A New Deep Learning Approach for Anomaly Base IDS using Memetic Classifier

Authors

  • Shahriar Mohammadi Department of Industrial Engineering aK.N. Toosi University of Technology, Tehran, Iran
  • Amin Namadchian Department of Industrial Engineering aK.N. Toosi University of Technology, Tehran, Iran

Keywords:

Deep learning, KDD99, memetic algorithm, NSL-Kdd, classification function, anomaly base intrusion detection, intrusion-detection system (IDS)

Abstract

A model of an intrusion-detection system capable of detecting attack in computer networks is described. The model is based on deep learning approach to learn best features of network connections and Memetic algorithm as final classifier for detection of abnormal traffic.
One of the problems in intrusion detection systems is large scale of features. Which makes typical methods data mining method were ineffective in this area. Deep learning algorithms succeed in image and video mining which has high dimensionality of features. It seems to use them to solve the large scale of features problem of intrusion detection systems is possible. The model is offered in this paper which tries to use deep learning for detecting best features.An evaluation algorithm is used for produce final classifier that work well in multi density environments.
We use NSL-KDD and Kdd99 dataset to evaluate our model, our findings showed 98.11 detection rate. NSL-KDD estimation shows the proposed model has succeeded to classify 92.72% R2L attack group.

References

Ahmed M., Naser Mahmood A.,Hu J. (2016); A survey of network anomaly detection techniques, Journal of Network and Computer Applications, 60, 19-31, 2016. https://doi.org/10.1016/j.jnca.2015.11.016

Amor N. B., Benferhat S., Elouedi Z. (2004); Naive bayes vs decision trees in intrusion detection systems, Proc. of the 2004 ACM Symposium on Applied Computing, NY, USA. ACM, 420-424, 2004.

Axelsson S. (2000); Intrusion Detection Systems : A Survey and Taxonomy, Computer Engineering, 1-27, 2000.

Bengio Y. (2013); Deep learning of representations: Looking forward, Intl. Conf. on Statistical Language and Speech Processing, 1-37, 2013. https://doi.org/10.1007/978-3-642-36657-4_1

Bengio Y., Courville A. C., Vincent P. (2012); Unsupervised feature learning and deep learning: A review and new perspectives, CoRR, abs/1206.5538, 1, 2012.

Bengio Y., Goodfellow I. J., Courville A. (2016); Deep Learning, The MIT Press, 2016.

Bhuyan M. H., Bhattacharyya D. K., Kalita J. K. (2014); Network anomaly detection: methods, systems and tools, Communications Surveys & Tutorials, IEEE, 16(1), 303-336, 2014. https://doi.org/10.1109/SURV.2013.052213.00046

Dang Y., Wang B., Brant R., Zhang Z., Alqallaf M., Wu Z. (2017); Anomaly detection for data streams in large-scale distributed heterogeneous computing environments, ICMLG2017 5th Intl. Conf. on Management Leadership and Governance, 121-121, 2017.

Erhan D., Manzagol P.-A., Bengio Y., Bengio S., Vincent P. (2009); The difficulty of training deep architectures and the effect of unsupervised pre-training, Artificial Intelligence and Statistics, 153-160, 2009.

García-Teodoro P., Díaz-Verdejo J., Maciá-Fernández G., Vázquez E. (2009); Anomaly based network intrusion detection: Techniques, systems and challenges, Computers & Security, 28(1-2), 18-28, 2009. https://doi.org/10.1016/j.cose.2008.08.003

Ng A. (2011). Sparse autoencoder, CS294A Lecture Notes, 72, 1-19, 2011.

Nguyen H., Franke K., Petrovic S. (2010); Improving effectiveness of intrusion detection by correlation feature selection, In ARES 2010 - 5th Intl. Conf. on Availability, Reliability, and Security, 17-24, 2010.

Owais S., Snasel V., Kromer P., Abraham A. (2008); Survey: Using Genetic Algorithm Approach in Intrusion Detection Systems Techniques, 2008 7th Computer Information Systems and Industrial Management Applications, 300-307, 2008.

Qu G., Hariri S., Yousif M. (2005), A new dependency and correlation analysis for features, IEEE Transactions on Knowledge and Data Engineering, 17(9), 1199-1206, 2005. https://doi.org/10.1109/TKDE.2005.136

Schmidhuber J. (2015), Deep learning in neural networks: An overview, Neural Networks, 61, 85-117, 2015. https://doi.org/10.1016/j.neunet.2014.09.003

Tavallaee M., Bagheri E., Lu W., Ghorbani A. A. (2009), A detailed analysis of the KDD CUP 99 data set, IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, 2009. https://doi.org/10.1109/CISDA.2009.5356528

University of California, I. KDD Cup 1999, 1999.

Xia T., Qu G., Hariri S., Yousif M. (2005), An efficient network intrusion detection method based on information theory and genetic algorithm, Performance, Computing, and Communications Conference, 2005. IPCCC 2005, 24th IEEE Intl., 11-17, 2005.

Published

2017-09-10

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.