company and sometimes bring un-survivable circumstances. In this paper, we propose a novel two-stage intelligent intrusion detection system (IDS) to detect and protect from such malicious attacks. Intrusion Detection Systems are feasible solutions for cybersecurity problems, but they come with implementation challenges. Anomaly based IDS usually have a high rate of false positives (FP) and they require considerable computational requirements. The approach proposed in this paper consists of a two-stage architecture based on machine learning algorithms. In the first stage, the IDS uses K-Means to detect attacks and the second stage uses supervised learning to classify such attacks and eliminate the number of false positives. The implementation of this approach results in a computationally efficient IDS able to detect and classify attacks at a 99.97% accuracy while lowering the number of false positives to 0. The paper also evaluates the performance results and compares them with other relevant research papers. The performance of this proposed IDS is superior to the current state of the art.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Abar T, Letaifa AB, El Asmi S (2017) Machine learning based QoE prediction in SDN networks. In: 2017 13th international wireless communications and mobile computing conference (IWCMC), IEEE, pp 1395–1400

  2. Bauer B, Kohavi R (1999) An empirical comparison of voting classification algorithms: Bagging, boosting, and varian. In: Machine learning, pp 105–139

  3. Chandolikar N, Nandavadekar V (2012) Efficient algorithm for intrusion attack classification by analyzing KDD cup 99. In: 2012 9th international conference on wireless and optical communications networks (WOCN), IEEE, pp 1–5

  4. Dave D, Richhariya V (2012) Intrusion detection with KNN classification and DS-theory. Int J Comput Sci Inf Technol Secur(IJCSITS) 2(2):274–281

    Google Scholar 

  5. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Systems with Applications 29(4):713–722

    Article  Google Scholar 

  6. Ditterich T (2000) An experimental comparison of three methods for constructing ensembles of decision trees : Bagging, boosting, and randomization. In: Machine Learning, pp 139–157

  7. Dong Y, Du B, Zhang L (2018) Target detection based on random forest metric learning. In: Ground vehicle systems engineering and technology symposium, national defense industrial association

  8. Dubey GP, Gupta N, Bhujade RK (2011) A novel approach to intrusion detection system using rough set theory and incremental SVM. Int J Soft Comput Eng (IJSCE) 1(1):1448

    Google Scholar 

  9. Fayyad U, Piatetsky-Shapiro G, Smyth P (1996) The KDD process for extracting useful knowledge from volumes of data. Commun ACM 39(11):27–34

    Article  Google Scholar 

  10. Iguer H, Medromi H, Sayouti A, Elhasnaoui S, Faris S (2014) The impact of cyber security issues on businesses and governments: A framework for implementing a cyber security plan. In: 2014 international conference on future internet of things and cloud (FiCloud), IEEE, pp 316-321

  11. Kaja N, Shaout A, Borovikov M (2014) Security solution for cloud computing using a hardware implementation of aes. In: The international arab conference on information technology, ACIT

  12. Kaja N, Shaout A, Dehzangi O (2017) Two stage intelligent automotive system to detect and classify a traffic light. In: 2017 international conference on new trends in computing sciences, ICTCS, IEEE, pp 30–35

  13. Kaja N, Shaout A, Ma D (2017) A two stage intrusion detection intelligent system. In: The international arab conference on information technology, IEEE-ACIT

  14. Kaja N, Nasser A, Shaout A, Ma D (2018) Automotive security. In: Encyclopedia of wireless networks. Springer

  15. Kayacik HG, Zincir-Heywood N (2005) Analysis of three intrusion detection system benchmark datasets using machine learning algorithms. In: International conference on intelligence and security informatics, Springer, pp 362–367

  16. Kayacik HG, Zincir-Heywood AN, Heywood MI (2005) Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the 3rd annual conference on privacy, security and trust

  17. KDD Cup (1999) Intrusion detection data set. The UCI KDD Archive Information and Computer Science University of California, Irvine. http://kddicsuciedu/databases/kddcup99

  18. Kushwaha P, Buckchash H, Raman B (2017) Anomaly based intrusion detection using filter based feature selection on KDD-CUP 99. In: Region 10 Conference, TENCON 2017-2017, IEEE, IEEE, pp 839-844

  19. MacQueen J et al (1967) Some methods for classification and analysis of multivariate observations. In: Proceedings of the 5th Berkeley symposium on mathematical statistics and probability, Oakland, CA, USA, vol 1, pp 281–297

  20. Meena G, Choudhary RR (2017) A review paper on ids classification using KDD 99 and NSL KDD dataset in WEKA. In: 2017 international conference on computer, communications and electronics (Comptelix), IEEE, pp 553–558

  21. Northcutt S, Novak J (2002) Network intrusion detection. Sams Publishing

  22. Pandey P, Prabhakar R (2016) An analysis of machine learning techniques (J48 & AdaBoost)-for classification. In: 2016 1st India international conference on information processing (IICIP), IEEE, pp 1–6

  23. Pervez MS, Farid DM (2014) Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: 2014 8th international conference on software, knowledge, information management and applications (SKIMA), IEEE, pp 1–6

  24. Shaout A, Kaja N (2015) A smart traffic sign recognition system. In: 2015 11th international computer engineering conference, ICENCO, IEEE, pp 57–162

  25. Singh J, Nene MJ (2013) A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering 2(11):4349–4355

    Google Scholar 

  26. Subba B, Biswas S, Karmakar S (2016) A neural network based system for intrusion detection and attack classification. In: 2016 22nd national conference on communication (NCC), IEEE, pp 1–6

  27. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications, 2009, CISDA, IEEE, pp 1–6

  28. Velmurugan T, Santhanam T (2010) Performance evaluation of k-means and fuzzy c-means clustering algorithms for statistical distributions of input data points. Eur J Sci Res 46(3):320–330

    Google Scholar 

  29. Zhang L, Shi L, Kaja N, Ma D (2015) A two-stage deep learning approach for can intrusion detection. In: IEEE journal of selected topics in applied earth observations and remote sensing, IEEE, pp 1830–1838

Download references

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering Department, The University of Michigan-Dearborn, Dearborn, MI, 48128, USA

    Nevrus Kaja & Adnan Shaout

  2. Computer and Information Science Department, The University of Michigan-Dearborn, Dearborn, MI, 48128, USA

    Di Ma

Authors
  1. Nevrus Kaja
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adnan Shaout
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Di Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nevrus Kaja.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kaja, N., Shaout, A. & Ma, D. An intelligent intrusion detection system. Appl Intell 49, 3235–3247 (2019). https://doi.org/10.1007/s10489-019-01436-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-019-01436-1

Keywords

Search

Navigation