Journal of Guangdong University of Technology ›› 2020, Vol. 37 ›› Issue (03): 9-16.doi: 10.12052/gdutxb.200036

Previous Articles     Next Articles

A Multi-Fold Self-Correction Small-Sample Classifier for Intrusion Detection

Teng Shao-hua, Chen Cheng, Huo Ying-xiang   

  1. School of Computers, Guangdong University of Technology, Guangzhou 510006, China
  • Received:2020-02-27 Online:2020-05-12 Published:2020-05-12

Abstract: Intrusion detection is very important for network security. Traditional intrusion detection algorithms are often affected by biased training samples and misleading characteristics of attack behaviors. Therefore, a self-correction small sample classifier for intrusion detection is proposed. First, an orthogonal projection classification method roughly divides training data set into three groups. Then, based on support vector machine and random forest algorithm, sub-classifiers are constructed layer by layer to refine the results iteratively. Finally, by combining results of all sub-classifiers, a classifier for the NSL-KDD data set is constructed. Experimental results show that the proposed classifier surpasses its competitors in the detection accuracy of DoS (Denial of Service), Probe and R2L (Remote to Local). The overall recall and accuracy rates are better than others.

Key words: intrusion detection, dimension reduction, self-correction, biased dataset

CLC Number: 

  • TP391
[1] TENG S H, WU N Q, ZHU H B, et al. SVM-DT-based adaptive and collaborative intrusion detection [J]. IEEE/CAA Journal of Automatica Sinica, 2017, 5(1): 108-118
[2] SUN Z B, SONG Q B, ZHU X Y, et al. A novel ensemble method for classifying imbalanced data [J]. Pattern Recognition, 2015, 48(5): 1623-1637
[3] GUO H X, LI Y J, JENNIFER S, et al. Learning from class-imbalanced data: review of methods and applications [J]. Expert Systems with Applications, 2017, 73: 220-239
[4] TENG S H, ZHANG Z H, TENG L Y, et al. A collaborative intrusion detection model using a novel optimal weight strategy based on genetic algorithm for ensemble classifier[C]//Proceedings of IEEE 22nd International Conference on Computer Supported Cooperative Work in Design (CSCWD). Nanjing, China: IEEE, 2018: 761-766.
[5] 滕少华, 严远驰, 刘冬宁, 等. 基于FCM-C4.5的双过滤入侵检测机制[J]. 计算机应用与软件, 2016, 33(1): 307-311 TENG S H, YAN Y C, LIU D N, et al. A dual filtration intrusion detection mechanism based on FCM and C4.5[J]. Computer Applications and Software, 2016, 33(1): 307-311
[6] HWANG T S, LEE T J, LEE Y J. A three-tier IDS via data mining approach[C]//Proceedings of the 3rd Annual ACM Workshop on Mining Network Data. San Diego, California, USA: ACM, 2007: 1-6.
[7] LI Y, LI J L, YUE S J, et al. Research of intrusion detection based on ensemble learning model [J]. Applied Mechanics and Materials, 2013, 336-338(2): 2376-2380
[8] MAIRAL J, BACH F, PONCE J, et al. Online dictionary learning for sparse coding[C]//Proceedings of the 26th Annual International Conference on Machine Learning. Montreal. Quebec, Canada: IMLS, 2009: 689-696.
[9] 滕少华, 卢东略, 霍颖翔, 等. 基于正交投影的降维分类方法研究[J]. 广东工业大学学报, 2017, 34(3): 1-7 TENG S H, LU D L, HUO Y X, et al. Classification method based on dimension reduction [J]. Journal of Guangdong University of Technology, 2017, 34(3): 1-7
[10] BHOWAN U, JOHNSTON M, ZHANG M J, et al. Evolving diverse ensembles using genetic programming for classification with unbalanced data [J]. IEEE Transactions on Evolutionary Computation, 2012, 17(3): 368-386
[11] CATENI S, COLLA V, VANNUCCI M. A method for resampling imbalanced datasets in binary classification tasks for real-world problems [J]. Neurocomputing, 2014, 135: 32-41
[12] CAO H, LI X L, WOON D Y K, et al. Integrated oversampling for imbalanced time series classification [J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(12): 2809-2822
[13] NEKOOEIMEHR I, LAI Y S K. Adaptive semi-unsupervised weighted oversampling (A-SUWO) for imbalanced datasets [J]. Expert Systems with Applications, 2016, 46: 405-416
[14] BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF: identifying density-based local outliers[C]// Proceedings of 2000 ACM SIGMOD International Conference on Management of Data. New York: ACM, 2000, 29(2): 93-104
[15] INGRE B, YADAV A. Performance analysis of NSL-KDD dataset using ANN[C]//International Conference on Signal Processing and Communication Engineering Systems. Andaman and Nicobar Islands, India: IEEE, 2015: 92-96.
[16] 胡臻伟, 施勇, 薛质. 网络入侵检测的机器学习算法评估与比较[J]. 通信技术, 2017, 50(12): 158-163 HU Z W, SHI Y, XUE Z. Evaluation and comparison of machine-learning algorithm for net work intrusion detection [J]. Communications Technology, 2017, 50(12): 158-163
[17] GAIKWAD D, THOOL R C. Intrusion detection system using bagging ensemble method of machine learning[C]//2015 International Conference on Computing Communication Control and Automation. Pune, India: IEEE, 2015: 291-295.
[18] SALO F, NASSIF A B, ESSEX A. Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection [J]. Computer Networks, 2019, 148: 164-175
[19] JIANG L X, LI C Q, WU J, et al. A combined classification algorithm based on C4.5 and NB[C]//ISICA 2008: Proceeding of the Third International Symposium on Computation and Intelligence, LNCV 5370. Berlin: Spring-Verlag, 2008: 350-359.
[20] 姚滩, 王娟, 张胜利. 基于决策树与朴素贝叶斯分类的入侵检测模型[J]. 计算机应用, 2015, 35(10): 2883-2885 YAO T, WANG J, ZHANG S L. Intrusion detection model based on decision tree and Naive-Bayes classification [J]. Journal of Computer Applications, 2015, 35(10): 2883-2885
[21] GUO C, PING Y, LIU N, et al. A two-level hybrid approach for intrusion detection [J]. Neurocomputing, 2016, 214: 391-400
[22] LATAH M, TOKER L. An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks[J]. arXiv preprint arXiv: 1806.03875, 2018.
[23] HORNG S J, SU M Y, CHEN Y H, et al. A novel intrusion detection system based on hierarchical clustering and support vector machines [J]. Expert Systems with Applications, 2011, 38(1): 306-313
[24] PAJOUH H H, JAVIDAN R, KHAYAMI R, et al. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks [J]. IEEE Transactions on Emerging Topics in Computing, 2019, 7(2): 314-323
[25] KIM G, LEE S, KIM S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection [J]. Expert Systems with Applications, 2014, 41(4): 1690-1700
[26] CAI J, LUO J W, WANG S L, et al. Feature selection in machine learning: a new perspective [J]. Neurocomputing, 2018, 300: 70-79
[27] JOVIĆ A, BRKIĆ K, BOGUNOVIĆ N. A review of feature selection methods with applications[C]//201538th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). Opatija, Croatia: IEEE, 2015: 1200-1205.
[28] LI J D, CHENG K W, WANG S H, et al. Feature selection [J]. ACM Computing Surveys, 2017, 50(6): 1-45
[29] VENKATESH B, ANURADHA J. A review of feature selection and its methods [J]. Cybernetics and Information Technologies, 2019, 19(1): 3-26
[30] DARSHAN S S, JAIDHAR C. Performance evaluation of filter-based feature selection techniques in classifying portable executable files [J]. Procedia Computer Science, 2018, 125: 346-356
[31] ALJAWARNEH S, ALDWAIRI M, YASSEIN M B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model [J]. Journal of Computational Science, 2018, 25: 152-160
[32] CHANG C C, LIN C J. LIBSVM: a library for support vector machines [J]. ACM Transactions on Intelligent Systems and Technology (TIST), 2011, 2(3): 1-27
[1] Teng Shao-hua, Lu Dong-lue, Huo Ying-xiang, Zhang Wei. Classification Method Based on Dimension Reduction [J]. Journal of Guangdong University of Technology, 2017, 34(03): 1-7.
[2] ZHAO Yu-ming,TENG Shao-hua,ZHANG Wei,WU Nai-qi . The Application of Data Mining Technology in Anomaly Detection [J]. Journal of Guangdong University of Technology, 2005, 22(3): 48-52.
[3] ZHAO Yu-ming,ZHANG Wei,TENG Shao-hua. The Study of Bro: a System for Detecting Network Intruder in Real-time [J]. Journal of Guangdong University of Technology, 2005, 22(2): 64-68.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!