Abstract
Recently, with the increased use of network communication, the risk of compromising the information has grown immensely. Intrusions have become more sophisticated and few methods can achieve efficient results while the network behavior constantly changes. This paper proposes an intrusion detection system based on modeling distributions of network statistics and Extreme Learning Machine (ELM) to achieve high detection rates of intrusions. The proposed model aggregates the network traffic at the IP subnetwork level and the distribution of statistics are collected for the most frequent IPv4 addresses encountered as destination. The obtained probability distributions are learned by ELM. This model is evaluated on the ISCX-IDS 2012 dataset, which is collected using a real-time testbed. The model is compared against leading approaches using the same dataset. Experimental results show that the presented method achieves an average detection rate of 91% and a misclassification rate of 9%. The experimental results show that our methods significantly improve the performance of the simple ELM despite a trade-off between performance and time complexity. Furthermore, our methods achieve good performance in comparison with the other few state-of-the-art approaches evaluated on the ISCX-IDS 2012 dataset.
Similar content being viewed by others
References
Akusok A, Miche Y, Hegedus J, Nian R, Lendasse A. A two-Stage methodology using k-NN and false-positive minimizing ELM for nominal data classification. Cogn Comput 2014;6(3):432–445.
Ammar A. Decision tree classifier for intrusion detection priority tagging. J Comput Commun 2015;3(4):52.
Argus. Auditing network activity.
Bace R, Mell P. 2001. NIST special publication on intrusion detection systems. US Department of Defense.
Baeza-Yates R, Ribeiro-Neto B, Vol. 463. Modern information retrieval. New York: ACM press; 1999.
Barayas O. How the Internet of Things Is Changing the Cybersecurity Landscape.
Bhuyan MH, Bhattacharyya DK, Kalita JK. Network anomaly detection: methods systems and tools. IEEE commun Surveys Tutor 2014;16:303–336.
Bishop CM. 2006. Pattern recognition and machine learning.
Cormode G, Korn F, Muthukrishnan S, Srivastava D. Finding hierarchical heavy hitters in data streams. Proceedings of the 29th international conference on Very large data bases; 2003. p. 464–475.
Deng C, Wang S, Li Z, Huang GB, Lin W. Content-Insensitive blind image blurriness assessment using weibull statistics and sparse extreme learning machine. IEEE Trans Syst Man Cybern: Syst 2017;PP(99):1–12.
Ding S, Zhang J, Jia H, Qian J. An adaptive density data stream clustering algorithm. Cogn Comput 2016;8(1):30–38.
Folino G, Pisani FS, Sabatino P. A distributed intrusion detection framework based on evolved specialized ensembles of classifiers. European conference on the applications of evolutionary computation. International Publishing; 2016. p. 315–331.
Gaddam SR, Phoha VV, Balagani KS. K-means+ id3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans Knowl Data Eng 2007;19(3): 345–354.
Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 2009;28:18–28.
Gu G, Fogla P, Dagon D, Lee W, Skorić B. Measuring intrusion detection capability: an information-theoretic approach. Proceedings of the 2006 ACM Symposium on Information computer and communications security; 2006. p. 90–101.
Huang GB, Chen L, Siew CK. Universal approximation using incremental constructive feedforward networks with random hidden nodes. IEEE Trans Neural Netw 2006;17:879–892.
Huang G-B, Liang N-Y, Rong H-J, Saratchran P, Sundararajan N. On-line sequential extreme learning machine. Calgary: ACTA Press; 2005.
Huang GB, Zhu QY, Siew CK. Extreme learning machine: theory and applications. Neurocomputing 2006; 70:489–501.
Huang G-B. An insight into extreme learning machines: random neurons, random features and kernels. Cogn Comput 2014;6(3):376–390.
Huang G-B. What are extreme learning machines? filling the gap between frank Rosenblatt’s dream and John von Neumann’s puzzle. Cogn Comput 2015;7(3):263–278.
Khan L, Awad M, Thuraisingham B. A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J—The Int J Very Large Data Bases 2007;16(4):507–521.
Kumar G, Kumar K. 2013. Design of an evolutionary approach for intrusion detection. The Scientific World Journal.
Liao Y, Vemuri VR. Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 2002;21(5): 439–448.
Lim SY, Jones A. 2008. Network anomaly detection system: the state of art of network behaviour analysis pages 459–465.
Liu X, Wang L, Yin J, Zhu E, Zhang J. An efficient approach to integrating radius information into multiple kernel learning. IEEE Tran Cybern 2013;43(2):557–569.
Liu X, Wang L, Huang G-B, Zhang J, Yin J. Multiple kernel extreme learning machine. Neurocomputing 2015;149:253–264.
Lucas M. Network flow analysis. San Francisco: No Starch Press; 2010.
Mao W, Jiang M, Wang J, Li Y. Online extreme learning machine with hybrid sampling strategy for sequential imbalanced data. Cogn Comput 2017;9(6):780–800.
Miche Y, Sorjamaa A, Bas P, Simula O, Jutten C, Lendasse A. Op-elm: optimally pruned extreme learning machine. IEEE Trans Neural Netw 2010;21:158–162.
Patcha A, Jung-Min P. An overview of anomaly detection techniques Existing solutions and latest technological trends. Comput Netw 2007;51:3448–3470.
Perkins CE. 2010. IP mobility support for IPv4.
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 2012;31:357–374.
Srinivasan V, Varghese G. Faster ip lookups using controlled prefix expansion. ACM SIGMETRICS Performance Evaluation Rev 1998;26:1–10.
Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J. Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 2015;64(9):2519–2533.
Vasan KK, Surendiran B. Dimensionality reduction using principal component analysis for network intrusion detection. Perspectives Sci 2016;8:510–512.
Wang G, Hao J, Ma J, Huang L. A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 2010;37(9):6225–6232.
Wang S, Deng C, Lin W, Huang GB, Zhao B. NMF-based image quality assessment using extreme learning machine. IEEE Trans Cybern 2017;47(1):232–243.
Xu K, Zhang ZL, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans Netw 2008;16:1241–1252.
Yassin W, Udzir NI, Muda Z, Sulaiman MN. Anomaly-based intrusion detection through k-means clustering and naives bayes classification. Proceedings of the 4th International Conference on Computing and Informatics; 2013. p. 298–303.
Funding
This work was supported by the research from SCOTT project. SCOTT (www.scott-project.eu) has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 737422. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Spain, Finland, Ireland, Sweden, Germany, Poland, Portugal, Netherlands, Belgium, Norway.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they have no conflict of interest.
Additional information
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Rights and permissions
About this article
Cite this article
Atli, B.G., Miche, Y., Kalliola, A. et al. Anomaly-Based Intrusion Detection Using Extreme Learning Machine and Aggregation of Network Traffic Statistics in Probability Space. Cogn Comput 10, 848–863 (2018). https://doi.org/10.1007/s12559-018-9564-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12559-018-9564-y