Abstract
Machine learning techniques are widely used for network intrusion detection (NID). However, it has to face the unbalance of training samples between classes as it is hard to collect samples of some intrusion classes. This would produce false positives for these intrusion classes. Meanwhile, since there are various types of intrusions, classification boundaries between different classes are seriously nonlinear. Due to the huge amount of training data, computational efficiency is also required. This paper therefore proposes an efficient cascaded classifier for NID. This classifier consists of a collection of binary base classifiers which are serially connected. Each base classifier corresponds to a type of intrusion. The order of these base classifiers is automatically determined based on the number of false positives to cope with the unbalance of training samples. Extreme learning machine algorithm, which has low computational cost, is used to train these base classifiers to delineate the nonlinear boundaries between classes. This proposed NID method is evaluated on the KDD99 data set. Experimental results have shown that this proposed method outperforms other state-of-the-art methods including decision tree, back-propagation neural network and support vector machines.
Similar content being viewed by others
References
KDD99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Bartlett PL (1998) The sample complexity of pattern classification with neural networks: the size of the weights is more important than the size of the network. IEEE Trans Inform Theory 44(2):525–536
Beghdad R (2008) Critical study of neural networks in detecting intrusions. Comp Security 27(5–6):168–175
Burges C (1998) A tutorial on support vector machines for pattern recognition. Data Mining Know Dis 2(2):121–167
Chen T (2010) Stuxnet, the real start of cyber warfare. IEEE Network 24(4):2–3
Creech G, Hu J (2014) A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans Comp 63(4):807–819
He J, Zheng S (2014) Intrusion detection model with twin support vector machines. J Shang Jiaotong Univ (Sci) 19(4):448–454
Huang GB, Chen L (2007) Convex incremental extreme learning machine. Neurocomputing 70(16–18):3056–3062
Huang GB, Chen L, Siew C (2006) Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Networks 17(4):879–892
Huang GB, Zhou H, Ding X, Zhang R (2012) Extreme learning machine for regression and multiclass classification. IEEE Trans Syst Man Cyber B Cyber 42(2):513–529
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430
Quinlan J (1986) Induction of decision trees. Mach Learn 1(1):81–106
Rong H, Huang G, Ong Y (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141
Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Networks 61:85–117
Wang H, Chen B (2013) Intrusion detection system based on multi-strategy pruning algorithm of the decision tree. In: IEEE International Conference on Grey Systems and Intelligent Services :445–447
Weller-Fahy D, Borghetti B, Sodemann A (2015) A survey of distance and similarity measures used within network intrusion anomaly detection. Commun Surv Tutorials 17:70–91
Author information
Authors and Affiliations
Corresponding author
Additional information
This work is supported by the National Natural Science Foundation of China under Grant 61473089 and 61502106.
Rights and permissions
About this article
Cite this article
Yu, Y., Ye, Z., Zheng, X. et al. An efficient cascaded method for network intrusion detection based on extreme learning machines. J Supercomput 74, 5797–5812 (2018). https://doi.org/10.1007/s11227-016-1766-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-016-1766-z