ABSTRACT
Currently, pattern-based detection is difficult to detect new network attacks with signatures. Thus, using machine learning is an approach proposed by many researchers for intrusion detection systems to deal with this issue. This paper presents a hybrid method combining a rule-based inspector with an AI-driven model, namely WGID, to improve intrusion detection performance. In this method, traffic flows that are not triggered by any rule of the rule-based inspector will be deeply analyzed by the WGID-based inspector. WGID comprises the TWGAN algorithm to generate more coherent samples based on the WGAN to tackle the imbalanced dataset. Based on the training dataset augmented by TWGAN, WGID adopts the XGBoost method to perform the deep analysis. To demonstrate the WGID performance, we conduct different rigorous experiments to evaluate WGID using three well-known datasets. The results indicate that the WGID achieves an excellent accuracy of , , and with the CSE-CIC-IDS2018, NSL-KDD, and UGR datasets, respectively. It also performs better than related models using the same datasets. Moreover, the deep inspection time for each traffic flow is also small enough to detect intrusions in the inline mode (i.e., average 1.892μs/flow).
- Mahmoud Abbasi, Amin Shahraki, and Amir Taherkordi. 2021. Deep Learning for Network Traffic Monitoring and Analysis (NTMA): A Survey. Computer Communications 170 (2021), 19–41. https://doi.org/10.1016/j.comcom.2021.01.021Google ScholarCross Ref
- Razan Abdulhammed, Miad Faezipour, Abdelshakour Abuzneid, and Arafat Abumallouh. 2019. Deep and Machine Learning Approaches for Anomaly-Based Intrusion Detection of Imbalanced Network Traffic. IEEE Sensors Letters 3 (01 2019), 1–4. https://doi.org/10.1109/LSENS.2018.2879990Google ScholarCross Ref
- Abebe Abeshu and Naveen Chilamkurti. 2018. Deep Learning: The Frontier for Distributed Attack Detection in Fog-to-Things Computing. IEEE Communications Magazine 56, 2 (2018), 169–175. https://doi.org/10.1109/MCOM.2018.1700332Google ScholarDigital Library
- J V Anand Sukumar, I Pranav, MM Neetish, and Jayasree Narayanan. 2018. Network Intrusion Detection Using Improved Genetic k-means Algorithm. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). 2441–2446. https://doi.org/10.1109/ICACCI.2018.8554710Google ScholarCross Ref
- Martin Arjovsky, Soumith Chintala, and Léon Bottou. 2017. Wasserstein GAN. https://doi.org/10.48550/ARXIV.1701.07875Google Scholar
- Ömer Aslan and Abdullah Asim Yilmaz. 2021. A New Malware Classification Framework Based on Deep Learning Algorithms. IEEE Access 9(2021), 87936–87951. https://doi.org/10.1109/ACCESS.2021.3089586Google ScholarCross Ref
- Marta Catillo, Massimiliano Rak, and Villano Umberto. 2020. 2L-ZED-IDS: A Two-Level Anomaly Detector for Multiple Attack Classes. In Web, Artificial Intelligence and Network Applications, WAINA2020(Advances in Intelligent Systems and Computing). Springer International Publishing, 687–696. https://doi.org/10.1007/978-3-030-44038-1_63Google Scholar
- Preethi Devan and Neelu Khare. 2020. An efficient XGBoost–DNN-based classification model for network intrusion detection system. Neural Computing and Applications 32 (08 2020). https://doi.org/10.1007/s00521-020-04708-xGoogle ScholarDigital Library
- Abebe Diro and Naveen Chilamkurti. 2018. Leveraging LSTM Networks for Attack Detection in Fog-to-Things Communications. IEEE Communications Magazine 56, 9 (2018), 124–130. https://doi.org/10.1109/MCOM.2018.1701270Google ScholarCross Ref
- Son N. Duong, Hanh P. Du, Cuong N. Nguyen, and Hoa N. Nguyen. 2021. A RED-BET Method to Improve the Information Diffusion on Social Networks. International Journal of Advanced Computer Science and Applications 12, 8(2021). https://doi.org/10.14569/IJACSA.2021.0120898Google ScholarCross Ref
- Arash Habibi Lashkari. 2018. CICFlowmeter-V4.0 (formerly known as ISCXFlowMeter) is a network traffic Bi-flow generator and analyser for anomaly detection. https://github.com/ISCX/CICFlowMeter. (08 2018). https://doi.org/10.13140/RG.2.2.13827.20003Google Scholar
- Sumaiya Ikram, Aswani Kumar Cherukuri, Babu Poorva, Pamidi Ushasree, Yishuo Zhang, Xiao Liu, and Gang Li. 2021. Anomaly Detection Using XGBoost Ensemble of Deep Neural Network Models. Cybernetics and Information Technologies 21 (09 2021), 175–188. https://doi.org/10.2478/cait-2021-0037Google ScholarDigital Library
- Piyasak Jeatrakul, Kok Wong, and Chun Fung. 2010. Classification of Imbalanced Data by Combining the Complementary Neural Network and SMOTE Algorithm. 152–159. https://doi.org/10.1007/978-3-642-17534-3_19Google Scholar
- Feng Jiang, Yunsheng Fu, B B Gupta, Fang Lou, Seungmin Rho, Fanzhi Meng, and Zhihong Tian. 2018. Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security. IEEE Transactions on Sustainable Computing 5 (01 2018), 1–1. Issue 2. https://doi.org/10.1109/TSUSC.2018.2793284Google ScholarCross Ref
- Ilyas Adeleke Jimoh, Idris Ismaila, and Morufu Olalere. 2019. Enhanced Decision Tree-J48 With SMOTE Machine Learning Algorithm for Effective Botnet Detection in Imbalance Dataset. In 2019 15th International Conference on Electronics, Computer and Computation (ICECCO). 1–8. https://doi.org/10.1109/ICECCO48375.2019.9043233Google Scholar
- Gozde Karatas, Onder Demir, and Koray Sahingoz. 2020. Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset. IEEE Access 8(2020), 32150–32162. https://doi.org/10.1109/ACCESS.2020.2973219Google ScholarCross Ref
- Ansam Khraisat, Iqbal Gondal, Peter Vamplew, and Joarder Kamruzzaman. 2019. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2, 1 (17 Jul 2019), 20. https://doi.org/10.1186/s42400-019-0038-7Google Scholar
- Giap V. Le, Tung H. Nguyen, Phuc D. Pham, On V. Phung, and Hoa N. Nguyen. 2019. GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities. Transactions on Computational Collective Intelligence 11370 (2019), 184–208. https://doi.org/10.1007/978-3-662-58611-2_5Google Scholar
- Ha V. Le, Hanh P. Du, Hoa N. Nguyen, Cuong N. Nguyen, and Long V. Hoang. 2022. A proactive method of the webshell detection and prevention based on deep traffic analysis. International Journal of Web and Grid Services (IJWGS) 18, 4(2022), 361–386. https://doi.org/10.1504/IJWGS.2022.10048129Google ScholarCross Ref
- Ha V. Le, Tu N. Nguyen, Hoa N. Nguyen, and Linh Le. 2021. An Efficient Hybrid Webshell Detection Method for Webserver of Marine Transportation Systems. IEEE Transactions on Intelligent Transportation Systems (2021), 1–13. https://doi.org/10.1109/TITS.2021.3122979Google ScholarCross Ref
- Ha V. Le, Hoang V. Vo, Tu N. Nguyen, Hoa N. Nguyen, and Hung T. Du. 2022. Towards a Webshell Detection Approach Using Rule-Based and Deep HTTP Traffic Analysis. In Computational Collective Intelligence. Springer International Publishing, Cham, 571–584. https://doi.org/10.1007/978-3-031-16014-1_45Google ScholarDigital Library
- Lan Liu, Pengcheng Wang, Jun Lin, and Langzhou Liu. 2021. Intrusion Detection of Imbalanced Network Traffic Based on Machine Learning and Deep Learning. IEEE Access 9(2021), 7550–7563. https://doi.org/10.1109/ACCESS.2020.3048198Google ScholarCross Ref
- Roberto Magán-Carrión, Daniel Urda, Ignacio Diaz-Cano, and Bernabe Dorronsoro. 2020. Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches. Applied Sciences 10 (03 2020), 1775. https://doi.org/10.3390/app10051775Google Scholar
- Zakiyabanu S. Malek, Bhushan Trivedi, and Axita Shah. 2020. User behavior Pattern -Signature based Intrusion Detection. In 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). 549–552. https://doi.org/10.1109/WorldS450073.2020.9210368Google ScholarCross Ref
- Tahir Mehmood and Helmi B. Md Rais. 2016. Machine learning algorithms in context of intrusion detection. In 2016 3rd International Conference on Computer and Information Sciences (ICCOINS). 369–373. https://doi.org/10.1109/ICCOINS.2016.7783243Google ScholarCross Ref
- Gowtham Muniraju, Bhavya Kailkhura, Jayaraman J. Thiagarajan, Peer-Timo Bremer, Cihan Tepedelenlioglu, and Andreas Spanias. 2021. Coverage-Based Designs Improve Sample Mining and Hyperparameter Optimization. IEEE Transactions on Neural Networks and Learning Systems 32, 3(2021), 1241–1253. https://doi.org/10.1109/TNNLS.2020.2982936Google ScholarCross Ref
- Smitha Rajagopal, Poornima Kundapur, and Hareesha S.2020. A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets. Security and Communication Networks (01 2020), 1–9. https://doi.org/10.1155/2020/4586875Google Scholar
- Parag Verma, Shayan Anwar, Shadab Khan, and Sunil B Mane. 2018. Network Intrusion Detection Using Clustering and Gradient Boosting. In 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT). 1–7. https://doi.org/10.1109/ICCCNT.2018.8494186Google Scholar
- R. Vinayakumar, Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, Ameer Al-Nemrat, and Sitalakshmi Venkatraman. 2019. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access 7(2019), 41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334Google ScholarCross Ref
- Hoang V. Vo, Hoa N. Nguyen, Tu N. Nguyen, and Hanh P. Du. 2022. SDAID: Towards a Hybrid Signature and Deep Analysis-based Intrusion Detection Method. In The 2022 IEEE Global Communications Conference (GLOBECOM) (in press). 1–6.Google Scholar
- Charles Wheelus, Elias Bou-Harb., and Xingquan Zhu. 2018. Tackling Class Imbalance in Cyber Security Datasets. In IEEE International Conference on Information Reuse and Integration. 229–232. https://doi.org/10.1109/IRI.2018.00041Google ScholarDigital Library
- Feng Zhao, Hao Zhang, Jia Peng, Xiaohong Zhuang, and Sang-Gyun Na. 2020. A semi-self-taught network intrusion detection system. Neural Computing and Applications 32 (12 2020). https://doi.org/10.1007/s00521-020-04914-7Google ScholarDigital Library
Index Terms
- Leveraging AI-Driven Realtime Intrusion Detection by Using WGAN and XGBoost
Recommendations
APELID: Enhancing real-time intrusion detection with augmented WGAN and parallel ensemble learning
AbstractThis paper proposes an AI-powered intrusion detection method that improves intrusion detection performance by increasing the quality of the training set and employing numerous potent AI models. Composed of the Augmented Wasserstein Generative ...
Highlights- Proposing APELID to enhance speed and competence of intrusion detection.
- Training set augmented by WGAN and clustering algorithms.
- Realtime inspection by parallel ensemble learning with 5 best AI models.
- Periodic deep analysis ...
AI-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysis
AbstractCurrent intrusion detection systems, which rely on signature-based detection using rules derived from the inspection of past traffic flows and their signatures, are incapable of detecting new types of attacks. They also face challenges from large-...
Highlights- Creating SAID, a holistic method for intrusion detection in large-scale networks.
- Proposing PAID, a novel parallel ensemble of AI models for SAID.
- Compressing majority classes & zooming on minorities to boost training set quality.
Comments