Enhancing Cybersecurity with ML: A Multi-Algorithm Approach to Anomaly-Based Intrusion Detection
Keywords:
IDS (Intrusion Detection System), Anomaly Detection, False Alarm Rate (FAR) and Machine Learning algorithms.Abstract
In the era of escalating cyber threats, the significance of robust intrusion detection systems (IDS) cannot be overstated. Traditional methods often struggle to keep pace with the evolving tactics of malicious actors. This paper presents a novel approach to enhancing cybersecurity through the integration of machine learning (ML) techniques within anomaly-based intrusion detection systems. Specifically, we propose a multi-algorithm framework that leverages the complementary strengths of various ML models to effectively identify diverse cyber threats. Our approach aims to address the limitations of single-algorithm systems by combining the capabilities of multiple classifiers. We demonstrate the efficacy of our methodology through extensive experimentation on real-world network traffic scenarios. Results indicate that our multi-algorithm approach outperforms traditional single-algorithm solutions in terms of detection accuracy, false positive rates, and scalability. Furthermore, we discuss the practical implications of our framework in bolstering cybersecurity defenses across diverse organizational contexts. Overall, this research contributes to the advancement of anomaly-based intrusion detection systems by offering a robust and adaptable ML-driven solution capable of effectively combating emerging cyber threats.
Downloads
References
MananJ, Ahmed A, Ullah I, Merghem-Boulahia L, Gaiti D (2019) Distributed intrusion detection scheme for next generation networks. J Netw Comput Appl 147.
Nadiammai G, Hemalatha M (2014) Effective approach toward Intrusion detection system using data mining techniques. Egypt Inform J 15:37–50.
Almseidin M, Alzudi M, Kovacs S, Alkasassbeh M (2017) Evaluation of machine learning algorithms for intrusion detection. In: 15th International symposium on intelligent systems and informatics, Subotica, Serbia, pp 14–16.
Vinayakumar R, Alazab M, Soman K, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:14525–41550.
Butun I, Morgera S, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutorials 16(1):266–282.
Alazab A, Hobbs M, Abawajy J, Khraisat A, Alazab M (2014) Using response action with intelligent intrusion detection and prevention system against web application malware. Inf Manage Comput Secur, 22(5):431–449.
Aburomman, Reaz M,”A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput Secur 65:135–152.
Buczak, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18(2):1153–1176.
Qassim Q, Zin A, Aziz M (2016) Anomalies classification approach for network-based intrusion detection system. Int J Netw Secur 18(6):1159–1172.
Vimala S, Khanaa V, Nalini C (2019) A study on supervised machine learning algorithm to improvise intrusion detection systems for mobile ad hoc networks. Clust Comput 22:4065–4074
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31.
Feng W, Zhang Q, Hu G, Huang JX (2014) Mining network data for intrusion detection through combining svms with ant colony networks. Futur Gener Comput Syst 37:127–140.
Li L, Yu Y, Bai S, Hou Y, Chen X (2017) An effective two-step intrusion detection approach based on binary classification and k-NN. IEEE Access 6:12060–12073.
Liu J, He J, Zhang W, Ma T, Tang Z, Niyoyita JP, Gui W (2019) ANID-SEoKELM: adaptive network intrusion detection based on selective ensemble of kernel ELMs with random features. Knowl Based Syst 177:104–116.
Khonde SR, Ulagamuthalvi V (2022) Blockchain: secured solution for signature transfer in distributed intrusion detection system. Comput Syst Sci Eng 40(1):37–51.
Khonde SR, Ulagamuthalvi V (2022) Hybrid intrusion detection system using blockchain framework. Eurasip J Wirel Commun Netw 58.
Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102–419.
Garg S, Kaur K, Batra S, Aujla GS, Morgan G, Kumar N, Zomaya AY, Ranjan R En-abc: an ensemble artificial bee colony based anomaly detection scheme for cloud environment. J Parallel Distrib Comput 135:219–233.
Wu K, Chen Z, Li W (2018) A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6:50850–50859.
Xiao Y, Xing C, Zhang T, Zhao Z (2019) An intrusion detection model based on feature reduction and convolutional neural networks. IEEE Access 7:42210–42219.
R. Chitrakar and H. Chuanhe, ‘‘Anomaly detection using support vector machine classification with k-medoids clustering,’’ in Proc. 3rd Asian Himalayas Int. Conf. Internet, Nov. 2012, pp. 1–5.
I. P.-B. A. Syarif and G. Wills, ‘‘Unsupervised clustering approach for network anomaly detection,’’ in Proc. Int. Conf. Netw. Digit. Technol., Berlin, Germany, 2012, pp. 135–145.
K. Moh, M. Aung, and N. N. Oo, ‘‘Association rule pattern mining approaches network anomaly detection,’’ in Proc. Int. Conf. Future Comput. Technol., Singapore, 2015, pp. 164–170.
A. H. Hamamoto, L. F. Carvalho, L. D. H. Sampaio, T. Abrão, and M. L. Proença, ‘‘Network anomaly detection system using genetic algorithm and fuzzy logic,’’ Expert Syst. Appl., vol. 92, pp. 390–402, Feb. 2018.
N. T. Pham, E. Foo, S. Suriadi, H. Jeffrey, and H. F. M. Lahza, ‘‘Improving performance of intrusion detection system using ensemble methods and feature selection,’’ in Proc. Australas. Comput. Sci. Week Multiconference, Jan. 2018, pp. 1–6.
I. Sharafaldin, A. Gharib, A. H. Lashkari, and A. A. Ghorbani, ‘‘Towards a reliable intrusion detection benchmark dataset,’’ Softw. Netw., vol. 2017, no. 1, pp. 177–200, 2017.
A. M. Al Tobi and I. Duncan, ‘‘KDD 1999 generation faults: A review and analysis,’’ J. Cyber Secur. Technol., vol. 2, nos. 3–4, pp. 164–200, Oct. 2018.
N. Moustafa and J. Slay, ‘‘UNSW-NB15: A comprehensive data set for network intrusion detection systems,’’ in Proc. Mil. Commun. Inf. Syst., 2015, pp. 1–6.
I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, ‘‘Toward generating a new intrusion detection dataset and intrusion traffic characterization,’’ in Proc. 4th Int. Conf. Inf. Syst. Secur. Privacy, 2018, pp. 108–116.
Hulk—Packet Storm. Accessed: Aug. 22, 2020. [Online]. Available: https://packetstormsecurity.com/files/112856/HULK-Http-UnbearableLoad-King.html
N. Moustafa and J. Slay, ‘‘The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,’’ Inf. Secur. J., Global Perspective, vol. 25, nos. 1–3, pp. 18–31, Apr. 2016.
Cyber Kill Chain—Lockheed Martin. Accessed: Aug. 27, 2020. [Online]. Available: https://www.lockheedmartin.com/en-us/capabilities/ cyber/cyber-kill-chain.html
A. Divekar, M. Parekh, V. Savla, R. Mishra, and M. Shirole, ‘‘Benchmarking datasets for anomaly-based network intrusion detection: KDD CUP 99 alternatives,’’ in Proc. IEEE 3rd Int. Conf. Comput., Commun. Secur. (ICCCS), Kathmandu, Nepal, Oct. 2018, pp. 1–8.
P. Gil. Cleaning Big Data—Forbes. Accessed: Aug. 26, 2020. [Online]. Available: https://www.forbes.com/sites/gilpress/2016/ 03/23/data-preparation-most-time-consuming-least-enjoyable-datascience-task-survey-says/#79e15eaa6f63
Documentation—Argus Accessed: Aug. 27, 2020. [Online]. Available: https://openargus.org/documentation,
Online Manual—Tcptrace. Accessed: Aug. 27, 2020. [Online]. Available: http://www.tcptrace.org/manual.html
M. Alkasassbeh, ‘‘An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods,’’ J. Theor. Appl. Inf. Technol., vol. 95, no. 22, pp. 5962–5976, 2017.
M. A. Ambusaidi, X. He, P. Nanda, and Z. Tan, ‘‘Building an intrusion detection system using a filter-based feature selection algorithm,’’ IEEE Trans. Comput., vol. 65, no. 10, pp. 2986–2998, Oct. 2016.
CybersecurityUpdate—WebProNews. Accessed: Aug. 21, 2020. [Online]. Available: https://www.webpronews. com/cisco-cybersecurity-threats/
Z. M. Smith, E. Lostri, and J. A. Lewis, ‘‘The hidden costs of cybercrime,’’ in Proc. McAfee, 2020, p. 3.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
