A HYBRID MACHINE LEARNING MODEL FOR NETWORK INTRUSION DETECTION

 Intrusion detection is a significant challenge in network security, as it involves detecting unseen attacks in a network or system. In this research, we aimed to build a hybrid machine learning model for intrusion detection using artificial intelligence (AI). To do this, we used the KDD CUP 99 dataset and applied two machine learning algorithms: AdaBoost and Stochastic Gradient Descent Classifier (SGDC). These algorithms were combined to form two hybrid models: SGDC_ADA and ADA_SGDC.  The results of our study showed that the SGDC_ADA model had an accuracy of 0.97 and outperformed the ADA_SGDC model, which had an accuracy of 0.96. In addition, the SGDC_ADA model had an average precision of 0.97, average recall of 0.96, and average F1-score of 0.97, while the ADA_SGDC model had an average precision of 0.96, average recall of 0.95, and average F1-score of 0.96.  Overall, our research suggests that the SGDC_ADA hybrid model is an effective method for intrusion detection, with high accuracy and low error rates. This model may be useful in improving network security and protecting against unseen attacks

Intrusion detection by machine learning = Behatolás detektálás gépi tanulás által

Since the early days of information technology, there have been many stakeholders who used the technological capabilities for their own benefit, be it legal operations, or illegal access to computational assets and sensitive information. Every year, businesses invest large amounts of effort into upgrading their IT infrastructure, yet, even today, they are unprepared to protect their most valuable assets: data and knowledge. This lack of protection was the main reason for the creation of this dissertation. During this study, intrusion detection, a field of information security, is evaluated through the use of several machine learning models performing signature and hybrid detection. This is a challenging field, mainly due to the high velocity and imbalanced nature of network traffic. To construct machine learning models capable of intrusion detection, the applied methodologies were the CRISP-DM process model designed to help data scientists with the planning, creation and integration of machine learning models into a business information infrastructure, and design science research interested in answering research questions with information technology artefacts. The two methodologies have a lot in common, which is further elaborated in the study. The goals of this dissertation were two-fold: first, to create an intrusion detector that could provide a high level of intrusion detection performance measured using accuracy and recall and second, to identify potential techniques that can increase intrusion detection performance. Out of the designed models, a hybrid autoencoder + stacking neural network model managed to achieve detection performance comparable to the best models that appeared in the related literature, with good detections on minority classes. To achieve this result, the techniques identified were synthetic sampling, advanced hyperparameter optimization, model ensembles and autoencoder networks. In addition, the dissertation set up a soft hierarchy among the different detection techniques in terms of performance and provides a brief outlook on potential future practical applications of network intrusion detection models as well

Hybrid machine learning technique for intrusion detection system

The utilization of the Internet has grown tremendously resulting in more critical data are being transmitted and handled online.Hence, these occurring changes have led to draw the conclusion that thenumber of attacks on the important information over the internet is increasing yearly.Intrusion is one of the main threat to the internet.Various techniques and approaches have been developed to address the limitations of intrusion detection system such as low accuracy, high false alarm rate, and time consuming. This research proposed a hybrid machine learning technique for network intrusion detection based on combination of K-means clustering and support vector machine classification.The aim of this research is to reduce the rate of false positive alarm, false negative alarm rate and to improve the detection rate.The NSL-KDD dataset has been used in the proposed technique.In order to improve classification performance, some steps have been taken on the dataset.The classification has been performed by using support vector machine. After training and testing the proposed hybrid machine learning technique, the results have shown that the proposed technique has achieved a positive detection rate and reduce the false alarm rate

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT) algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO) algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods

Intrusion detection using machine learning algorithms

With the growing rate of cyber-attacks, there is a significant need for intrusion detection systems (IDS) in networked environments. As intrusion tactics become more sophisticated and more challenging to detect, this necessitates improved intrusion detection technology to retain user trust and preserve network security. Over the last decade, several detection methodologies have been designed to provide users with reliability, privacy, and information security. The first half of this thesis surveys the literature on intrusion detection techniques based on machine learning, deep learning, and blockchain technology from 2009 to 2018. The survey identifies applications, drawbacks, and challenges of these three intrusion detection methodologies that identify threats in computer network environments. The second half of this thesis proposes a new machine learning Model for intrusion detection that employs random forest, naive Bayes, and decision tree algorithms. We evaluate its performance on a standard dataset of simulated network attacks used in the literature, NSL-KDD. We discuss preprocessing of the dataset and feature selection for training our hybrid model and report its performance using standard metrics such as accuracy, precision, recall, and f-measure. In the final part of the thesis, we evaluate our intrusion model against the performance of existing machine learning models for intrusion detection reported in the literature. Our model predicts the Denial of Service (DOS) attack using a random forest classifier with 99.81% accuracy, Probe attack with 97.89% accuracy, and R2L attack with 97.92% accuracy achieving equivalent or superior performance in comparison with the existing models

A Deep Learning Approach Combining Auto-encoder with One-class SVM for DDoS Attack Detection in SDNs

Software Defined Networking (SDN) provides us with the capability of collecting network traffic information and managing networks proactively. Therefore, SDN facilitates the promotion of more robust and secure networks. Recently, several Machine Learning (ML)/Deep Learning (DL) intrusion detection approaches have been proposed to secure SDN networks. Currently, most of the proposed ML/DL intrusion detection approaches are based on supervised learning approach that required labelled and well-balanced datasets for training. However, this is time intensive and require significant human expertise to curate these datasets. These approaches cannot deal well with imbalanced and unlabeled datasets. In this paper, we propose a hybrid unsupervised DL approach using the stack autoencoder and One-class Support Vector Machine (SAE-1SVM) for Distributed Denial of Service (DDoS) attack detection. The experimental results show that the proposed algorithm can achieve an average accuracy of 99.35 % with a small set of flow features. The SAE-1SVM shows that it can reduce the processing time significantly while maintaining a high detection rate. In summary, the SAE-1SVM can work well with imbalanced and unlabeled datasets and yield a high detection accuracy

PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection

As a system capable of monitoring and evaluating illegitimate network access, an intrusion detection system (IDS) profoundly impacts information security research. Since machine learning techniques constitute the backbone of IDS, it has been challenging to develop an accurate detection mechanism. This study aims to enhance the detection performance of IDS by using a particle swarm optimization (PSO)-driven feature selection approach and hybrid ensemble. Specifically, the final feature subsets derived from different IDS datasets, i.e., NSL-KDD, UNSW-NB15, and CICIDS-2017, are trained using a hybrid ensemble, comprising two well-known ensemble learners, i.e., gradient boosting machine (GBM) and bootstrap aggregation (bagging). Instead of training GBM with individual ensemble learning, we train GBM on a subsample of each intrusion dataset and combine the final class prediction using majority voting. Our proposed scheme led to pivotal refinements over existing baselines, such as TSE-IDS, voting ensembles, weighted majority voting, and other individual ensemble-based IDS such as LightGB

Network Intrusion Detection with Two-Phased Hybrid Ensemble Learning and Automatic Feature Selection

The use of network connected devices has grown exponentially in recent years revolutionizing our daily lives. However, it has also attracted the attention of cybercriminals making the attacks targeted towards these devices increase not only in numbers but also in sophistication. To detect such attacks, a Network Intrusion Detection System (NIDS) has become a vital component in network applications. However, network devices produce large scale high-dimensional data which makes it difficult to accurately detect various known and unknown attacks. Moreover, the complex nature of network data makes the feature selection process of a NIDS a challenging task. In this study, we propose a machine learning based NIDS with Two-phased Hybrid Ensemble learning and Automatic Feature Selection. The proposed framework leverages four different machine learning classifiers to perform automatic feature selection based on their ability to detect the most significant features. The two-phased hybrid ensemble learning algorithm consists of two learning phases, with the first phase constructed using classifiers built from an adaptation of the One-vs-One framework, and the second phase constructed using classifiers built from combinations of attack classes. The proposed framework was evaluated on two well-referenced datasets for both wired and wireless applications, and the results demonstrate that the two-phased ensemble learning framework combined with the automatic feature selection engine has superior attack detection capability compared to other similar studies found in the literature

A Hybrid Classification Framework for Network Intrusion Detection with High Accuracy and Low Latency

Network intrusion detection (NIDS) is a crucial task aimed at safeguarding computer networks against malicious attacks. Traditional NIDS methods can be categorized as either misuse-based or anomaly-based, each having its unique set of limitations. Misuse-based approaches excel in identifying known attacks but fall short when dealing with new or unidentified attack patterns. On the other hand, anomaly-based methods are more adept at identifying novel attacks but tend to produce a substantial number of false positives. To enhance the overall performance of NIDS systems, hybrid classification techniques are employed, leveraging the strengths of both misuse-based and anomaly-based methods. In this research, we present a novel hybrid classification approach for NIDS that excels in both speed and accuracy. Our approach integrates a blend of machine learning algorithms, including decision trees, support vector machines, and deep neural networks. We conducted comprehensive evaluations of our approach using various network intrusion datasets, achieving state-of-the-art results in terms of accuracy and prediction speed

A Deep Learning-Based Framework for Feature Extraction and Classification of Intrusion Detection in Networks

An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as “the big three.” On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.publishedVersio