24,825 research outputs found
Comparison of Network Intrusion Detection Performance Using Feature Representation
P. 463-475Intrusion detection is essential for the security of the components
of any network. For that reason, several strategies can be used in
Intrusion Detection Systems (IDS) to identify the increasing attempts to
gain unauthorized access with malicious purposes including those base
on machine learning. Anomaly detection has been applied successfully to
numerous domains and might help to identify unknown attacks. However,
there are existing issues such as high error rates or large dimensionality
of data that make its deployment di cult in real-life scenarios. Representation
learning allows to estimate new latent features of data in a
low-dimensionality space. In this work, anomaly detection is performed
using a previous feature learning stage in order to compare these methods
for the detection of intrusions in network tra c. For that purpose,
four di erent anomaly detection algorithms are applied to recent network
datasets using two di erent feature learning methods such as principal
component analysis and autoencoders. Several evaluation metrics such
as accuracy, F1 score or ROC curves are used for comparing their performance.
The experimental results show an improvement for two of the
anomaly detection methods using autoencoder and no signi cant variations
for the linear feature transformationS
TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-based Intrusion Detection System
Intrusion detection systems (IDS) play a pivotal role in computer security by discovering and repealing malicious activities in computer networks. Anomaly-based IDS, in particular, rely on classification models trained using historical data to discover such malicious activities. In this paper, an improved IDS based on hybrid feature selection and two-level classifier ensembles is proposed. An hybrid feature selection technique comprising three methods, i.e. particle swarm optimization, ant colony algorithm, and genetic algorithm, is utilized to reduce the feature size of the training datasets (NSL-KDD and UNSW-NB15 are considered in this paper). Features are selected based on the classification performance of a reduced error pruning tree (REPT) classifier. Then, a two-level classifier ensembles based on two meta learners, i.e., rotation forest and bagging, is proposed. On the NSL-KDD dataset, the proposed classifier shows 85.8% accuracy, 86.8% sensitivity, and 88.0% detection rate, which remarkably outperform other classification techniques recently proposed in the literature. Results regarding the UNSW-NB15 dataset also improve the ones achieved by several state of the art techniques. Finally, to verify the results, a two-step statistical significance test is conducted. This is not usually considered by IDS research thus far and, therefore, adds value to the experimental results achieved by the proposed classifier
- …