1. bookVolumen 12 (2022): Heft 2 (April 2022)
30 Dec 2014
4 Hefte pro Jahr
access type Uneingeschränkter Zugang

An Autoencoder-Enhanced Stacking Neural Network Model for Increasing the Performance of Intrusion Detection

Online veröffentlicht: 23 Feb 2022
Volumen & Heft: Volumen 12 (2022) - Heft 2 (April 2022)
Seitenbereich: 149 - 163
Eingereicht: 15 Dec 2021
Akzeptiert: 30 Jan 2022
30 Dec 2014
4 Hefte pro Jahr

Security threats, among other intrusions affecting the availability, confidentiality and integrity of IT resources and services, are spreading fast and can cause serious harm to organizations. Intrusion detection has a key role in capturing intrusions. In particular, the application of machine learning methods in this area can enrich the intrusion detection efficiency. Various methods, such as pattern recognition from event logs, can be applied in intrusion detection. The main goal of our research is to present a possible intrusion detection approach using recent machine learning techniques. In this paper, we suggest and evaluate the usage of stacked ensembles consisting of neural network (SNN) and autoen-coder (AE) models augmented with a tree-structured Parzen estimator hyperparameter optimization approach for intrusion detection. The main contribution of our work is the application of advanced hyperparameter optimization and stacked ensembles together.

We conducted several experiments to check the effectiveness of our approach. We used the NSL-KDD dataset, a common benchmark dataset in intrusion detection, to train our models. The comparative results demonstrate that our proposed models can compete with and, in some cases, outperform existing models.

[1] Martín Abadi, Ashish Agarwal, Paul Barham, Eugene Brevdo, Zhifeng Chen, Craig Citro, Greg S Corrado, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Ian Goodfellow, Andrew Harp, Geoffrey Irving, Michael Isard, Yangqing Jia, Rafal Jozefowicz, Lukasz Kaiser, Manjunath Kudlur, Josh Levenberg, Dan Mane, Rajat Monga, Sherry Moore, Derek Murray, Chris Olah, Mike Schuster, Jonathon Shlens, Benoit Steiner, Ilya Sutskever, Kunal Talwar, Paul Tucker, Vincent Vanhoucke, Vijay Vasudevan, Fernanda Viegas, Oriol Vinyals, Pete Warden, Martin Wattenberg, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems, 2016. Search in Google Scholar

[2] Oludare Isaac Abiodun, Aman Jantan, Abiodun Esther Omolara, Kemi Victoria Dada, Nachaat AbdElatif Mohamed, and Humaira Arshad. State-of-the-art in artificial neural network applications: A survey. Heliyon, 4(11): e00938, 2018. Search in Google Scholar

[3] Abdulla Amin Aburomman and Mamun Bin Ibne Reaz. A survey of intrusion detection systems based on ensemble and hybrid classifiers. Computers & Security, 65: 135–152, 2017.10.1016/j.cose.2016.11.004 Search in Google Scholar

[4] Majjed Al-Qatf, Yu Lasheng, Mohammed Al-Habib, and Kamal Al-Sabahi. Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 6: 52843–52856, 2018.10.1109/ACCESS.2018.2869577 Search in Google Scholar

[5] Wathiq Laftah Al-Yaseen, Zulaiha Ali Othman, and Mohd Zakree Ahmad Nazri. Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Systems with Applications, 67: 296–303, 2017.10.1016/j.eswa.2016.09.041 Search in Google Scholar

[6] Sikha Bagui and Kunqi Li. Resampling imbalanced data for network intrusion detection datasets. Journal of Big Data, 8(1): 1–41, 2021.10.1186/s40537-020-00390-x Search in Google Scholar

[7] Amelia A Baldwin, Carol E Brown, and Brad S Trinkle. Opportunities for artificial intelligence development in the accounting domain: the case for auditing. Intelligent Systems in Accounting, Finance & Management: International Journal, 14(3): 77–86, 2006. Search in Google Scholar

[8] Rachid Beghdad. Critical study of neural networks in detecting intrusions. Computers & security, 27(5-6): 168–175, 2008.10.1016/j.cose.2008.06.001 Search in Google Scholar

[9] James Bergstra, Brent Komer, Chris Eliasmith, Dan Yamins, and David D Cox. Hyperopt: a python library for model selection and hyperparameter optimization. Computational Science & Discovery, 8(1): 14008, 2015. Search in Google Scholar

[10] James Bergstra, Dan Yamins, and David D Cox. Hyperopt: A python library for optimizing the hyperparameters of machine learning algorithms. In Proceedings of the 12th Python in science conference, pages 13–20. Citeseer, 2013.10.25080/Majora-8b375195-003 Search in Google Scholar

[11] James Bergstra, Daniel Yamins, and David Daniel Cox. Making a science of model search: Hyper-parameter optimization in hundreds of dimensions for vision architectures. 2013. Search in Google Scholar

[12] James S Bergstra, Rémi Bardenet, Yoshua Bengio, and Balázs Kégl. Algorithms for hyper-parameter optimization. In Advances in neural information processing systems, pages 2546–2554, 2011. Search in Google Scholar

[13] Monowar H Bhuyan, Dhruba Kumar Bhattacharyya, and Jugal K Kalita. Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials, 16(1): 303–336, 2013. Search in Google Scholar

[14] Nassima Bougueroua, Smaine Mazouzi, Mohamed Belaoued, Noureddine Seddari, Abdelouahid Derhab, and Abdelghani Bouras. A survey on multi-agent based collaborative intrusion detection systems. J. Artif. Intell. Soft Comput. Res., 11(2): 111–142, 2021.10.2478/jaiscr-2021-0008 Search in Google Scholar

[15] Anna L Buczak and Erhan Guven. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2): 1153–1176, 2015.10.1109/COMST.2015.2494502 Search in Google Scholar

[16] Sarin E Chandy, Amin Rasekh, Zachary A Barker, and M Ehsan Shafiee. Cyberattack detection using deep generative models with variational inference. Journal of Water Resources Planning and Management, 145(2): 4018093, 2019.10.1061/(ASCE)WR.1943-5452.0001007 Search in Google Scholar

[17] Zouhair Chiba, Noureddine Abghour, Khalid Moussaid, Amina El Omri, and Mohamed Rida. A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security, 75: 36–58, 2018.10.1016/j.cose.2018.01.023 Search in Google Scholar

[18] François Chollet. KERAS Documentation, 2015. Search in Google Scholar

[19] Sumeet Dua and Xian Du. Data mining and machine learning in cybersecurity. CRC press, 2016. Search in Google Scholar

[20] ISACA. CISA Review Manual. ISACA, 26 edition, 2015. Search in Google Scholar

[21] ISACA. CISM Review Manual. ISACA, 15 edition, nov 2016. Search in Google Scholar

[22] Ahmad Javaid, Quamar Niyaz, Weiqing Sun, and Mansoor Alam. A deep learning approach for network intrusion detection system. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pages 21–26, 2016.10.4108/eai.3-12-2015.2262516 Search in Google Scholar

[23] Yuta Kawachi, Yuma Koizumi, and Noboru Harada. Complementary set variational autoencoder for supervised anomaly detection. In 161 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2366–2370. IEEE, 2018.10.1109/ICASSP.2018.8462181 Search in Google Scholar

[24] Diederik P Kingma and Jimmy Ba. Adam: A Method for Stochastic Optimization. arXiv preprint arXiv: 1412.6980, 2014. Search in Google Scholar

[25] Diederik P Kingma and Max Welling. Auto-encoding variational bayes. arXiv preprint arXiv: 1312.6114, 2013. Search in Google Scholar

[26] Durk P Kingma, Shakir Mohamed, Danilo Jimenez Rezende, and Max Welling. Semi-supervised learning with deep generative models. In Advances in neural information processing systems, pages 3581–3589, 2014. Search in Google Scholar

[27] Solomon Kullback. Information Theory and Statistics. John Riley and Sons. Inc. New York, 1959. Search in Google Scholar

[28] Manuel Lopez-Martin, Belen Carro, and Antonio Sanchez-Esguevillas. Variational data generative model for intrusion detection. Knowledge and Information Systems, 60(1): 569–590, 2019.10.1007/s10115-018-1306-7 Search in Google Scholar

[29] Manuel Lopez-Martin, Belen Carro, Antonio Sanchez-Esguevillas, and Jaime Lloret. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot. Sensors, 17(9): 1967, 2017.10.3390/s17091967562101428846608 Search in Google Scholar

[30] Simone A Ludwig. Applying a neural network ensemble to intrusion detection. Journal of Artificial Intelligence and Soft Computing Research, 9, 2019.10.2478/jaiscr-2019-0002 Search in Google Scholar

[31] Borja Molina-Coronado, Usue Mori, Alexander Mendiburu, and José Miguel-Alonso. Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process. arXiv preprint arXiv: 2001.09697, 2020. Search in Google Scholar

[32] N Moustafa and J Slay. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6, 2015.10.1109/MilCIS.2015.7348942 Search in Google Scholar

[33] Srinivas Mukkamala, Andrew H. Sung, and Ajith Abraham. Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications, 28(2): 167–182, 2005.10.1016/j.jnca.2004.01.003 Search in Google Scholar

[34] Hien M Nguyen, Eric W Cooper, and Katsuari Kamei. Borderline over-sampling for imbalanced data classification. In Proceedings: Fifth International Workshop on Computational Intelligence & Applications, volume 2009, pages 24–29. IEEE SMC Hiroshima Chapter, 2009. Search in Google Scholar

[35] Genki Osada, Kazumasa Omote, and Takashi Nishide. Network intrusion detection based on semi-supervised variational auto-encoder. In European Symposium on Research in Computer Security, pages 344–361. Springer, 2017.10.1007/978-3-319-66399-9_19 Search in Google Scholar

[36] Nikunj C Oza and Kagan Tumer. Classifier ensembles: Select real-world applications. Information Fusion, 9(1): 4–20, 2008. Search in Google Scholar

[37] Yoshihiko Ozaki, Yuki Tanigaki, Shuhei Watanabe, and Masaki Onishi. Multiobjective tree-structured parzen estimator for computationally expensive optimization problems. In Proceedings of the 2020 Genetic and Evolutionary Computation Conference, pages 533–541, 2020.10.1145/3377930.3389817 Search in Google Scholar

[38] Sandhya Peddabachigari, Ajith Abraham, and Johnson Thomas. Intrusion detection systems using decision trees and support vector machines. International Journal of Applied Science and Computations, 11(3): 118–134, 2004. Search in Google Scholar

[39] Karen Scarfone and Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS) Recommendations of the National Institute of Standards and Technology. Nist Special Publication, 800-94: 127, 2007.10.6028/NIST.SP.800-94 Search in Google Scholar

[40] Benedetto Marco Serinelli, Anastasija Collen, and Niels Alexander Nijdam. Training guidance with kdd cup 1999 and nsl-kdd data sets of anidinr: Anomaly-based network intrusion detection system. Procedia Computer Science, 175: 560–565, 2020. Search in Google Scholar

[41] Bobak Shahriari, Kevin Swersky, Ziyu Wang, Ryan P Adams, and Nando De Freitas. Taking the human out of the loop: A review of Bayesian optimization. Proceedings of the IEEE, 104(1): 148–175, 2015. Search in Google Scholar

[42] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSP, pages 108–116, 2018.10.5220/0006639801080116 Search in Google Scholar

[43] Rahul Sharma, Chien Aun Chan, and Christopher Leckie. Evaluation of centralised vs distributed collaborative intrusion detection systems in multi-access edge computing. In 2020 IFIP Networking Conference (Networking), pages 343–351. IEEE, 2020. Search in Google Scholar

[44] Vadim Smolyakov. Ensemble Learning to Improve Machine Learning Results, 2017. Search in Google Scholar

[45] Steven R Snapp, James Brentano, Gihan Dias, Terrance L Goan, L Todd Heberlein, Che-Lin Ho, and Karl N Levitt. DIDS (distributed intrusion detection system)-motivation, architecture, and an early prototype. 2017. Search in Google Scholar

[46] Salvatore J Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis, and Philip K Chan. Cost-based modeling for fraud and intrusion detection: Results from the jam project. In Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, volume 2, pages 130–144. IEEE, 2000. Search in Google Scholar

[47] Jiayu Sun, Xinzhou Wang, Naixue Xiong, and Jie Shao. Learning sparse representation with variational auto-encoder for anomaly detection. IEEE Access, 6: 33353–33361, 2018.10.1109/ACCESS.2018.2848210 Search in Google Scholar

[48] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A Ghorbani. A Detailed Analysis of the KDD CUP 99 Data Set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications - CISDA, pages 1–6. IEEE, IEEE, 2009.10.1109/CISDA.2009.5356528 Search in Google Scholar

[49] Daxin Tian, Yanheng Liu, and Yang Xiang. Large-scale network intrusion detection based on distributed learning algorithm. International Journal of Information Security, 8(1): 25–35, 2009.10.1007/s10207-008-0061-2 Search in Google Scholar

[50] Michal Tkáč and Robert Verner. Artificial neural networks in business: Two decades of research. Applied Soft Computing, 38: 788–804, 2016. Search in Google Scholar

[51] Chih Fong Tsai, Yu Feng Hsu, Chia Ying Lin, and Wei Yang Lin. Intrusion detection by machine learning: A review. Expert Systems with Applications, 36(10): 11994–12000, 2009. Search in Google Scholar

[52] Bo K Wong, Thomas A Bodnovich, and Yakup Selvi. Neural network applications in business: A review and analysis of the literature (1988–1995). Decision Support Systems, 19(4): 301–320, 1997. Search in Google Scholar

[53] Yanqing Yang, Kangfeng Zheng, Chunhua Wu, and Yixian Yang. Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors, 19(11): 2528, 2019.10.3390/s19112528660352331159512 Search in Google Scholar

[54] Chuanlong Yin, Yuefei Zhu, Jinlong Fei, and Xinzheng He. A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5: 21954–21961, 2017.10.1109/ACCESS.2017.2762418 Search in Google Scholar

[55] Anazida Zainal, Mohd Aizaini Maarof, and Siti Mariyam Shamsuddin. Ensemble classifiers for network intrusion detection system. Journal of Information Assurance and Security, 4(3): 217–225, 2009. Search in Google Scholar

Empfohlene Artikel von Trend MD

Planen Sie Ihre Fernkonferenz mit Scienceendo