Abstract
Almost daily we hear news about a security breach somewhere, as hackers are constantly finding new ways to get around even the most complex firewalls and security systems. This turned the security into one of the top research areas. Artificial Immune Systems are techniques inspired by biological immune system—specifically the human immune system—which basic function is to protect the body (system) and defend against attacks of different types. For this reason, many have applied the artificial immune system in the field of network security and intrusion detection. In this chapter, a basic model of a multi-layer system is discussed, along with the basics of artificial immune systems and network intrusion detection. An actual experiment is included, which involved a layer for data preprocessing and feature selection (using Principal Component Analysis), a layer for detectors generation and anomaly detection (Using Genetic Algorithm with Negative Selection Approach), and finally a layer for detected anomalies classification (using decision tree classifiers). The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results of the anomaly detection layer shows that up to 81 % of the attacks were successfully detected as attacks. The results of the classification layer demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82 % for DoS attacks and 65.4 % for probe attacks in the anomaly traffic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Teller, T.: The Biggest Cybersecurity Threats of 2013, Forbes magazine, May 2012
2013 Cisco Annual Security Report, Cisco Systems
Worldwide Infrastructure Security Report, 2012 vol. VIII, ARBOR Networks
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114–132 (2007)
Farid, D., Harbi, N., Rahman, M.Z.: Combining naive bayes and decision tree for adaptive intrusion detection. arXiv, preprint arXiv:1005.4496 (2010)
Xiang, C., Yong, P.C., Meng, L.S.: Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recogn. Lett. 29(7), 918–924 (2008)
Omar, S., Ngadi, A., Jebur, H.H.: An adaptive intrusion detection model based on machine learning techniques. Int. J. Comput. Appl. 70 (2013)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN’02, IEEE, vol. 2, pp. 1702–1707 (2002)
Aleksandar, L., Vipin, K., Jaideep, S.: Intrusion detection: a survey. In: Kumar, V. et al. (eds.) Managing Cyber Threats Issues, Approaches, and Challenges, vol. 5, pp. 19–78 (2005)
Murali, A., Roa, M.: A survey on intrusion detection approaches. First International Conference on Information and Communication Technologies. pp. 233–240 (2005)
Garcia-Teodora, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Li, W.: Using genetic algorithm for network intrusion detection. Proceedings of the United States Department of Energy Cyber Security Grou, Training Conference vol. 8, pp. 24–27 (2004)
Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Proceedings of 15th Annual Computer Security Applications Conference, ACSAC’99, pp. 371–377, IEEE (1999)
Jolliffe, I.: Principal Component Analysis. John Wiley & Sons Ltd, New York (2005)
Smith, L.I.: A tutorial on principal components analysis. Cornell University, USA vol. 51, pp. 52 (2002)
Hofmeyr, S.A., Forrest, S.: Immunity by design: an artificial immune system. Proceedings of Genetic and Evolutionary Computation Conference, pp. 1289–1296 (1999)
Aickelin, U., Dasgupta, D.: Artificial immune systems tutorial. In: Burke, E., Kendall, G. (eds.) Search Methodologies Introductory Tutorials in Optimization and Decision Support Techniques. Kluwer, pp. 375–399 (2005)
Greensmith, J., Whitbrook, A., Aickelin, U.: Artificial immune systems. Handbook of Metaheuristics, pp. 421–448. Springer, US (2010)
Forrest, S.: Self-nonself discrimination in a computer. IEEE Computer Society Symposium on Research in Security and Privacy, pp. 202–212 (1994)
Shen, X., Gao, X.Z., Bie, R., Jin, X.: Artificial immune networks: models and applications. International Conference on Computational Intelligence and Security, vol. 1, pp. 394–397 (2006)
Galeano, G.C., Veloza-Suan, A., Gonzalez, F.A.: A comparative analysis of artificial immune network models. Proceedings of the Conference on Genetic and Evolutionary Computation, GECCO ’05, pp. 361–368 (2005)
Ulutas, B.H., Kulturel-Konak, S.: A review of clonal selection algorithm and its applications. Artif. Intell. Rev. 36(2), 117–138 (2011)
Iqbal, A., Maarof, M.A.: Danger theory and intelligent data processing. World Academy of Science, Engineering and Technology vol. 3 (2005)
Aickelin, U., Cayzer, S.: The danger theory and its application to artificial immune systems. Computing Research Repository—CORR 0801.3 (2008)
Greensmith, J., Aickelin, U., Cayzer, S.: Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection. Proceedings ICARIS-2005, 4th International Conference on Artificial Immune Systems, LNCS 3627, pp. 153–167, Springer (2005)
de Castro, L.N., Timmis, J.: Artificial Immune System: A Novel Paradigm to Pattern Recognition. University of Paisley, vol. 2, pp. 67–84 (2002)
de Castro, L.N., Von Zuben, F.J.: Artificial Immune Systems: Part I Basic Theory and Applications, pp. 57–58. Springer, Berlin (1999)
Burke, E.K., Kendall, G. (eds.): Search Methodologies: Introductory Tutorials in Optimization and Decision Support Techniques. Springer, Berlin (2005)
Middlemiss, M.: Positive and Negative Selection in a Multilayer Artificial Immune System. The Information Science Discussion Paper Series 2006/03, University of Otago (2006)
Dasgupta, D.: Immunity-based intrusion detection system: a general framework. In: Proceedings of the 22nd NISSC vol. 1, pp. 147–160 (1999)
Liang, G., Li, T., Ni, J., Jiang, Y., Yang, J., Gong, X.: An immunity-based dynamic multilayer intrusion detection system. In Computational Intelligence and Bioinformatics, pp. 641–650. Springer, Berlin (2006)
Aziz, A.S.A., Hassanien, A.E., Azar, A.T., Hanafi, S.E.O.: Machine learning techniques for anomalies detection and classification. Advances in Security of Information and Communication Networks, pp. 219–229. Springer, Berlin (2013)
Aziz, A.S.A., Hassanien, A.E., Hanafy, S.E.O., Tolba M.F.: Multi-layer hybrid machine learning techniques for anomalies detection and classification approach (2013)
A. Aziz, A.S., Salama, M.A., Hassanien, A.E., Hanafy, S.E.O.: Artificial Immune System Inspired Intrusion Detection System Using Genetic Algorithm. Special Issue: Advances in Network Systems Guest Editors: Andrzej Chojnacki vol. 36, pp. 347–357 (2012)
Aziz, A.S.A., Azar, A.T., Hassanien, A.E., Hanafi, S.E.O.: Continuous features discretizaion for anomaly intrusion detectors generation. In: WSC17 2012 Online Conference on Soft Computing in Industrial Applications (2012)
Khoshgoftaar, T.M., Gao, K., Ibrahim, N.H.: Evaluating indirect and direct classification techniques for network intrusion detection. Intell. Data Anal. 9(3), 309–326 (2005)
Kotsiantis, S.B.: Supervised machine learning: a review of classification techniques. Informatica 31, 249–268 (2007)
Krugel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: Recent Advances in Intrusion Detection, pp. 173–191. Springer, Berlin (2003)
Mitchell, T.M.: Machine Learning. McGraw Hill, Burr Ridge (1997)
NSL-KDD Intrusion Detection data set, http://iscx.ca/NSL-KDD/ March 2009
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications (2009)
KDD Cup’99 Intrusion Detection data set, Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html Oct 2007
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Aziz, A.S.A., Hassanien, A.E. (2014). Multilayer Machine Learning-Based Intrusion Detection System. In: Hassanien, A., Kim, TH., Kacprzyk, J., Awad, A. (eds) Bio-inspiring Cyber Security and Cloud Services: Trends and Innovations. Intelligent Systems Reference Library, vol 70. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43616-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-43616-5_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43615-8
Online ISBN: 978-3-662-43616-5
eBook Packages: EngineeringEngineering (R0)