Skip to main content
SpringerLink
Log in

Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space

  • Published:
Cognitive Computation Aims and scope Submit manuscript

Abstract

Recently, with the increased use of network communication, the risk of compromising the information has grown immensely. Intrusions have become more sophisticated and few methods can achieve efficient results while the network behavior constantly changes. This paper proposes an intrusion detection system based on modeling distributions of network statistics and Extreme Learning Machine (ELM) to achieve high detection rates of intrusions. The proposed model aggregates the network traffic at the IP subnetwork level and the distribution of statistics are collected for the most frequent IPv4 addresses encountered as destination. The obtained probability distributions are learned by ELM. This model is evaluated on the ISCX-IDS 2012 dataset, which is collected using a real-time testbed. The model is compared against leading approaches using the same dataset. Experimental results show that the presented method achieves an average detection rate of 91% and a misclassification rate of 9%. The experimental results show that our methods significantly improve the performance of the simple ELM despite a trade-off between performance and time complexity. Furthermore, our methods achieve good performance in comparison with the other few state-of-the-art approaches evaluated on the ISCX-IDS 2012 dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Akusok A, Miche Y, Hegedus J, Nian R, Lendasse A. A two-Stage methodology using k-NN and false-positive minimizing ELM for nominal data classification. Cogn Comput 2014;6(3):432–445.

    Article  Google Scholar 

  2. Ammar A. Decision tree classifier for intrusion detection priority tagging. J Comput Commun 2015;3(4):52.

    Article  Google Scholar 

  3. Argus. Auditing network activity.

  4. Bace R, Mell P. 2001. NIST special publication on intrusion detection systems. US Department of Defense.

  5. Baeza-Yates R, Ribeiro-Neto B, Vol. 463. Modern information retrieval. New York: ACM press; 1999.

    Google Scholar 

  6. Barayas O. How the Internet of Things Is Changing the Cybersecurity Landscape.

  7. Bhuyan MH, Bhattacharyya DK, Kalita JK. Network anomaly detection: methods systems and tools. IEEE commun Surveys Tutor 2014;16:303–336.

    Article  Google Scholar 

  8. Bishop CM. 2006. Pattern recognition and machine learning.

  9. Cormode G, Korn F, Muthukrishnan S, Srivastava D. Finding hierarchical heavy hitters in data streams. Proceedings of the 29th international conference on Very large data bases; 2003. p. 464–475.

    Chapter  Google Scholar 

  10. Deng C, Wang S, Li Z, Huang GB, Lin W. Content-Insensitive blind image blurriness assessment using weibull statistics and sparse extreme learning machine. IEEE Trans Syst Man Cybern: Syst 2017;PP(99):1–12.

    Google Scholar 

  11. Ding S, Zhang J, Jia H, Qian J. An adaptive density data stream clustering algorithm. Cogn Comput 2016;8(1):30–38.

    Article  Google Scholar 

  12. Folino G, Pisani FS, Sabatino P. A distributed intrusion detection framework based on evolved specialized ensembles of classifiers. European conference on the applications of evolutionary computation. International Publishing; 2016. p. 315–331.

  13. Gaddam SR, Phoha VV, Balagani KS. K-means+ id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 2007;19(3): 345–354.

    Article  Google Scholar 

  14. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 2009;28:18–28.

    Article  Google Scholar 

  15. Gu G, Fogla P, Dagon D, Lee W, Skorić B. Measuring intrusion detection capability: an information-theoretic approach. Proceedings of the 2006 ACM Symposium on Information computer and communications security; 2006. p. 90–101.

  16. Huang GB, Chen L, Siew CK. Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Netw 2006;17:879–892.

    Article  PubMed  Google Scholar 

  17. Huang G-B, Liang N-Y, Rong H-J, Saratchran P, Sundararajan N. On-line sequential extreme learning machine. Calgary: ACTA Press; 2005.

    Google Scholar 

  18. Huang GB, Zhu QY, Siew CK. Extreme learning machine: theory and applications. Neurocomputing 2006; 70:489–501.

    Article  Google Scholar 

  19. Huang G-B. An insight into extreme learning machines: random neurons, random features and kernels. Cogn Comput 2014;6(3):376–390.

    Article  Google Scholar 

  20. Huang G-B. What are extreme learning machines? filling the gap between frank Rosenblatt’s dream and John von Neumann’s puzzle. Cogn Comput 2015;7(3):263–278.

    Article  Google Scholar 

  21. Khan L, Awad M, Thuraisingham B. A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J—The Int J Very Large Data Bases 2007;16(4):507–521.

    Article  Google Scholar 

  22. Kumar G, Kumar K. 2013. Design of an evolutionary approach for intrusion detection. The Scientific World Journal.

  23. Liao Y, Vemuri VR. Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 2002;21(5): 439–448.

    Article  Google Scholar 

  24. Lim SY, Jones A. 2008. Network anomaly detection system: the state of art of network behaviour analysis pages 459–465.

  25. Liu X, Wang L, Yin J, Zhu E, Zhang J. An efficient approach to integrating radius information into multiple kernel learning. IEEE Tran Cybern 2013;43(2):557–569.

    Article  Google Scholar 

  26. Liu X, Wang L, Huang G-B, Zhang J, Yin J. Multiple kernel extreme learning machine. Neurocomputing 2015;149:253–264.

    Article  Google Scholar 

  27. Lucas M. Network flow analysis. San Francisco: No Starch Press; 2010.

    Google Scholar 

  28. Mao W, Jiang M, Wang J, Li Y. Online extreme learning machine with hybrid sampling strategy for sequential imbalanced data. Cogn Comput 2017;9(6):780–800.

    Article  Google Scholar 

  29. Miche Y, Sorjamaa A, Bas P, Simula O, Jutten C, Lendasse A. Op-elm: optimally pruned extreme learning machine. IEEE Trans Neural Netw 2010;21:158–162.

    Article  PubMed  Google Scholar 

  30. Patcha A, Jung-Min P. An overview of anomaly detection techniques Existing solutions and latest technological trends. Comput Netw 2007;51:3448–3470.

    Article  Google Scholar 

  31. Perkins CE. 2010. IP mobility support for IPv4.

  32. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 2012;31:357–374.

    Article  Google Scholar 

  33. Srinivasan V, Varghese G. Faster ip lookups using controlled prefix expansion. ACM SIGMETRICS Performance Evaluation Rev 1998;26:1–10.

    Article  Google Scholar 

  34. Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J. Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 2015;64(9):2519–2533.

    Article  Google Scholar 

  35. Vasan KK, Surendiran B. Dimensionality reduction using principal component analysis for network intrusion detection. Perspectives Sci 2016;8:510–512.

    Article  Google Scholar 

  36. Wang G, Hao J, Ma J, Huang L. A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 2010;37(9):6225–6232.

    Article  Google Scholar 

  37. Wang S, Deng C, Lin W, Huang GB, Zhao B. NMF-based image quality assessment using extreme learning machine. IEEE Trans Cybern 2017;47(1):232–243.

    Article  PubMed  Google Scholar 

  38. Xu K, Zhang ZL, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans Netw 2008;16:1241–1252.

    Article  Google Scholar 

  39. Yassin W, Udzir NI, Muda Z, Sulaiman MN. Anomaly-based intrusion detection through k-means clustering and naives bayes classification. Proceedings of the 4th International Conference on Computing and Informatics; 2013. p. 298–303.

Download references

Funding

This work was supported by the research from SCOTT project. SCOTT (www.scott-project.eu) has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 737422. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Spain, Finland, Ireland, Sweden, Germany, Poland, Portugal, Netherlands, Belgium, Norway.

Author information

Authors and Affiliations

  1. Department of Signal Processing and Acoustics, Aalto University, Espoo, Finland

    Buse Gul Atli

  2. Nokia Bell Labs, Espoo, Finland

    Yoan Miche, Aapo Kalliola, Ian Oliver & Silke Holtmanns

  3. The University of Iowa, Iowa City, IA, 52242, USA

    Amaury Lendasse

Authors
  1. Buse Gul Atli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yoan Miche
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aapo Kalliola
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ian Oliver
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Silke Holtmanns
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Amaury Lendasse
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yoan Miche.

Ethics declarations

Conflict of Interest

The authors declare that they have no conflict of interest.

Additional information

Ethical Approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Atli, B.G., Miche, Y., Kalliola, A. et al. Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space. Cogn Comput 10, 848–863 (2018). https://doi.org/10.1007/s12559-018-9564-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12559-018-9564-y

Keywords

Search

Navigation