A New Deep Learning Approach for Anomaly Base IDS using Memetic Classifier

  • Shahriar Mohammadi Department of Industrial Engineering aK.N. Toosi University of Technology, Tehran, Iran
  • Amin Namadchian Department of Industrial Engineering aK.N. Toosi University of Technology, Tehran, Iran

Abstract

A model of an intrusion-detection system capable of detecting attack in computer networks is described. The model is based on deep learning approach to learn best features of network connections and Memetic algorithm as final classifier for detection of abnormal traffic.One of the problems in intrusion detection systems is large scale of features. Which makes typical methods data mining method were ineffective in this area. Deep learning algorithms succeed in image and video mining which has high dimensionality of features. It seems to use them to solve the large scale of features problem of intrusion detection systems is possible. The model is offered in this paper which tries to use deep learning for detecting best features.An evaluation algorithm is used for produce final classifier that work well in multi density environments.We use NSL-KDD and Kdd99 dataset to evaluate our model, our findings showed 98.11 detection rate. NSL-KDD estimation shows the proposed model has succeeded to classify 92.72% R2L attack group.

References

[1] Ahmed M., Naser Mahmood A.,Hu J. (2016); A survey of network anomaly detection techniques, Journal of Network and Computer Applications, 60, 19–31, 2016.
https://doi.org/10.1016/j.jnca.2015.11.016

[2] Amor N. B., Benferhat S., Elouedi Z. (2004); Naive bayes vs decision trees in intrusion detection systems, Proc. of the 2004 ACM Symposium on Applied Computing, NY, USA. ACM, 420–424, 2004.

[3] Axelsson S. (2000); Intrusion Detection Systems : A Survey and Taxonomy, Computer Engineering, 1–27, 2000.

[4] Bengio Y. (2013); Deep learning of representations: Looking forward, Intl. Conf. on Statistical Language and Speech Processing, 1–37, 2013.
https://doi.org/10.1007/978-3-642-36657-4_1

[5] Bengio Y., Courville A. C., Vincent P. (2012); Unsupervised feature learning and deep learning: A review and new perspectives, CoRR, abs/1206.5538, 1, 2012.

[6] Bengio Y., Goodfellow I. J., Courville A. (2016); Deep Learning, The MIT Press, 2016.

[7] Bhuyan M. H., Bhattacharyya D. K., Kalita J. K. (2014); Network anomaly detection: methods, systems and tools, Communications Surveys & Tutorials, IEEE, 16(1), 303–336, 2014.
https://doi.org/10.1109/SURV.2013.052213.00046

[8] Dang Y., Wang B., Brant R., Zhang Z., Alqallaf M., Wu Z. (2017); Anomaly detection for data streams in large-scale distributed heterogeneous computing environments, ICMLG2017 5th Intl. Conf. on Management Leadership and Governance, 121-121, 2017.

[9] Erhan D., Manzagol P.-A., Bengio Y., Bengio S., Vincent P. (2009); The difficulty of training deep architectures and the effect of unsupervised pre-training, Artificial Intelligence and Statistics, 153–160, 2009.

[10] García-Teodoro P., Díaz-Verdejo J., Maciá-Fernández G., Vázquez E. (2009); Anomaly based network intrusion detection: Techniques, systems and challenges, Computers & Security, 28(1-2), 18–28, 2009.
https://doi.org/10.1016/j.cose.2008.08.003

[11] Ng A. (2011). Sparse autoencoder, CS294A Lecture Notes, 72, 1–19, 2011.

[12] Nguyen H., Franke K., Petrovic S. (2010); Improving effectiveness of intrusion detection by correlation feature selection, In ARES 2010 - 5th Intl. Conf. on Availability, Reliability, and Security, 17–24, 2010.

[13] Owais S., Snasel V., Kromer P., Abraham A. (2008); Survey: Using Genetic Algorithm Approach in Intrusion Detection Systems Techniques, 2008 7th Computer Information Systems and Industrial Management Applications, 300–307, 2008.

[14] Qu G., Hariri S., Yousif M. (2005), A new dependency and correlation analysis for features, IEEE Transactions on Knowledge and Data Engineering, 17(9), 1199–1206, 2005.
https://doi.org/10.1109/TKDE.2005.136

[15] Schmidhuber J. (2015), Deep learning in neural networks: An overview, Neural Networks, 61, 85–117, 2015.
https://doi.org/10.1016/j.neunet.2014.09.003

[16] Tavallaee M., Bagheri E., Lu W., Ghorbani A. A. (2009), A detailed analysis of the KDD CUP 99 data set, IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, 2009.
https://doi.org/10.1109/CISDA.2009.5356528

[17] University of California, I. KDD Cup 1999, 1999.

[18] Xia T., Qu G., Hariri S., Yousif M. (2005), An efficient network intrusion detection method based on information theory and genetic algorithm, Performance, Computing, and Communications Conference, 2005. IPCCC 2005, 24th IEEE Intl., 11–17, 2005.
Published
2017-09-10
How to Cite
MOHAMMADI, Shahriar; NAMADCHIAN, Amin. A New Deep Learning Approach for Anomaly Base IDS using Memetic Classifier. INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL, [S.l.], v. 12, n. 5, p. 677-688, sep. 2017. ISSN 1841-9844. Available at: <http://univagora.ro/jour/index.php/ijccc/article/view/2972>. Date accessed: 30 nov. 2020. doi: https://doi.org/10.15837/ijccc.2017.5.2972.

Keywords

Deep learning, KDD99, memetic algorithm, NSL-Kdd, classification function, anomaly base intrusion detection, intrusion-detection system (IDS)