research-article

Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system

Authors:

Wathiq Laftah Al-Yaseen,

Zulaiha Ali Othman,

Mohd Zakree Ahmad NazriAuthors Info & Claims

Expert Systems with Applications: An International Journal, Volume 67, Issue C

Pages 296 - 303

https://doi.org/10.1016/j.eswa.2016.09.041

Published: 01 January 2017 Publication History

Abstract

Reduction the 10%KDD training dataset up to 99.8% by using modified K-means.New high quality training datasets are constructed for training SVM and ELM.Multi-level model is proposed to improve the performance of detection accuracy.Improve the detection rate of DoS, U2R and R2L attacks.Overall accuracy of 95.75% is achieved with whole Corrected KDD dataset. Intrusion detection has become essential to network security because of the increasing connectivity between computers. Several intrusion detection systems have been developed to protect networks using different statistical methods and machine learning techniques. This study aims to design a model that deals with real intrusion detection problems in data analysis and classify network data into normal and abnormal behaviors. This study proposes a multi-level hybrid intrusion detection model that uses support vector machine and extreme learning machine to improve the efficiency of detecting known and unknown attacks. A modified K-means algorithm is also proposed to build a high-quality training dataset that contributes significantly to improving the performance of classifiers. The modified K-means is used to build new small training datasets representing the entire original training dataset, significantly reduce the training time of classifiers, and improve the performance of intrusion detection system. The popular KDD Cup 1999 dataset is used to evaluate the proposed model. Compared with other methods based on the same dataset, the proposed model shows high efficiency in attack detection, and its accuracy (95.75%) is the best performance thus far.

References

[1]

M.B. Al-daoud, A new algorithm for cluster initialization, International Journal of Computer, Information, Mechatronics, Systems Science and Engineering, 1 (2007) 1026-1028.

[2]

T. Ambwani, Multi class support vector machine implementation to intrusion detection, in: Proceedings of the international joint conference on neural networks, 2003, Vol. 3, 2003, pp. 2300-2305.

[3]

D. Arthur, D. Arthur, S. Vassilvitskii, S. Vassilvitskii, k-means++: The advantages of careful seeding, in: Proceedings of the eighteenth annual ACM-SIAM symposium on discrete algorithms, 2007, pp. 1027-1035.

Digital Library

[4]

J. Balczar, Y. Dai, O. Watanabe, A random sampling technique for training support vector machines, Springer, Berlin Heidelberg, 2001.

[5]

C. Cheng, W.-P. Tay, G.-B. Huang, Extreme learning machines for intrusion detection, in: WCCI 2012 IEEE world congress on computational intelligence, 2012, pp. 1-8.

[6]

G. Creech, F. Jiang, The application of extreme learning machines to the network intrusion detection problem, in: Numerical analysis and applied mathematics ICNAAM, Vol. 1479, 2012, pp. 1506-1511.

[7]

C. Elkan, Results of the KDD99 classifier learning, ACM SIGKDD Explorations Newsletter, 1 (2000) 63-64.

Digital Library

[8]

M. Erisoglu, N. Calis, S. Sakallioglu, A new algorithm for initial cluster centers in k-means algorithm, Pattern Recognition Letters, 32 (2011) 1701-1705.

Digital Library

[9]

W. Feng, Q. Zhang, G. Hu, J.X. Huang, Mining network data for intrusion detection through combining SVMs with ant colony networks, Future Generation Computer Systems, 37 (2014) 127-140.

[10]

P. Gogoi, D.K. Bhattacharyya, B. Borah, J.K. Kalita, MLH-IDS: A multi-level hybrid intrusion detection method, Computer Journal, 57 (2014) 602-623.

[11]

V. Golmah, An efficient hybrid intrusion detection system based on C5. 0 and SVM, International Journal of Database Theory & Application, 7 (2014) 59-70.

[12]

A.M. Hasan, M. Nasser, B. Pal, S. Ahmad, Intrusion detection using combination of various kernels based support vector machine, International Journal of Scientific & Engineering Research, 4 (2013) 1454-1463.

[13]

L. He, An improved intrusion detection based on neural network and fuzzy algorithm, Journal of Networks, 9 (2014) 1274-1280.

[14]

M.S. Hoque, M.A. Mukit, M.A.N. Bikas, An implementation of intrusion detection system using genetic algorithm, International Journal of Network Security & Its Applications, 4 (2012) 109-120.

[15]

S.J. Horng, M.Y. Su, Y.H. Chen, T.W. Kao, R.J. Chen, J.L. Lai, A novel intrusion detection system based on hierarchical clustering and support vector machines, Expert Systems with Applications, 38 (2011) 306-313.

Digital Library

[16]

C.-W. Hsu, C.-C. Chang, C.-J. Lin, A practical guide to support vector classification, 2003.

[17]

G. Huang, Q.-Y. Zhu, C.-K. Siew, Extreme learning machine: A new learning scheme of feedforward neural networks, in: IEEE international joint conference on neural networks, Vol. 2, 2004, pp. 985-990.

[18]

G.-B. Huang, D.H. Wang, Y. Lan, Extreme learning machines: A survey, International Journal of Machine Learning and Cybernetics, 2 (2011) 107-122.

[19]

G.-B. Huang, H. Zhou, X. Ding, R. Zhang, Extreme learning machine for regression and multiclass classification, IEEE Transactions on Systems, Man, and Cybernetics. Part B, Cybernetics, 42 (2012) 513-529.

Digital Library

[20]

H.E. Ibrahim, S.M. Badr, M.A. Shaheen, Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems, International Journal of Computer Applications, 56 (2012) 10-16.

[21]

I. Katsavounidis, C.C.J. Kuo, Z. Zhang, New initialization technique for generalized Lloyd iteration, IEEE Signal Processing Letters, 1 (1994) 144-146.

[22]

L. Khan, M. Awad, B. Thuraisingham, A new intrusion detection system using support vector machines and hierarchical clustering, The VLDB Journal, 16 (2007) 507-521.

Digital Library

[23]

F. Kuang, W. Xu, S. Zhang, A novel hybrid KPCA and SVM with GA model for intrusion detection, Applied Soft Computing Journal, 18 (2014) 178-184.

Digital Library

[24]

W. Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models, in: Proceedings of the 1999 IEEE symposium on security and privacy, 1999, pp. 1-13.

[25]

H. Lu, J. Xu, Three-level hybrid intrusion detection system, in: Proceedings - 2009 international conference on information engineering and computer science, ICIECS 2009, 2009, pp. 1-4.

[26]

M. Panda, A. Abraham, M.R. Patra, A hybrid intelligent approach for network intrusion detection, Procedia Engineering, 30 (2012) 1-9.

[27]

L.P. Rajeswari, A. Kannan, An intrusion detection system based on multiple level hybrid classifier using enhanced C4.5, in: IEEE international conference on signal processing, communications and networking, 2008, pp. 75-79.

[28]

M. Roesch, Snort: lightweight intrusion detection for networks, in: LISA 99: 13th systems administration conference, 1999, pp. 229-238.

Digital Library

[29]

M. Sabhnani, G. Serpen, Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context, in: Proceedings of international conference on machine learning: models, technologies, and applications (MLMTA), 2003, pp. 209-215.

[30]

S. Selim, M. Hashem, T.M. Nazmy, Hybrid multi-level intrusion detection system, International Journal of Computer Science and Information Security, 9 (2011) 23-29.

[31]

N. Sharma, S. Mukherjee, A novel multi-classifier layered approach to improve minority attack detection in IDS, Procedia Technology, 6 (2012) 913-921.

[32]

L. Shih, J.D.M. Rennie, D.R. Karger, Text bundling: Statistics-based data reduction, in: Proceedings of the twentieth international conference on machine learning (ICML-2003), 2003, pp. 1-8.

Digital Library

[33]

R. Singh, H. Kumar, R.K. Singla, An intrusion detection system using network traffic profiling and online sequential extreme learning machine, Expert Systems with Applications, 42 (2015) 8609-8624.

Digital Library

[34]

C. Staelin, Parameter selection for support vector machines, Hewlett-Packard Company, 2003.

[35]

C.-H. Tsang, S. Kwong, H. Wang, Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection, Pattern Recognition, 40 (2007) 2373-2391.

Digital Library

[36]

C. Xiang, M.Y. Chong, H.L. Zhu, Design of multiple-level tree classifiers for intrusion detection system, in: Proceeding of the 2004 EEE conference on cybernetics and intelligent systems, 2004, pp. 873-878.

[37]

C. Xiang, P.C. Yong, L.S. Meng, Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees, Pattern Recognition Letters, 29 (2008) 918-924.

Digital Library

[38]

W. Xuren, H. Famei, X. Rongsheng, Modeling intrusion detection system by discovering association rule in rough set theory framework, in: International conference on computational inteligence for modelling control and automation and international conference on intelligent agents, web technolgies and internet commerce (CIMCA-IAWTIC06), 2006, pp. 1-6.

Digital Library

[39]

H. Yu, J. Yang, J. Han, Classifying large data sets using SVMs with hierarchical clusters, in: ACM SIGKDD international conference on Knowledge discovery and data mining03, 2003, pp. 306-314.

Digital Library

Cited By

Ling ZQi GMin H(2024)Intrusion detection using rough-fuzzy set and parallel quantum genetic algorithmJournal of High Speed Networks10.3233/JHS-22207030:1(69-81)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-222070
Lai YYu YGuan WLuo LFan JZhou NPing Y(2024)A Lightweight Intrusion Detection System Using a Finite Dirichlet Mixture Model With Extended Stochastic Variational InferenceIEEE Transactions on Network and Service Management10.1109/TNSM.2024.339125021:4(4701-4712)Online publication date: 19-Apr-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3391250
Vu DLa TNguyen GHuh ETran H(2024)Enhancing network attack detection across infrastructuresIET Communications10.1049/cmu2.1281918:17(1107-1125)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1049/cmu2.12819
Show More Cited By

Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
    2. Machine learning approaches

Recommendations

Feature Selection and Design of Intrusion Detection System Based on k-Means and Triangle Area Support Vector Machine
ICFN '10: Proceedings of the 2010 Second International Conference on Future Networks

Nowadays, challenged by malicious use of network and intentional attacks on personal computer system, intrusion detection system has become an indispensible and infrastructural mechanism for securing critical resource and information. Most current ...
A hybrid approach for intrusion detection based on machine learning

With the evolution of internet, network security has emerged as one of the key areas of research. Network security is to safeguard the privacy, availability and integrity of the system. Identification of intrusion is core component to attain overall ...
Intrusion Detection Using Deep Belief Network and Extreme Learning Machine

Security threats for computer networks have increased dramatically over the last decade, becoming bolder and more brazen. There is a strong need for effective Intrusion Detection Systems IDS that are designed to interpret intrusion attempts in incoming ...

Comments

Information & Contributors

Information

Published In

cover image Expert Systems with Applications: An International Journal

Expert Systems with Applications: An International Journal Volume 67, Issue C

January 2017

312 pages

ISSN:0957-4174

Issue’s Table of Contents

Copyright © Elsevier Ltd.

Publisher

Pergamon Press, Inc.

United States

Publication History

Published: 01 January 2017

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

92
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ling ZQi GMin H(2024)Intrusion detection using rough-fuzzy set and parallel quantum genetic algorithmJournal of High Speed Networks10.3233/JHS-22207030:1(69-81)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-222070
Lai YYu YGuan WLuo LFan JZhou NPing Y(2024)A Lightweight Intrusion Detection System Using a Finite Dirichlet Mixture Model With Extended Stochastic Variational InferenceIEEE Transactions on Network and Service Management10.1109/TNSM.2024.339125021:4(4701-4712)Online publication date: 19-Apr-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3391250
Vu DLa TNguyen GHuh ETran H(2024)Enhancing network attack detection across infrastructuresIET Communications10.1049/cmu2.1281918:17(1107-1125)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1049/cmu2.12819
Saied MGuirguis SMadbouly M(2024)Review of artificial intelligence for enhancing intrusion detection in the internet of thingsEngineering Applications of Artificial Intelligence10.1016/j.engappai.2023.107231127:PAOnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.engappai.2023.107231
Zhu JLiu X(2024)An integrated intrusion detection framework based on subspace clustering and ensemble learningComputers and Electrical Engineering10.1016/j.compeleceng.2024.109113115:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109113
Kanna PSanthi P(2024)An Enhanced Hybrid Intrusion Detection Using Mapreduce-Optimized Black Widow Convolutional LSTM Neural NetworksWireless Personal Communications: An International Journal10.1007/s11277-024-11607-0138:4(2407-2445)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11277-024-11607-0
Ramamoorthy AKaruppasamy K(2024)Unified Intrusion Detection Framework: Predictive Analysis of Intrusions in Sensor NetworksWireless Personal Communications: An International Journal10.1007/s11277-024-11396-6137:3(1559-1580)Online publication date: 20-Jul-2024
https://dl.acm.org/doi/10.1007/s11277-024-11396-6
Dandapat AMondal B(2024)Design of Intrusion Detection System Using GA and CNN for MQTT-Based IoT NetworksWireless Personal Communications: An International Journal10.1007/s11277-024-10984-w134:4(2059-2082)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s11277-024-10984-w
Anand SKumar S(2024)Ontology-based soft computing and machine learning model for efficient retrievalKnowledge and Information Systems10.1007/s10115-023-01990-866:2(1371-1402)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10115-023-01990-8
Ji RPadha DSingh YSharma S(2024)Review of intrusion detection system in cyber‐physical system based networksTransactions on Emerging Telecommunications Technologies10.1002/ett.502935:9Online publication date: 20-Aug-2024
https://dl.acm.org/doi/10.1002/ett.5029
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents