Network Intrusion Detection Systems Design: A Machine Learning Approach
Resumo
With the increasing popularization of computer network-based technologies, security has become a daily concern, and intrusion detection systems (IDS) play an essential role in the supervision of computer networks. A current approach to detect network intrusions is the development of intrusion detection systems by employing machine learning techniques. Due to a variety of strategies used, there is a need for a systematic way that supports the decision making in a machine learning-based IDS project. In this paper, we present a systematic approach to decision-making support for algorithms selection on the IDS design. We used a very recent dataset and reduced their features from 78 to 51 through the mean decrease in impurity (MDI) feature selection technique. Afterward, we evaluated the network intrusion detection performance of eight machine learning algorithms on two dataset resampling techniques. Decision Trees, Random Forests and Multi-layer Perceptron on Stratified 10-Fold algorithms reached Precision, Recall, and F1-Scores metrics on about 98%-99% with low test times.
Palavras-chave:
Segurança, Detecção de Intrusos, Aprendizado de Máquina
Referências
Almseidin, M., Alzubi, M., Kovacs, S., and Alkasassbeh, M. (2017). Evaluation of machine learning algorithms for intrusion detection system. In 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), pages 277–282.
Biswa, S. K. (2018). Intrusion detection using machine learning: A comparison study. International Journal of Pure and Applied Mathematics (IJPAM), 118(19):101–114. CIC (2018). Intrusion detection evaluation dataset (cicids2017). https://www.unb. ca/cic/datasets/ids-2017.html.
Demsar, J. (2006). Statistical comparisons of classifiers over multiple data sets. Journal of Machine learning research, 7(Jan):1–30.
Dietterich, T. G. (1998). Approximate statistical tests for comparing supervised classification learning algorithms. Neural computation, 10(7):1895–1923.
Effendy, D. A., Kusrini, K., and Sudarmawan, S. (2017). Classification of intrusion detection system (ids) based on computer network. In 2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE), pages 90–94.
Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R., and Bellekens, X. (2018). A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517.
Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2018). Machine learning approach for detection of nontor traffic. Journal of Cyber Security, 6(2):171–194.
Kuhn, M. and Johnson, K. (2013). Applied predictive modeling, volume 26. Springer- Verlag New York.
Li, J., Qu, Y., Chao, F., Shum, H. P. H., Ho, E. S. L., and Yang, L. (2019). Machine Learning Algorithms for Network Intrusion Detection, pages 151–179. Springer International Publishing, Cham.
Ott, R. L. and Longnecker, M. T. (2015). An Introduction to Statistical Methods and Data Analysis Sixth Edition. Nelson Education.
Park, K., Song, Y., and Cheong, Y. (2018). Classification of attack types for intrusion detection systems using a machine learning algorithm. In 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), pages 282–286.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116.
Sheskin, D. J. (2007). Handbook of Parametric and Nonparametric Statistical Procedures. Chapman & Hall/CRC, 4 edition.
Shiravi, A., Shiravi, H., Tavallaee, M., and Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3):357 – 374.
Utimura, L. N. and Costa, K. A. (2018). Aplicação e análise comparativa do desempenho de classificadores de padrões para o sistema de detecção de intrusão snort. In Anais do Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), volume 36.
Varghese, J. E. and Muniyal, B. (2017). An investigation of classification algorithms for intrusion detection system — a quantitative approach. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 2045–2051.
Witten, I. H., Frank, E., Hall, M. A., and Pal, C. J. (2017). Data Mining: Practical Machine Learning Tools and Techniques Fourth Edition. Morgan Kaufmann.
Biswa, S. K. (2018). Intrusion detection using machine learning: A comparison study. International Journal of Pure and Applied Mathematics (IJPAM), 118(19):101–114. CIC (2018). Intrusion detection evaluation dataset (cicids2017). https://www.unb. ca/cic/datasets/ids-2017.html.
Demsar, J. (2006). Statistical comparisons of classifiers over multiple data sets. Journal of Machine learning research, 7(Jan):1–30.
Dietterich, T. G. (1998). Approximate statistical tests for comparing supervised classification learning algorithms. Neural computation, 10(7):1895–1923.
Effendy, D. A., Kusrini, K., and Sudarmawan, S. (2017). Classification of intrusion detection system (ids) based on computer network. In 2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE), pages 90–94.
Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R., and Bellekens, X. (2018). A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517.
Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2018). Machine learning approach for detection of nontor traffic. Journal of Cyber Security, 6(2):171–194.
Kuhn, M. and Johnson, K. (2013). Applied predictive modeling, volume 26. Springer- Verlag New York.
Li, J., Qu, Y., Chao, F., Shum, H. P. H., Ho, E. S. L., and Yang, L. (2019). Machine Learning Algorithms for Network Intrusion Detection, pages 151–179. Springer International Publishing, Cham.
Ott, R. L. and Longnecker, M. T. (2015). An Introduction to Statistical Methods and Data Analysis Sixth Edition. Nelson Education.
Park, K., Song, Y., and Cheong, Y. (2018). Classification of attack types for intrusion detection systems using a machine learning algorithm. In 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), pages 282–286.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116.
Sheskin, D. J. (2007). Handbook of Parametric and Nonparametric Statistical Procedures. Chapman & Hall/CRC, 4 edition.
Shiravi, A., Shiravi, H., Tavallaee, M., and Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3):357 – 374.
Utimura, L. N. and Costa, K. A. (2018). Aplicação e análise comparativa do desempenho de classificadores de padrões para o sistema de detecção de intrusão snort. In Anais do Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), volume 36.
Varghese, J. E. and Muniyal, B. (2017). An investigation of classification algorithms for intrusion detection system — a quantitative approach. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 2045–2051.
Witten, I. H., Frank, E., Hall, M. A., and Pal, C. J. (2017). Data Mining: Practical Machine Learning Tools and Techniques Fourth Edition. Morgan Kaufmann.
Publicado
06/05/2019
Como Citar
SILVA NETO, Manuel G. da; G. GOMES, Danielo.
Network Intrusion Detection Systems Design: A Machine Learning Approach. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 37. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 932-945.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2019.7413.
