Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Flow based anomaly intrusion detection system using ensemble classifier with Feature Impact Scale

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The exponential growth of services in the internet with rapid development of technologies results produces huge growth in the traffic, which maximizes the possibility of increase in attacks by the attackers in the network. Several researchers have developed various techniques to defend these attacks and most of them are machine learning based approaches. The machine learning based techniques relay on features to extract the knowledge from the traffic and the performance is dependent on the characteristics of features extracted at packet level. The increase in the volume of traffic in the networks results deviation of feature characteristics with the diversified behavior. Hence, it is required to defined the traffic characteristics at flow level rather than packet or request, because the flow features are independent to the network behavior and doesn’t not influenced the performance of the detection process. In this paper a set of unique flow features are defined to extract the traffic from the network at flow level and train the system with diversity of the flow characteristics identified using Kolmogorov–Smirnov Test (K–S Test). The diversity of each flow characteristic defines a unique behavior and it is addressed with ensemble classifiers by evaluating the meta-heuristic scale for each attack class and normal flow. The experimentation is carried out on bench mark dataset and analyzed the performance. The proposed model exhibits better detection accuracy and low false alarm rate with low processing time compared to the contemporary models described in the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Kasim, O.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Comput. Netw. 180, 107390 (2020)

    Article  Google Scholar 

  2. Çakmakçı, S.D., Kemmerich, T., Ahmed, T., Baykal, N.: Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm. J. Netw. Comput. Appl. 168, 102756 (2020)

    Article  Google Scholar 

  3. Kshirsagar, D., Kumar, S.: An efficient feature reduction method for the detection of DoS attack. ICT Express (2021)

  4. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. Comput. Inf. Sci. 31(4), 541–553 (2019)

    Article  Google Scholar 

  5. Guo, C., Ping, Y., Liu, N., Luo, S.S.: A two level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)

    Article  Google Scholar 

  6. Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41, 1690–1700 (2014)

    Article  Google Scholar 

  7. Qassim, Q.S., Zin, A.M., Aziz, M.J.A.: Anomalies classification approach for network based intrusion detection system. Int. J. Netw. Secur. 18, 1159–1172 (2016)

    Google Scholar 

  8. Hezavehi, S.M., Rahmani, R.: An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments. Cluster Comput. 23, 2609–2627 (2020). https://doi.org/10.1007/s10586-019-03031-y

    Article  Google Scholar 

  9. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  10. Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)

    Article  MathSciNet  Google Scholar 

  11. Claise, B., Trammell, B., Aitken, P.: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. No. RFC 7011 (2013)

  12. Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of slow DoS attacks to web applications. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 195–204. Springer, Berlin (2012)

    Chapter  Google Scholar 

  13. Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. http://www.akamai.com/ State of The Internet (2016)

  14. Alkasassbeh, M., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)

    Google Scholar 

  15. Siddiqui, A.J., Boukerche, A.: TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Cluster Comput. 24, 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8

    Article  Google Scholar 

  16. Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on 2015, Canada (pp. 248–254). IEEE.

  17. Umamaheswari, N., Renuga Devi, R.: TPF-IEHO: tuning phantom features on traffic flow network behavioral conditions to detected DDos based on improved elephant herding optimization neural classification. Mater. Today (2021). https://doi.org/10.1016/j.matpr.2020.11.994

    Article  Google Scholar 

  18. David, J., Thomas, C.: Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput. Secur. 82, 284–295 (2019)

    Article  Google Scholar 

  19. Muraleedharan, N., Janet B.: A deep learning based HTTP slow DoS classification approach using flow data. ICT Express (2020)

  20. Srimuang, W., Intarasothonchun, S.: Classification model of network intrusion using Weighted Extreme Learning Machine. In: Computer Science and Software Engineering (JCSSE), 2015 12th International Joint Conference on 2015, Thailand (pp. 190–194). IEEE.

  21. Fossaceca, J.M., Mazzuchi, T.A., Sarkani, S.: MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst. Appl. 42(8), 4062–4080 (2015)

    Article  Google Scholar 

  22. Bhuvaneswari Amma, N.G., Selvakumar, S.: A statistical class center based triangle area vector method for detection of denial of service attacks. Cluster Comput. 24, 393–415 (2021). https://doi.org/10.1007/s10586-020-03120-3

    Article  Google Scholar 

  23. Ghasemi, A., Zahediasl, S.: Normality tests for statistical analysis: a guide for non-statisticians. Int. J. Endocrinol. Metab. 10(2), 486 (2012)

    Article  Google Scholar 

  24. Prasad, K.M., Reddy, A.R.M., Rao, K.V.: BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel. Pers. Commun. 97(1), 281–308 (2017)

    Article  Google Scholar 

  25. Prasad, K.M., Reddy, A.R.M., Rao, K.V.: DEFAD: ensemble classifier for DDOS enabled flood attack defense in distributed network environment. Cluster Comput. 21, 1765–1783 (2018). https://doi.org/10.1007/s10586-018-2808-5

    Article  Google Scholar 

  26. Jain, M., Kaur, G.: Distributed anomaly detection using concept drift detection based hybrid ensemble techniques in streamed network data. Cluster Comput. (2021). https://doi.org/10.1007/s10586-021-03249-9

    Article  Google Scholar 

  27. KDD data set. <http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html> (1999)

  28. Prasad, K.M., Reddy, A.R.M., Rao, K.V.: Ensemble classifiers with drift detection (ECDD) in traffic flow streams to detect DDOS attacks. Wirel. Pers. Commun. 99, 1639–1659 (2018)

    Article  Google Scholar 

  29. Jyothsna, V., Rama Prasad, V.V.: Anomaly based network intrusion detection through assessing Feature Association Impact Scale (FAIS). Int. J. Inf. Comput. Secur. (IJICS) 8, 241–257 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Technology, Sree Vidyanikethan Engineering College, A.Rangampet, Tirupati, India

    V. Jyothsna

  2. Computer Science and Engineering, Sree Vidyanikethan Engineering College, A.Rangampet, Tirupati, India

    K. Munivara Prasad

  3. Information Technology, Gokaraju Rangaraju Institute of Engineering & Technology, Hyderabad, India

    K. Rajiv

  4. Computer Science and Engineering, VNR Vignana Jyothi Institute of Engineering and Technology, Hyderabad, India

    G. Ramesh Chandra

Authors
  1. V. Jyothsna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. Munivara Prasad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. K. Rajiv
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. Ramesh Chandra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to V. Jyothsna.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jyothsna, V., Prasad, K.M., Rajiv, K. et al. Flow based anomaly intrusion detection system using ensemble classifier with Feature Impact Scale. Cluster Comput 24, 2461–2478 (2021). https://doi.org/10.1007/s10586-021-03277-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-021-03277-5

Keywords

Search

Navigation