Abstract
Nowadays, one critical challenge of cybersecurity administrators is the protection of online resources from network intrusions. Despite several academic and industry research initiatives, full protection of online resources from these network intrusions is not feasible. Therefore, several techniques have been developed that use network audit data for accurate detection of network intrusions effectively and efficiently and are used in network intrusion detection systems (NIDSs). But, most of NIDSs reported low detection accuracy with high false alarm rate and provide a single solution that lacks in classification trade-offs. In this paper, the authors present a hybrid approach of multi-objective genetic algorithm and neural networks for creating a set of ensemble solutions for detecting network intrusions effectively. The proposed approach works in two phases that initially creates a set of non-dominating solutions or Pareto optimal solutions of base techniques and then creates ensemble solutions. In the outcome of individual solutions or models in the ensemble are aggregated using most popular method of majority voting. The proposed hybrid approach is evaluated using benchmark datasets of NSL_KDD and ISCX-2012 datasets for intrusion detection. The evaluation results using benchmark datasets demonstrate that the proposed hybrid approach enables detecting network intrusions effectively as compared to conventional ensemble approaches, namely bagging and boosting. The resultant ensemble solutions are non-dominating and provide classification trade-offs for cybersecurity administrators. The results also show that the proposed hybrid approach detects both minority and majority intrusion types accurately. The proposed hybrid approach demonstrated a detection accuracy of 97% and 88% with FPR of 2.4% and 2% for ISCX-2012 and NSL_KDD datasets, respectively.
Similar content being viewed by others
References
Ahmadian K, Golestani A, Analoui M, Jahed M (2007) Evolving ensemble of classifiers in low-dimensional spaces using multi-objective evolutionary approach. In: Proceedings of 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS). IEEE, pp 217–222
Ahmadian K, Golestani A, Mozayani N, Kabiri P (2007) A new multi-objective evolutionary approach for creating ensemble of classifiers. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics (ISIC). IEEE, pp 1031–1036
Breiman L (1996) Bias, variance, and arcing classifiers (technical report 460). Department of Statistics, University of California at Berkeley
Brown C, Cowperthwaite A, Hijazi A, Somayaji A (2009) Analysis of the 1999 Darpa/Lincoln Laboratory IDS evaluation data with NetADHICT. In: Proceedings of IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA). IEEE, pp 1–7
Chebrolu S, Abraham A, Thomas J (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307
Corne D, Jerram N, Knowles J, Oates M et al (2001) PESA-II: region-based selection in evolutionary multiobjective optimization. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2001). Citeseer
Deb K, Agrawal S, Pratap A, Meyarivan T (2000) A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: NSGA-II. Lect Notes Comput Sci 1917:849–858
Deb K, Anand A, Joshi D (2002) A computationally efficient evolutionary algorithm for real-parameter optimization. Evolut Comput 10(4):371–395
Dietterich T (2000) Ensemble methods in machine learning. In: Multiple classifier systems, pp 1–15
Dos Santos EM (2008) Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms. PhD thesis, Montreal
Elhag S, Fernandez A, Alshomrani S, Herrera F (2019) Evolutionary fuzzy systems: a case study for intrusion detection systems. In: Bansal JC, Singh PK, Pal NR (eds) Evolutionary and swarm intelligence algorithms. Springer, Berlin, pp 169–190
Elhag S, Fernández A, Altalhi A, Alshomrani S, Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23(4):1321–1336
Engen V (2010) Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the KDD CUP’99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data. PhD thesis, Bournemouth University
Fan W, Stolfo SJ (2002) Ensemble-based adaptive intrusion detection. In: Proceedings of the 2002 SIAM International Conference on Data Mining. SIAM, pp 41–58
Folino G, Pizzuti C, Spezzano G (2005) GP ensemble for distributed intrusion detection systems. In: International Conference on Pattern Recognition and Image Analysis. Springer, pp 54–62
Gu G, Fogla P, Dagon D, Lee W, Skorić B (2006) Measuring intrusion detection capability: an information-theoretic approach. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security. ACM, pp 90–101
Hamamoto AH, Carvalho LF, Sampaio LDH, Abrao T, Proenca ML Jr (2018) Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst Appl 92:390–402
Imperva: cyber threat defense report (2019). https://www.imperva.com/resources/reports/CyberEdge-2019-CDR-Report-v1.1.pdf. Accessed 30 May 2019
Ishibuchi H, Nojima Y (2006) Evolutionary multiobjective optimization for the design of fuzzy rule-based ensemble classifiers. Int J Hybrid Intell Syst 3(3):129–145
Jain A, Tripathi K (2019) A novel hybrid KH-PSO algorithm for ransomware attack identification in intrusion detection system. Available at SSRN 3351009
KDD: KDD CUP 1999 dataset (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 30 May 2019
Khreich W, Granger E, Miri A, Sabourin R (2010) Iterative boolean combination of classifiers in the ROC space: an application to anomaly detection with HMMs. Pattern Recognit 43(8):2732–2752
Khreich W, Granger E, Miri A, Sabourin R (2012) Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recognit 45(1):208–230
Kumar G, Kumar K (2012) The use of multi-objective genetic algorithm based approach to create ensemble of ANN for intrusion detection. Int J Intell Sci 2(24):115–127. https://doi.org/10.4236/ijis.2012.224016
Kumar G, Kumar K, Sachdeva M (2010) An empirical comparative analysis of feature reduction methods for intrusion detection. Int J Inf Telecommun Technol 1(1):44–51
Kumar G, Kumar K, Sachdeva M (2010) The use of artificial intelligence based techniques for intrusion detection: a review. Artif Intell Rev 34(4):369–387
Kuncheva LI (2007) Combining pattern classifiers: methods and algorithms (Kuncheva, Li; 2004) [book review]. IEEE Trans Neural Netw 18(3):964–964
Lu W, Traore I (2004) Detecting new forms of network intrusion using genetic programming. Comput Intell 20(3):475–494
McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans Inf Syst Secur 3(4):262–294
Mukkamala S, Sung A, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182
Ozgur A, Erdem H (2018) Feature selection and multiple classifier fusion using genetic algorithms in intrusion detection systems. J Fac Eng Archit Gazi Univ 33(1):75–87
Papamartzivanos D, Marmol FG, Kambourakis G (2018) Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener Comput Syst 79:558–574
Parrott D, Li X, Ciesielski V (2005) Multi-objective techniques in genetic programming for evolving classifiers. In: Proceedings of IEEE Congress on Evolutionary Computation, vol 2. IEEE, pp 1141–1148
Raman MG, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Sriram VS (2019) An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev. https://doi.org/10.1007/s10462-019-09762-z
Re M, Valentini G (2010) Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines. Neurocomputing 73(7–9):1533–1537
Reddy SSS, Chatterjee P, Mamatha C (2019) Intrusion detection in wireless network using fuzzy logic implemented with genetic algorithm. In: Peng S-L, Dey N, Bundele M (eds) Computing and network sustainability. Springer, Berlin, pp 425–432
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374
Song D, Heywood MI, Zincir-Heywood AN (2003) A linear genetic programming approach to intrusion detection. In: Genetic and Evolutionary Computation Conference. Springer, pp 2325–2336
Srivastava HM, Zhang Y, Wang L, Shen P, Zhang J (2014) A local fractional integral inequality on fractal space analogous to Anderson’s inequality. Abstr Appl Anal 46(8):5218–5229
Suman C, Tripathy S, Saha S (2019) Building an effective intrusion detection system using unsupervised feature selection in multi-objective optimization framework. arXiv preprint arXiv:1905.06562
Tavallaee M (2011) An adaptive hybrid intrusion detection system. PhD thesis, University of New Brunswick
Tavallaee M, Stakhanova N, Ghorbani A (2010) Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern Part C Appl Rev 40(5):516–524
Tiwari S, Fadel G, Deb K (2011) AMGA2: improving the performance of the archive-based micro-genetic algorithm for multi-objective optimization. Eng Optim 43(4):377–401
Tsoumakas G, Angelis L, Vlahavas I (2005) Selective fusion of heterogeneous classifiers. Intell Data Anal 9(6):511–525
Vaca FD, Niyaz Q (2018) An ensemble learning based Wi-Fi network intrusion detection system (WNIDS). In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA). IEEE, pp 1–5
Vijayanand R, Devaraj D, Kannapiran B (2018) Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection. Comput Secur 77:304–314
Wankhade KK, Jondhale KC (2019) An ensemble clustering method for intrusion detection. Int J Intell Eng Inform 7(2–3):112–140
Wei W, Qiang Y, Zhang J (2013) A bijection between lattice-valued filters and lattice-valued congruences in residuated lattices. Math Probl Eng. https://doi.org/10.1155/2013/908623
Wei W, Yang XL, Zhou B, Feng J, Shen PY (2012) Combined energy minimization for image reconstruction from few views. Math Probl Eng. https://doi.org/10.1155/2012/154630
Witten I, Frank E, Hall M (2011) Data mining: practical machine learning tools and techniques. Morgan Kaufmann, Burlington
Wu S, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35
Zitzler E, Deb K, Thiele L (2000) Comparison of multiobjective evolutionary algorithms: empirical results. Evolut Comput 8(2):173–195
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kumar, G. An improved ensemble approach for effective intrusion detection. J Supercomput 76, 275–291 (2020). https://doi.org/10.1007/s11227-019-03035-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-03035-w