A Hybrid Three-layered Approach for Intrusion Detection using Machine Learning Methods
Journal of Electrical and Computer Engineering Innovations (JECEI)
مقالات آماده انتشار ، پذیرفته شده، انتشار آنلاین از تاریخ 20 اسفند 1403
نوع مقاله: Original Research Paper
شناسه دیجیتال (DOI): 10.22061/jecei.2025.11530.811
نویسنده
A. Beigi*
Artificial Intelligence Department, Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran.
تاریخ دریافت : 18 آذر 1403 ،
تاریخ بازنگری : 30 بهمن 1403 ،
تاریخ پذیرش : 19 اسفند 1403
چکیده
Background and Objectives: Intrusion Detection Systems (IDS) are crucial for safeguarding computer networks. However, they face challenges such as detecting subtle intrusions and novel attack patterns. While signature-based and anomaly-based IDS have been widely used, hybrid approaches offer a promising solution by combining their strengths. This study aims to develop a robust hybrid IDS that effectively addresses these challenges.Methods: We propose a three-layered hybrid IDS that leverages machine learning techniques. The first layer utilizes a signature-based approach to identify known intrusions. The second layer employs an anomaly-based approach with unsupervised learning to detect unknown intrusions. The third layer utilizes supervised learning to classify intrusions based on training data. We evaluated the proposed system on the NSL-KDD dataset.Results: Experimental results demonstrate the effectiveness of our proposed hybrid IDS in accurately detecting intrusions. Comparisons with recent studies using the same dataset show that our system outperforms existing approaches in terms of detection accuracy and robustness.Conclusion: Our research presents a novel hybrid IDS that effectively addresses the limitations of traditional IDS methods. By combining signature-based, anomaly-based, and supervised learning techniques, our system can accurately detect both known and unknown intrusions. The promising results obtained from our experiments highlight the potential of this approach in enhancing network security.
کلیدواژهها
Intrusion Detection Systems ؛ Network Security ؛ Machine Learning ؛ NSL-KDD Data Set
مراجع
[1] A. Thakkar, R. Lohiya, "A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions," Artif. Intell. Rev., 55(1): 453-563, 2022.
[2] S. Venkatesan, "Design an intrusion detection system based on feature selection using ML algorithms," Math. Stat. Eng. Appl., 72(1): 702-710, 2023.
[3] A. Thakkar, R. Lohiya, "A review of the advancement in intrusion detection datasets," Procedia Comput. Sci., 167: 636-645, 2020.
[4] M. Sabhnani, G. Serpen, "KDD feature set complaint heuristic rules for R2L attack detection," in Security and Management, 310-316, 2003.
[5] A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, 2(1): 20, 2019.
[6] S. Aljawarneh, M. Aldwairi, M. B. Yassein, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," J. Comput. Sci., 25: 152-160, 2018.
[7] R. A. R. Ashfaq, X. Z. Wang, J. Z. Huang, H. Abbas, Y. L. He, "Fuzziness based semi-supervised learning approach for intrusion detection system," Inf. Sci., 378: 484-497, 2017.
[8] I. Goodfellow, Y. Bengio, A. Courville, “6.5 Back-Propagation and Other Differentiation Algorithms,” in Deep Learning, MIT Press, 200-220, 2016. ISBN 9780262035613.
[9] C. Guo, Y. Ping, N. Liu, S. S. Luo, "A two-level hybrid approach for intrusion detection," Neurocomputing, 214: 391-400, 2016.
[10] P. Kar, S. Banerjee, K. C. Mondal, G. Mahapatra, S. Chattopadhyay, "A hybrid intrusion detection system for hierarchical filtration of anomalies," in Inf. Commun. Technol. Intell. Syst., 417-426, Springer, Singapore, 2019.
[11] V. Hajisalem, S. Babaie, "A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection," Comput. Netw., 136: 37-50, 2018.
[12] W. L. Al-Yaseen, Z. A. Othman, M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Syst. Appl., 67: 296-303, 2017.
[13] C. Yin, Y. Zhu, J. Fei, X. He, "A deep learning approach for intrusion detection using recurrent neural networks," IEEE Access, 5: 21954-21961, 2017.
[14] Y. Gao, Y. Liu, Y. Jin, J. Chen, H. Wu, "A novel semi-supervised learning approach for network intrusion detection on cloud-based robotic system," IEEE Access, 6: 50927-50938, 2018.
[15] B. A. Tama, M. Comuzzi, K. H. Rhee, "TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system," IEEE Access, 7: 94497-94507, 2019.
[16] S. Naseer, Y. Saleem, S. Khalid, M. K. Bashir, J. Han, M. M. Iqbal, K. Han, "Enhanced network anomaly detection based on deep neural networks," IEEE Access, 6: 48231-48246, 2018.
[17] P. Illy, G. Kaddoum, C. M. Moreira, K. Kaur, S. Garg, "Securing fog-to-things environment using intrusion detection system based on ensemble learning," in Proc. 2019 IEEE Wireless Commun. Netw. Conf. (WCNC), 1-7, 2019.
[18] Y. Yang, K. Zheng, C. Wu, Y. Yang, "Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network," Sensors, 19(11): 2528, 2019.
[19] R. Zhao, Y. Mu, L. Zou, X. Wen, "A hybrid intrusion detection system based on feature selection and weighted stacking classifier," IEEE Access, 10: 71414-71426, 2022.
[20] S. Huang, K. Lei, "IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks," Ad Hoc Netw., 105: 102177, 2020.
[21] P. Bedi, N. Gupta, V. Jindal, "I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems," Appl. Intell., 51(2): 1133-1151, 2021.
[22] K. Jiang, W. Wang, A. Wang, H. Wu, "Network intrusion detection combined hybrid sampling with deep hierarchical network," IEEE Access, 8: 32464-32476, 2020.
[23] Z. Hu, L. Wang, L. Qi, Y. Li, W. Yang, "A novel wireless network intrusion detection method based on adaptive synthetic sampling and an improved convolutional neural network," IEEE Access, 8: 195741-195751, 2020.
[24] T. Su, H. Sun, J. Zhu, S. Wang, Y. Li, "BAT: Deep learning methods on network intrusion detection using NSL-KDD dataset," IEEE Access, 8: 29575-29585, 2020.
[25] M. Latah, L. Toker, "Minimizing false positive rate for DoS attack detection: A hybrid SDN-based approach," ICT Express, 6(2): 125-127, 2020.
[26] Y.Tang, L. Gu, L. Wang, "Deep Stacking Network for Intrusion Detection," Sensors, 22(1): 25, 2022.
[27] Y. Yuliana, D. H. Supriyadi, M. R. Fahlevi, M. R. Arisagas, "Analysis of NSL-KDD for the Implementation of Machine Learning in Network Intrusion Detection System," J. Inform. Inf. Syst. Softw. Eng. Appl. (INISTA), 6(2): 80-89, 2024.
[28] N. G. Pardeshi, D. V. Patil, "Binary and Multiclass Classification Intrusion Detection System using Benchmark NSL-KDD and Machine Learning Models," in Proc. 2024 Int. Conf. Data Sci. Netw. Secur. (ICDSNS), 1-7, 2024.
[29] D. Gümüşbaş, T. Yıldırım, A. Genovese, F. Scotti, "A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems," IEEE Syst. J., 15(2): 1717-1731, 2020.
[30] M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in 2009 IEEE Symp. Comput. Intell. Secur. Def. Appl., 1-6, 2009.
[31] N. B. Aissa, M. Guerroumi, "A genetic clustering technique for anomaly-based intrusion detection systems," in Proc. 2015 IEEE/ACIS Int. Conf. Softw. Eng. Artif. Intell. Netw. Parallel/Distrib. Comput. (SNPD), 1-6, 2015.
[32] D. Greiner, J. Periaux, D. Quagliarella, J. Magalhaes-Mendes, B. Galvan, "Evolutionary algorithms and metaheuristics: applications in engineering design and optimization," Math. Probl. Eng., 2018.
[33] F. Salo, A. B. Nassif, A. Essex, "Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection," Comput. Netw., 148: 164-175, 2019.
[34] P. Mishra, V. Varadharajan, U. Tupakula, E. S. Pilli, "A detailed investigation and analysis of using machine learning techniques for intrusion detection," IEEE Commun. Surv. Tutorials, 21(1): 686-728, 2018.
[35] Q. M. Alzubi, M. Anbar, Z. N. Alqattan, M. A. Al-Betar, R. Abdullah, "Intrusion detection system based on a modified binary grey wolf optimization," Neural Comput. Appl., 2019.
[36] N. T. Pham, E. Foo, S. Suriadi, H. Jeffrey, H. F. M. Lahza, "Improving performance of intrusion detection system using ensemble methods and feature selection," in Proc. Australas. Comput. Sci. Week Multiconf., 1-6, 2018.
[37] H. H. Pajouh, G. Dastghaibyfard, S. Hashemi, "Two-tier network anomaly detection model: a machine learning approach," J. Intell. Inf. Syst., 48: 61-74, 2017.
[38] N. Paulauskas, J. Auskalnis, "Analysis of data pre-processing influence on intrusion detection using NSL-KDD dataset," in 2017 Open Conf. Electr. Electron. Inf. Sci. (eStream), 1-5, 2017.
آمار
تعداد مشاهده مقاله: 84