Skip to main content
SpringerLink
Log in

An efficient cascaded method for network intrusion detection based on extreme learning machines

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Machine learning techniques are widely used for network intrusion detection (NID). However, it has to face the unbalance of training samples between classes as it is hard to collect samples of some intrusion classes. This would produce false positives for these intrusion classes. Meanwhile, since there are various types of intrusions, classification boundaries between different classes are seriously nonlinear. Due to the huge amount of training data, computational efficiency is also required. This paper therefore proposes an efficient cascaded classifier for NID. This classifier consists of a collection of binary base classifiers which are serially connected. Each base classifier corresponds to a type of intrusion. The order of these base classifiers is automatically determined based on the number of false positives to cope with the unbalance of training samples. Extreme learning machine algorithm, which has low computational cost, is used to train these base classifiers to delineate the nonlinear boundaries between classes. This proposed NID method is evaluated on the KDD99 data set. Experimental results have shown that this proposed method outperforms other state-of-the-art methods including decision tree, back-propagation neural network and support vector machines.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. KDD99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  2. Bartlett PL (1998) The sample complexity of pattern classification with neural networks: the size of the weights is more important than the size of the network. IEEE Trans Inform Theory 44(2):525–536

    Article  MathSciNet  Google Scholar 

  3. Beghdad R (2008) Critical study of neural networks in detecting intrusions. Comp Security 27(5–6):168–175

    Article  Google Scholar 

  4. Burges C (1998) A tutorial on support vector machines for pattern recognition. Data Mining Know Dis 2(2):121–167

    Article  Google Scholar 

  5. Chen T (2010) Stuxnet, the real start of cyber warfare. IEEE Network 24(4):2–3

    Article  Google Scholar 

  6. Creech G, Hu J (2014) A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans Comp 63(4):807–819

    Article  MathSciNet  Google Scholar 

  7. He J, Zheng S (2014) Intrusion detection model with twin support vector machines. J Shang Jiaotong Univ (Sci) 19(4):448–454

    Article  Google Scholar 

  8. Huang GB, Chen L (2007) Convex incremental extreme learning machine. Neurocomputing 70(16–18):3056–3062

    Article  Google Scholar 

  9. Huang GB, Chen L, Siew C (2006) Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Networks 17(4):879–892

    Article  Google Scholar 

  10. Huang GB, Zhou H, Ding X, Zhang R (2012) Extreme learning machine for regression and multiclass classification. IEEE Trans Syst Man Cyber B Cyber 42(2):513–529

    Article  Google Scholar 

  11. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430

    Article  Google Scholar 

  12. Quinlan J (1986) Induction of decision trees. Mach Learn 1(1):81–106

    Google Scholar 

  13. Rong H, Huang G, Ong Y (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141

    Article  Google Scholar 

  14. Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Networks 61:85–117

    Article  Google Scholar 

  15. Wang H, Chen B (2013) Intrusion detection system based on multi-strategy pruning algorithm of the decision tree. In: IEEE International Conference on Grey Systems and Intelligent Services :445–447

  16. Weller-Fahy D, Borghetti B, Sodemann A (2015) A survey of distance and similarity measures used within network intrusion anomaly detection. Commun Surv Tutorials 17:70–91

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Mathematics and Computer Science, Fuzhou University, Fuzhou, Fujian, 350116, China

    Yuanlong Yu, Zhifan Ye & Xianghan Zheng

  2. Department of Electrical Engineering and Computer Science, University of Stavanger, 4036, Stavanger, Norway

    Chunming Rong

Authors
  1. Yuanlong Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhifan Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xianghan Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunming Rong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xianghan Zheng.

Additional information

This work is supported by the National Natural Science Foundation of China under Grant 61473089 and 61502106.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yu, Y., Ye, Z., Zheng, X. et al. An efficient cascaded method for network intrusion detection based on extreme learning machines. J Supercomput 74, 5797–5812 (2018). https://doi.org/10.1007/s11227-016-1766-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1766-z

Keywords

Search

Navigation