Hybrid Anomaly Detection Using Decision Tree and Support Vector Machine
Authors: Elham Serkani, Hossein Gharaee Garakani, Naser Mohammadzadeh, Elaheh Vaezpour
Abstract:
Intrusion detection systems (IDS) are the main components of network security. These systems analyze the network events for intrusion detection. The design of an IDS is through the training of normal traffic data or attack. The methods of machine learning are the best ways to design IDSs. In the method presented in this article, the pruning algorithm of C5.0 decision tree is being used to reduce the features of traffic data used and training IDS by the least square vector algorithm (LS-SVM). Then, the remaining features are arranged according to the predictor importance criterion. The least important features are eliminated in the order. The remaining features of this stage, which have created the highest level of accuracy in LS-SVM, are selected as the final features. The features obtained, compared to other similar articles which have examined the selected features in the least squared support vector machine model, are better in the accuracy, true positive rate, and false positive. The results are tested by the UNSW-NB15 dataset.
Keywords: Intrusion detection system, decision tree, support vector machine, feature selection.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1317192
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1238References:
[1] A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, 2016.
[2] B. W. Masduki, K. Ramli, F. A. Saputra, and D. Sugiarto, "Study on implementation of machine learning methods combination for improving attacks detection accuracy on Intrusion Detection System (IDS)," in Quality in Research (QiR), 2015 International Conference on, 2015, pp. 56-64: IEEE.
[3] R. K. Sharma, H. K. Kalita, and P. Borah, "Analysis of machine learning techniques based intrusion detection systems," in Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, 2016, pp. 485-493: Springer.
[4] Q. Yang, H. Fu, and T. Zhu, "An Optimization Method for Parameters of SVM in Network Intrusion Detection System," in Distributed Computing in Sensor Systems (DCOSS), 2016 International Conference on, 2016, pp. 136-142: IEEE.
[5] R. Kaur and M. Bansal, "Multidimensional attacks classification based on genetic algorithm and SVM," in Next Generation Computing Technologies (NGCT), 2016 2nd International Conference on, 2016, pp. 561-565: IEEE.
[6] A. Nema, B. Tiwari, and V. Tiwari, "Improving Accuracy for Intrusion Detection through Layered Approach Using Support Vector Machine with Feature Reduction," in Proceedings of the ACM Symposium on Women in Research 2016, 2016, pp. 26-31: ACM.
[7] H. Gharaee and H. Hosseinvand, "A new feature selection IDS based on genetic algorithm and SVM," in Telecommunications (IST), 2016 8th International Symposium on, 2016, pp. 139-144: IEEE.
[8] H. Gharaee and M. Fekri, "A New Feature Selection For Intrusion Detection System," International Journal of Academic Research, vol. 7, 2015.
[9] R. R. Reddy, Y. Ramadevi, and K. N. Sunitha, "Effective discriminant function for intrusion detection using SVM," in Advances in Computing, Communications and Informatics (ICACCI), 2016 International Conference on, 2016, pp. 1148-1153: IEEE.
[10] P. Nskh, M. N. Varma, and R. R. Naik, "Principle component analysis based intrusion detection system using support vector machine," in Recent Trends in Electronics, Information & Communication Technology (RTEICT), IEEE International Conference on, 2016, pp. 1344-1350: IEEE.
[11] P. Wang, K.-M. Chao, H.-C. Lin, W.-H. Lin, and C.-C. Lo, "An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine," in e-Business Engineering (ICEBE), 2016 IEEE 13th International Conference on, 2016, pp. 56-63: IEEE.
[12] F. Amiri, M. R. Yousefi, C. Lucas, A. Shakery, and N. Yazdani, "Mutual information-based feature selection for intrusion detection systems," Journal of Network and Computer Applications, vol. 34, no. 4, pp. 1184-1199, 2011.
[13] T. Mehmood and H. B. M. Rais, "SVM for network anomaly detection using ACO feature subset," in Mathematical Sciences and Computing Research (iSMSC), International Symposium on, 2015, pp. 121-126: IEEE.
[14] A. D. Landress, "A hybrid approach to reducing the false positive rate in unsupervised machine learning intrusion detection," in SoutheastCon, 2016, 2016, pp. 1-6: IEEE.
[15] L. Rokach and O. Maimon, "Data Mining With Decision Trees: Theory and Applications," 2014.
[16] L. Li Zhong, Z. Ya Ming, and Z. Yu Bin, "Network intrusion detection method by least squares support vector machine classifier," in Computer Science and Information Technology (ICCSIT), Chengdu 2010.
[17] L. L. Zhong, Z. Y. Ming, and Z. Y. Bin, "Network intrusion detection method by least squares support vector machine classifier," in Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on, 2010, vol. 2, pp. 295-297: IEEE.
[18] M. Kuhn and K. Johnson, Applied predictive modeling. Springer, 2013.
[19] T. Janarthanan and S. Zargari, "Feature selection in UNSW-NB15 and KDDCUP'99 datasets," in Industrial Electronics (ISIE), 2017 IEEE 26th International Symposium on, 2017, pp. 1881-1886: IEEE.
[20] N. Moustafa and J. Slay, "The significant features of the UNSW-NB15 and the KDD99 data sets for Network Intrusion Detection Systems," in Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, 2015, pp. 25-31: IEEE.