Building an Effective Approach toward Intrusion Detection Using Ensemble Feature Selection

Building an Effective Approach toward Intrusion Detection Using Ensemble Feature Selection

Alok Kumar Shukla (NIT Raipur, Raipur, India) and Pradeep Singh (NIT Raipur, Raipur, India)
Copyright: © 2019 |Pages: 17
DOI: 10.4018/IJISP.201907010102

Abstract

The duplicate and insignificant features present in the data set to cause a long-term problem in the classification of network or web traffic. The insignificant features not only decrease the classification performance but also prevent a classifier from making accurate decisions, exclusively when substantial volumes of data are managed. In this article, the author introduced an ensemble feature selection (EFS) technique, where multiple homogeneous feature selection (FS) methods are combined to choose the optimal subset of relevant and non-redundant features. An intrusion detection system, named support vector machine-based IDS (SVM-IDS), is prompted using the feature selected by the proposed method. The SVM-IDS performance is evaluated using two benchmark datasets of intrusion detection, including KDD Cup 99 and NSL-KDD. Our proposed method provided more significant features for SVM-IDS and compared with the other state-of-the-art methods. The experimental results demonstrate that proposed method achieves a maximum accuracy as 98.95% in KDD Cup 99 data set and 98.12% in the NSL-KDD data set.
Article Preview
Top

Introduction

Despite the expanding awareness with web or network security, the current solutions stay unfitted for completely ensuring web/network applications and enterprise systems against the threats from consistently ever-advancing network attack methods: for example, Distributed Denial of Service (DDoS) and Computer Trojan. An emerging and versatile security methods, in this way, has turned out to be more serious than ever before. The usual network-security methods, as the first line of security protection, for example, client verification, firewall, and data decoding are deficient to completely cover the whole landscape of system security while confronting encounters from consistently advancing interruption aptitudes and strategies (Pontarelli, Bianchi, & Teofili, 2013). Thus, a different line of security defense is intensely recommended, for example, “Intrusion Detection System” (IDS). An IDS (see fig.1) is a device or software application that monitors a network/web for malicious action or policy violations (Nadiammai & Hemalatha, 2014).

In recent years, IDS nearby with anti-virus application has turned into an essential component of the security infrastructure of basic enterprise. The integration of these two arrivals gives more resistance against web-attacks and upgrades web security. Over the past years, lots of research has been directed to develop intellectual IDS, which help accomplish better web security from the web-attackers. The Bagging and Boosting view of C5.0-based on decision tree (DT) (Pfahringer, 2000) and new version of DT introduced by Kernel Miner (Levin & Street, 2000), were the most two prompt endeavors to assemble intrusion detection schemes. In Ref. (Belavagi & Muniyal, 2016) and in (Chandrasekhar and Raghuveer, n.d.), proposed strategies which have connected efficiently machine learning (ML) procedures, for example, SVM to group web traffic outlines that do not coordinate normal web traffic. The two frameworks were furnished with five distinct classes to recognize a standard attack and four distinctive attacks such as DoS, probing, U2R, and R2L. They were conducted experimental work and found the exploratory outcomes which demonstrate the adequacy and strength of SVM in IDS network.

Figure 1.

The framework of intrusion detection system

IJISP.201907010102.f01

In 2005, Mukkamala et al. (Mukkamala, Sung, & Abraham, 2005) introduced an ensemble approach for anomaly-IDS network in order to determine the attainment of Neural Network (NN), SVM, and Multivariate Adaptive Regression Splines (MARS) to detect intrusions and show that an ensemble of three respective classifiers such as ANN, SVM, and MARS and is gained much attention as individual method for intrusion detection regarding accuracy rate. For sake of lucidity, in 2007, Toosi and Kahani (Toosi & Kahani, 2007) have investigated a novel approach to detect threats on Software Defined Web (SDN) based on closeness of present attacks that objective extinguish the networks, and generating an inference infrastructure to detect the False Positive (FP) and Negative Rate (NR) during the prediction modal, and a packet aggregation method which intentions generating an attack crosses and use them to predict attacks on SDNs. Similarly, Zhiyuan et al. (Zhiyuan, Jamdagni, & He, 2015) proposed a model known as delicacies traffic chronicles for images and detected the DoS attacks on the computer vision system. The proposed DoS security system used the Earth Mover’s Distance (EMD) technique as the observed objects. It is dependent on dissimilarity measure and tested on “KDD Cup 99” and ISCX 2012 dataset and also getting auspicious classification detection rate as 99.95 and 90.12 (in percent).

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 14: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing