An Ensemble-Based Intrusion Detection Algorithm

doi:10.16183/j.cnki.jsjtu.2018.10.029

Abstract

Abstract: As a key research direction in the field of machine learning, ensemble learning is widely used in anomaly intrusion detection, and it can reach a higher detection precision than the single classifier. However, existing ensemble-based intrusion detection algorithms have some shortcomings, such as, the loss of edge information as well as the loss of whole information during the process of dividing original problem, time-consuming and complexity of the model fusion. So, this paper proposed a novel ensemble-based algorithm for intrusion detection. Firstly, the original problem is divided into a number of two classification problems, and the predicted probabilities are added into original features. Then the multi-class model is trained as the final result. In addition, we adopted GBDT (Gradient Boosting Decision Tree)+LR (Logistic Regression), proposed by Facebook, to implement the binary classification. Experiments and analysis on KDD CUP’99 dataset verify the effectiveness of our proposed framework.

Key words: ensemble learning, intrusion detection, loss of information, gradient boosting decision tree (GBDT), logistic regression (LR)

CLC Number:

TP 399

HUANG Jinchao,MA Yinghua,QI Kaiyue,LI Yichen,XIA Yuanyi. An Ensemble-Based Intrusion Detection Algorithm[J]. Journal of Shanghai Jiaotong University, 2018, 52(10): 1382-1387.

References

［1］DENNING D E. An intrusion-detection model［J］. IEEE Transactions on Software Engineering, 1987, 13(2): 222-232. ［2］MOUSTAFA N, SLAY J. The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems［C］//International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. Kyoto, Japan: IEEE, 2015: 25-31. ［3］范晓诗, 雷英杰, 王亚男, 等. 流量异常检测中的直觉模糊推理方法［J］. 电子与信息学报, 2015, 37(9): 2218-2224. FAN Xiaoshi, LEI Yingjie, WANG Yanan, et al. Intuitionistic fuzzy reasoning method in traffic anomaly detection［J］. Journal of Electronics & Information Technology, 2015, 37(9): 2218-2224. ［4］梁本来, 杨忠明, 蔡昭权. 一种混合入侵检测模型［J］. 计算机测量与控制, 2017, 25(4): 225-228. LIANG Benlai, YANG Zhongming, CAI Zhaoquan. One mixed intrusion detection model［J］. Computer Measurement & Control, 2017, 25(4): 225-228. ［5］MEHMOOD T, RAIS H B M. SVM for network anomaly detection using ACO feature subset［C］//International Symposium on Mathematical Sciences and Computing Research. Kuah, Kedah, Malaysia: IEEE, 2015: 121-126. ［6］JAIN R, ABOUZAKHAR N S. Hidden Markov model based anomaly intrusion detection［C］//Internet Technology And Secured Transactions. London: IEEE, 2012: 528-533. ［7］KUMAR S, YADAV A. Increasing performance of intrusion detection system using neural network［C］//International Conference on Advanced Communication Control and Computing Technologies. Ramanathapuram: IEEE, 2015: 546-550. ［8］MUKKAMALA S, SUNG A H, ABRAHAM A. Intrusion detection using ensemble of soft computing paradigms［M］. Berlin: Springer Berlin Heidelberg, 2003: 239-248. ［9］CHEBROLU S, ABRAHAM A, THOMAS J P. Feature deduction and ensemble design of intrusion detection systems［J］. Computers & Security, 2005, 24(4): 295-307. ［10］HE X, PAN J, JIN O, et al. Practical lessons from predicting clicks on ads at facebook［C］//Proceedings of the Eighth International Workshop on Data Mining for Online Advertising. ［s.l.］: ACM, 2014: 1-9. ［11］University of California. KDD cup 1999 data ［DB/OL］. ［2018-04-20］. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 2007. ［12］张红梅, 高海华, 王行愚. 基于SVM的多类分类集成［J］. 华东理工大学学报(自然科学版), 2008, 34(5): 734-739. ZHANG Hongmei, GAO Haihua, WANG Xingyu. SVM based multi-class classification ensenble［J］. Journal of East China University of Science and Technology (Natural Science Edition), 2008, 34(5): 734-739. ［13］刘衍珩, 田大新, 余雪岗, 等. 基于分布式学习的大规模网络入侵检测算法［J］. 软件学报, 2008, 19(4): 000993. LIU Yanheng, TIAN Daxin, YU Xuegang, et al. Large-scale network intrusion detection algorithm based on distributed learning［J］. Journal of Software, 2008, 19(4): 000993. ［14］LIN L, ZUO R, YANG S, et al. SVM ensemble for anomaly detection based on rotation forest［C］//Third International Conference on Intelligent Control and Information Processing. Dalian: IEEE, 2012: 150-153.

[1]	LI Hengjie, ZHU Jianghao, FU Xiaofei, FANG Chen, LIANG Daming, ZHOU Yun. Ultra-Short-Term Load Forecasting of Electric Vehicle Charging Stations Based on Ensemble Learning [J]. Journal of Shanghai Jiao Tong University, 2022, 56(8): 1004-1013.
[2]	JIANG Lu1 (蒋路), HUANG Jun1 (黄俊), ZHANG Zhi-jun1 (张志君), YANG Guo-yuan1,2 (杨国源), WANG Yong-ting1* (王永亭). Application of Principle Component Analysis and Logistic Regression in Analyzing miRNA Markers of Brain Arteriovenous Malformation [J]. Journal of shanghai Jiaotong University (Science), 2014, 19(6): 641-645.
[3]	BAO Zhen,HE Di . An Intrusion Detection Method Based on Graph Theory [J]. Journal of Shanghai Jiaotong University, 2010, 44(09): 1176-1180.
[4]	YI Ping1,2,WU Yue1，ZOU Futai1,LIU Ning1,CHEN Jialin1. ImmunityBased Security Model for Wireless Mesh Networks [J]. Journal of Shanghai Jiaotong University, 2010, 44(02): 264-0270.