ABSTRACT
Intrusion detection based upon machine learning is currently attracting considerable interests from the research community. One of the appealing properties of machine learning based intrusion detection systems is their ability to detect new and unknown attacks. In order to apply machine learning to intrusion detection, a large number of both attack and normal data samples need to be collected. While, it is often easier to sample benign data based on the normal behaviors of networks, intrusive data is much more scarce, therefore more difficult to collect. In this paper, we propose a novel solution to this problem by generating artificial attack data for intrusion detection based on machine learning techniques. Various machine learning techniques are used to evaluate the effectiveness of the generated data and the results show that the data set of synthetic attack data combining with normal one can help machine learning methods to achieve good performance on intrusion detection problem.
- M. S. Abadeh, J. Habibi, Z. Barzegar, and M. Sergi. A parallel genetic local search algorithm for intrusion detection in computer networks. Eng. Appl. of AI, 20(8): 1058--1069, 2007. Google ScholarDigital Library
- C. C. Aggarwal. Outlier Analysis. Springer, 2013. Google ScholarCross Ref
- H. B. Barlow. Unsupervised learning. Neural Computation, 1: 295--311, 1989. Google ScholarDigital Library
- F. Bergadano. Machine learning and the foundations of inductive inference. Minds and Machines, 3(1): 31--51, 1993.Google ScholarCross Ref
- V. L. Cao, V. T. Hoang, and Q. U. Nguyen. A scheme for building a dataset for intrusion detection systems. In the 2013 Third World Congress on Information and Communication Technologies, pages 120--132, Hanoi-Vietnam, 2013. IEEE.Google ScholarCross Ref
- W.-H. Chen, S.-H. Hsu, and H.-P. Shen. Application of SVM and ANN for intrusion detection. Computers & OR, 32: 2617--2634, 2005. Google ScholarDigital Library
- Y. Chen, A. Abraham, and B. Y. 0001. Hybrid flexible neural-tree-based intrusion detection systems. Int. J. Intell. Syst, 22(4): 337--352, 2007. Google ScholarDigital Library
- N. Cristianini and J. Shawe-Taylor. An introduction to Support Vector Machines. Cambridge University Press, Mar. 2000. Google ScholarDigital Library
- S. Das. Elements of artificial neural networks. IEEE Transactions on Neural Networks, 9(1): 234--235, Jan. 1998. Google ScholarDigital Library
- D. E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2): 222--232, Feb. 1987. Google ScholarDigital Library
- W. Fan, M. Miller, S. Stolfo, W. Lee, and P. Chan. Using artificial anomalies to detect unknown and known network intrusions. In Proceedings of ICDM01, pages 123--248, 2001. Google ScholarDigital Library
- S. Garcia and F. Herrera. Evolutionary undersampling for classification with imbalanced datasets: Proposals and taxonomy. Evolutionary Computation, 17(3): 275--306, 2009. Google ScholarDigital Library
- G. Giacinto, R. Perdisci, M. D. Rio, and F. Roli. Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion, 9(1): 69--82, 2008. Google ScholarDigital Library
- R. Givan, S. Leach, and T. Dean. Bounded-parameter Markov decision processes. Artificial Intelligence, 122(1-2): 71--109, 2000. Google ScholarDigital Library
- D. Heckerman. Tutorial on learning in bayesian networks. Technical Report MSR-TR-95-06, Microsoft, 1995.Google Scholar
- N. Intrator. On the combination of supervised and unsupervised learning. Physica A, pages 655--661, 1993.Google ScholarCross Ref
- W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (SSP '99), pages 120--132, Washington - Brussels - Tokyo, 1999. IEEE.Google Scholar
- W. Lee and S. J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur, 3(4): 227--261, 2000. Google ScholarDigital Library
- Y. Li and L. Guo. An active learning based TCM-KNN algorithm for supervised network intrusion detection. Computers & Security, 26(7-8): 459--467, 2007. Google ScholarDigital Library
- Y. Liu, K. Chen, X. Liao, and W. Zhang. A genetic clustering method for intrusion detection. Pattern Recognition, 37(5): 927--942, 2004.Google ScholarCross Ref
- T. Mitchell. Machine Learning. McGraw-Hill, 1997. Google ScholarDigital Library
- S. Mukkamala, A. H. Sung, and A. Abraham. Intrusion detection using an ensemble of intelligent paradigms. J. Network and Computer Applications, 28(2): 167--182, 2005. Google ScholarDigital Library
- Quinlan. Learning decision tree classifiers. CSURV: Computing Surveys, 28, 1996. Google ScholarDigital Library
- J. R. Quinlan. C4.5: Programs for Machine Learning. Morgan Kaufmann, San Mateo, CA, 1993. Google ScholarDigital Library
- K. Shafi and H. A. Abbass. Evaluation of an adaptive genetic-based signature extraction system for network intrusion detection. Pattern Anal. Appl, 16(4): 549--566, 2013. Google ScholarDigital Library
- C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin. Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10): 11994--12000, 2009. Google ScholarDigital Library
- V. Vapnik. Statistical Learning Theory. Wiley, 1998.Google ScholarDigital Library
- I. H. Witten and E. Frank. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, 2005. Google ScholarDigital Library
- S. X. Wu and W. Banzhaf. The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput, 10(1): 1--35, 2010. Google ScholarDigital Library
- H. Zhang. The optimality of naive bayes. 17th International FLAIRS conference, Miami Beach, May, pages 17--19, 2004.Google Scholar
Recommendations
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
A Framework for Generating Evasion Attacks for Machine Learning Based Network Intrusion Detection Systems
Information Security ApplicationsAbstractIntrusion Detection System (IDS) plays a vital role in detecting anomalies and cyber-attacks in networked systems. However, sophisticated attackers can manipulate the IDS’ attacks samples to evade possible detection. In this paper, we present a ...
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
A large set of machine learning and pattern classification algorithms trained and tested on KDD intrusion detection data set failed to identify most of the user-to-root and remote-to-local attacks, as reported by many researchers in the literature. In ...
Comments