Skip to main content
SpringerLink
Log in

Hybrid Model for Improving the Classification Effectiveness of Network Intrusion Detection

  • Conference paper
  • First Online:
13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) (CISIS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1267))

Abstract

Recently developed machine learning techniques, with emphasis on deep learning, are finding their successful implementations in detection and classification of anomalies at both network- and host-levels. However, the utilisation of deep learning in Intrusion Detection Systems is still in its early stage, coping with problems like the emergence of unknown attacks, or dealing with imbalanced datasets. The existing solutions suffer from low detection rates and high false-positive rates. In this paper, a hybrid anomaly detection system that leverages a Classical AutoEncoder (CAE) method with a Deep Neural Network (DNN) is presented. To enhance the capabilities of the proposed model, the method works in two phases for network anomaly detection. In the first stage, a CAE is used for feature engineering. In the second phase, a DNN is used for classification. The efficacy of the proposed method is validated on a benchmark dataset UNSW-NB15. The results of its analysis are discussed in terms of accuracy, detection rate, false-positive rate, ROC, and F1-score and compared to other algorithms used for network anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aburomman, A.A., Reaz, M.B.I.: A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 65, 135–152 (2017)

    Article  Google Scholar 

  2. Aljawarneh, S., Aldwairi, M., Yassein, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 25, 152–160 (2018)

    Article  Google Scholar 

  3. Choraś, M., Kozik, R.: Machine learning techniques applied to detect cyber attacks on web applications. Logic J. IGPL 23(1), 45–56 (2015)

    Article  MathSciNet  Google Scholar 

  4. Dhanabal, L., Shantharajah, S.P.: A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)

    Google Scholar 

  5. Djenouri, Y., Belhadi, A., Lin, J.C.-W., Cano, A.: Adapted k-nearest neighbors for detecting anomalies on spatio-temporal traffic flow. IEEE Access 7, 10015–10027 (2019)

    Article  Google Scholar 

  6. Ganeshan, R., Rodrigues, S.P.: I-AHSDT: intrusion detection using adaptive dynamic directive operative fractional lion clustering and hyperbolic secant-based decision tree classifier. J. Exp. Theoret. Artif. Intell. 30(6), 887–910 (2018)

    Article  Google Scholar 

  7. Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)

    Article  Google Scholar 

  8. Jain, A., Verma, B., Rana, J.L.: Anomaly intrusion detection techniques: a brief review. Int. J. Sci. Eng. Res. 5(7), 1372–1383 (2014)

    Google Scholar 

  9. Jidiga, G.R., Sammulal, P.: Anomaly detection using machine learning with a case study. In: 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies, pp. 1060–1065. IEEE (2014)

    Google Scholar 

  10. Karami, A.: An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Expert Syst. Appl. 108, 36–60 (2018)

    Article  Google Scholar 

  11. Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust, vol. 94, pp. 1723–1722 (2005)

    Google Scholar 

  12. Kingma, D.P., Adam, J.B.: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  13. Kozik, R., Choraś, M.: Current cyber security threats and challenges in critical infrastructures protection. In: 2013 Second International Conference on Informatics & Applications (ICIA), pp. 93–97. IEEE (2013)

    Google Scholar 

  14. Kozik, R., Choraś, M.: Protecting the application layer in the public domain with machine learning methods. Logic J. IGPL 27(2), 149–159 (2019)

    Article  MathSciNet  Google Scholar 

  15. Meidan, Y., et al.: N-baiot–network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)

    Article  Google Scholar 

  16. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)

    Article  Google Scholar 

  17. Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7(3.24), 479–482 (2018)

    Google Scholar 

  18. Ren, J., Guo, J., Qian, W., Yuan, H., Hao, X., Jingjing, H.: Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur. Commun. Netw. 2019, 11 (2019)

    Google Scholar 

  19. Shang, W., Cui, J., Song, C., Zhao, J., Zeng, P.: Research on industrial control anomaly detection based on FCM and SVM. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 218–222. IEEE (2018)

    Google Scholar 

  20. Tian, Y., Mirzabagheri, M., Bamakan, S.M.H., Wang, H., Qiang, Q.: Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems. Neurocomputing 310, 223–235 (2018)

    Article  Google Scholar 

  21. Wongsuphasawat, K., et al.: Visualizing dataflow graphs of deep learning models in tensorflow. IEEE Trans. Vis. Comput. Graph. 24(1), 1–12 (2017)

    Article  Google Scholar 

  22. Xin, Y., et al.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)

    Article  Google Scholar 

  23. Yang, Y., Zheng, K., Chunhua, W., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)

    Article  Google Scholar 

  24. Zhou, Y., Arpit, D., Nwogu, I., Govindaraju, V.: Is joint training better for deep auto-encoders? arXiv preprint arXiv:1405.1380 (2014)

Download references

Acknowledgement

This work is funded under InfraStress project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 833088.

Author information

Authors and Affiliations

  1. UTP University of Science and Technology, Kaliskiego 7, 85-976, Bydgoszcz, Poland

    Vibekananda Dutta, Michał Choraś, Rafał Kozik & Marek Pawlicki

Authors
  1. Vibekananda Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michał Choraś
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafał Kozik
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marek Pawlicki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marek Pawlicki .

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Álvaro Herrero

  2. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Carlos Cambra

  3. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Daniel Urda

  4. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  5. Department of Industrial Engineering, University of A Coruña, La Coruña, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dutta, V., Choraś, M., Kozik, R., Pawlicki, M. (2021). Hybrid Model for Improving the Classification Effectiveness of Network Intrusion Detection. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_38

Download citation

Publish with us

Policies and ethics

Search

Navigation