Multiple Classifier Fusion With Cuttlefish Algorithm Based Feature Selection

Similar documents
Flow-based Anomaly Intrusion Detection System Using Neural Network

An Ensemble Data Mining Approach for Intrusion Detection in a Computer Network

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

Hybrid Feature Selection for Modeling Intrusion Detection Systems

Ensemble of Soft Computing Techniques for Intrusion Detection. Ensemble of Soft Computing Techniques for Intrusion Detection

International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 ISSN

Modeling Intrusion Detection Systems With Machine Learning And Selected Attributes

A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection

Diversified Intrusion Detection with Various Detection Methodologies Using Sensor Fusion

K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection

Feature Ranking in Intrusion Detection Dataset using Combination of Filtering Methods

Comparison Deep Learning Method to Traditional Methods Using for Network Intrusion Detection

International Journal of Scientific Research & Engineering Trends Volume 4, Issue 6, Nov-Dec-2018, ISSN (Online): X

Hybrid Network Intrusion Detection for DoS Attacks

CHAPTER 5 CONTRIBUTORY ANALYSIS OF NSL-KDD CUP DATA SET

INTRUSION DETECTION MODEL IN DATA MINING BASED ON ENSEMBLE APPROACH

Intrusion detection in computer networks through a hybrid approach of data mining and decision trees

Performance Analysis of various classifiers using Benchmark Datasets in Weka tools

Deep Learning Approach to Network Intrusion Detection

Intrusion Detection System with FGA and MLP Algorithm

Text Classification for Spam Using Naïve Bayesian Classifier

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 4, Issue 7, January 2015

Study of Machine Learning Based Intrusion Detection System

International Journal of Computer Engineering and Applications, Volume XI, Issue XII, Dec. 17, ISSN

6, 11, 2016 ISSN: X

Detection of Network Intrusions with PCA and Probabilistic SOM

Available online at ScienceDirect. Procedia Technology 24 (2016 )

Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations

SOFTWARE DEFECT PREDICTION USING IMPROVED SUPPORT VECTOR MACHINE CLASSIFIER

INTRUSION DETECTION WITH TREE-BASED DATA MINING CLASSIFICATION TECHNIQUES BY USING KDD DATASET

Based on the fusion of neural network algorithm in the application of the anomaly detection

DECISION TREE BASED IDS USING WRAPPER APPROACH

Cluster Based detection of Attack IDS using Data Mining

A Survey And Comparative Analysis Of Data

An Intelligent Clustering Algorithm for High Dimensional and Highly Overlapped Photo-Thermal Infrared Imaging Data

Dynamic Ensemble Construction via Heuristic Optimization

ANOMALY-BASED INTRUSION DETECTION THROUGH K- MEANS CLUSTERING AND NAIVES BAYES CLASSIFICATION

Noise-based Feature Perturbation as a Selection Method for Microarray Data

Enhancing Forecasting Performance of Naïve-Bayes Classifiers with Discretization Techniques

Network Traffic Measurements and Analysis

A study of Intrusion Detection System for Cloud Network Using FC-ANN Algorithm

Available online at ScienceDirect. Procedia Computer Science 89 (2016 )

FEATURE SELECTION TECHNIQUES

Classification Trees with Logistic Regression Functions for Network Based Intrusion Detection System

Toward Building Lightweight Intrusion Detection System Through Modified RMHC and SVM

Intrusion Detection Using Data Mining Technique (Classification)

Detecting Network Intrusions

Review on Data Mining Techniques for Intrusion Detection System

Feature Selection in the Corrected KDD -dataset

Application of the Generic Feature Selection Measure in Detection of Web Attacks

Analysis of Feature Selection Techniques: A Data Mining Approach

Intrusion Detection System based on Support Vector Machine and BN-KDD Data Set

Approach Using Genetic Algorithm for Intrusion Detection System

Intrusion detection system with decision tree and combine method algorithm

IDuFG: Introducing an Intrusion Detection using Hybrid Fuzzy Genetic Approach

Preprocessing of Stream Data using Attribute Selection based on Survival of the Fittest

An Efficient Decision Tree Model for Classification of Attacks with Feature Selection


An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree

Abnormal Network Traffic Detection Based on Semi-Supervised Machine Learning

Fabric Image Retrieval Using Combined Feature Set and SVM

HYBRID INTRUSION DETECTION USING SIGNATURE AND ANOMALY BASED SYSTEMS

Performance Analysis of Big Data Intrusion Detection System over Random Forest Algorithm

Effect of Principle Component Analysis and Support Vector Machine in Software Fault Prediction

Anomaly Detection in Communication Networks

Chapter 8 The C 4.5*stat algorithm

Data Mining Approaches for Network Intrusion Detection: from Dimensionality Reduction to Misuse and Anomaly Detection

An Optimized Genetic Algorithm with Classification Approach used for Intrusion Detection

Feature Selection for Black Hole Attacks

Two Level Anomaly Detection Classifier

An Overview of Data Mining and Anomaly Intrusion Detection System using K-Means

International Journal of Scientific & Engineering Research, Volume 6, Issue 6, June ISSN

Research on Applications of Data Mining in Electronic Commerce. Xiuping YANG 1, a

Improving the Efficiency of Fast Using Semantic Similarity Algorithm

A Review of Intrusion Detection System Using Fuzzy K-Means and Naive Bayes Classification Aman Mudgal l Rajiv Munjal 2

Combination of PCA with SMOTE Resampling to Boost the Prediction Rate in Lung Cancer Dataset

Keywords: Intrusion Detection System, k-nearest neighbor, Support Vector Machine, Primal Dual, Particle Swarm Optimization

Means for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content

A Review on Performance Comparison of Artificial Intelligence Techniques Used for Intrusion Detection

SPECIFICATION BASED INTRUSION DETECTION IN SOFTWARE DEFINED NETWORKING. VIT University, Vellore, India. 1.1 SDN Layers

Big Data Analytics for Host Misbehavior Detection

Iteration Reduction K Means Clustering Algorithm

Intrusion Detection by Combining and Clustering Diverse Monitor Data

REMOVAL OF REDUNDANT AND IRRELEVANT DATA FROM TRAINING DATASETS USING SPEEDY FEATURE SELECTION METHOD

CHAPTER 6 HYBRID AI BASED IMAGE CLASSIFICATION TECHNIQUES

Bayesian Learning Networks Approach to Cybercrime Detection

A genetic algorithm based focused Web crawler for automatic webpage classification

Machine Learning Techniques for Data Mining

International Journal of Software and Web Sciences (IJSWS)

PERFORMANCE EVOLUTION OF MACHINE LEARNING ALGORITHMS FOR NETWORK INTRUSION DETECTION SYSTEM

Intrusion Detection System Using New Ensemble Boosting Approach

Intrusion Detection System

IJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology

SNS College of Technology, Coimbatore, India

Diverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier

Network Intrusion Detection Using Deep Neural Networks

CLASSIFICATION WITH RADIAL BASIS AND PROBABILISTIC NEURAL NETWORKS

Best First and Greedy Search Based CFS and Naïve Bayes Algorithms for Hepatitis Diagnosis

A Feature Selection Method to Handle Imbalanced Data in Text Classification

ART 알고리즘특강자료 ( 응용 01)

Transcription:

Multiple Fusion With Cuttlefish Algorithm Based Feature Selection K.Jayakumar Department of Communication and Networking k_jeyakumar1979@yahoo.co.in S.Karpagam Department of Computer Science and Engineering, karpagamcse@kamarajengg.edu.in R.Ashok Department of Electronics and Communication Engineering, ashokr_online@yahoo.com Abstract-An intrusion detection system monitors whether the network event is malicious or normal for that network. Intrusion Detection Systems deal with a large amount of data, one of the crucial tasks of IDSs is to keep the best quality of features that represent the whole data and remove the redundant and irrelevant features.. Reducing the redundant information on a network packet shall improve the performance of the IDS A Wrapper based feature selection approach has been designed. The proposed model uses the cuttlefish algorithm (CFA) as a search strategy to ascertain the optimal subset of features and 3 different classifiers are used as a judgement on the selected features that are produced by the CFA. The NSL-KDD Cup 99 dataset is used to evaluate the proposed model. The results show that the feature subset obtained by using CFA gives a higher detection rate with a lower false alarm rate. Keywords-Intrusion detection, Cuttlefish algorithm (CFA), multiple-classifier, feature selection. ***** A. Intrusion Detection I. INTRODUCTION Over the past decades the development in computer networks is exponential. CERT statistics report concludes that the amount of intrusions is also growing every year. To reduce the amount of intruders activities on a network,security policies can be implemented on a network. Devices like firewall only prevent the unauthorized users from accessing the service. Attacker s uses different methods to find vulnerability in the security schemes implemented in a network. Intrusion detection is the process used to detect malicious activity on a network. Monitoring the network manually is a very tedious job Intrusion Detection System was developed to do the job automatically. Intrusion detection system is classified as Network intrusion detection system (NIDS) and Host intrusion detection system (HIDS) [1].The NIDS collect and examine data captured directly from the network. When packets pass through the network, they are captured and then the types and contents of packets are examined. Relying on the location where the data are collected, a NIDS monitor and analyze the traffic within a network or between a local network (LAN) and the Internet. A HIDS is usually a software running on the confined host, hence the coverage of the HIDS is restricted to only one machine. In order to protect an enterprise network, a HIDS must be installed on each individual system within the internal network. The process of examining the events in a computer system or network, and analyzing them for signs of intrusions is known as Intrusion Detection The primary classes of intrusion detection methodologies are Misuse Detection and Anomaly Detection. Misuse detection approach aims to encode the knowledge about patterns in the dataflow that are known to corresponding intrusive procedure in the form of specific signatures. Misuse detection is also called as Signature based detection. Misuse detection is fully effective in uncovering a known attack. Anomaly detection refers to the detection of pattern data that do not conform to the expected behavior. It is based on the assumption that all intrusive activities are necessarily anomalous. The overall Intrusion detection functions are Monitoring user and system activities Identification of attack pattern Analyzing system weakness B. Feature Selection To trace user policy violations to monitor the network events for intrusion, IDS have to process large amount of data in real time. Dimensionality reduction technique is used to reduce the number of the features. Feature selection is used to find the optimal feature set that represents the whole data without redundant information [2]. The simplest method is to test every possible combination of 263

features and select the one which gives the best result. For a ANN structure design could be condensed. Then, the PSO high dimensional space the exhaustive search needs a high was employed to optimize the structural parameters of the computation timer. Feature selection algorithm is used to ANN. Adel Sabry Eesa, Zeynep Orman, Adnan Mohsin find the optimal feature set efficiently with reduced search Abdulazeez Brifcani [8], uses the cuttlefish algorithm (CFA) time. as a search tactic to determine the best subset of features and The feature selection process consists of three steps the decision tree (DT) classifier as a judgment on the 1.Subset generation selected features that are produced by the CFA. 2.Subset evaluation 3.Stopping criteria. The feature subset may be generated randomly or III. PROPOSED METHOD heuristic based. Then the generated feature subset is given to A. Feature selection a classifier for evaluation. This process is done until the Feature selection is a technique for selecting the best stopping criteria are met. A feature selection algorithm can subset of features that produce a better characterization of be seen as the combination of a search technique for patterns belonging to different classes. Feature selection proposing new feature subsets, along with an evaluation method are classified into measure which scores the different feature subsets. The Wrapper approach simplest algorithm is to test each possible subset of features Filter approach and finding the one which minimizes the error rate. This is Instead of processing data with the whole features to the an exhaustive search of the space, and is computationally learning algorithm directly, feature selection for intractable for all but the smallest of feature sets. The choice classification will first perform feature selection to select a of evaluation metric heavily influences the algorithm, and it subset of features and then process the data with the selected is these evaluation metrics which distinguish between the features to the learning algorithm. The feature selection three main categories of feature selection algorithms: phase might be ndependent of the learning algorithm, like wrappers, filters and embedded methods. filter models, or it may iteratively utilize the performance of A feature selection based on the multiple classifiers the learning algorithms to evaluate the quality of the can further use the above experimental observation that selected features, like wrapper models [10]. With the finally attack feature can be collected separately in different feature selected features, a classifier is induced for the prediction subset. First each feature subset is used independently to phase. Usually feature selection for classification attempts to perform attack detection. Then the feature is combined to select the minimally sized subset of features.in this paper, produce the final decision. The effectiveness of multiple cuttlefish algorithm wrapper based method is used for classifiers depends on the decision fusion function. Decision selecting most relevant feature.in this paper, cuttlefish fusion function combine the multiple classifier result and algorithm a wrapper based method is used for selecting most give the better classification accuracy. In the proposed relevant feature system, same feature selection algorithm is used in more than one IDS [3]. But each Intrusion detection system uses different classifier. Decision fusion is used to obtain the best result. II. RELATED WORK Adhi Tama and Kyung Hyune Rhee [5], evolutionary algorithm is used for feature selection. They developed particle swarm optimization (PSO) for feature selection and the ensembles of tree-based classifiers (C4.5, Random Forest and CART) perform the classification task. Mohammed A. Ambusaidi and Zhiyuan Tan [6], filter based feature selection could handle linearly and nonlinearly dependant data features. Classification is done by SVM classifier. Though ANN used to detect attacks in IDS but provide the less accuracy due to its design to solve this Anqing Wu and Li Feng [7], The ICA was used to fuse the complex intrusion input and hence attain renowned characteristics (that is, self-determining components, ICs) about the original data. By the use of ICs, the intricate of the Figure 1. Proposed Architecture 264

B. Cuttlefish Algorithm better than bestsubset, the bestsubset will be replaced with The algorithm was developed based on the that new subset. techniques used by the cuttlefish to change its skin colour Case 6 for camouflage. The two main process used in CFA are After best k solutions are used in Cases 1 and 2 to Reflection and Visibility to generate a new solution. The generate new solutions. In this case the remaining solutions reflection process mimics or simulates how the cells of of P will be generated randomly. This operator is the same cuttlefish reflect the light. Visibility process simulates the as in the initialization step. The AVBestsubset will be visibility of matching patterns. replaced with the best new generated solution if the new Initialization solution is better than it, after DT is used to evaluate the new the algorithm starts with a population P of N initial generation. solutions generated randomly, P The work of these cases is repeated until the stop [N] = cells[n] = {p1, p2, p3,, pn}. Each pi is associated criterion, such as number of iterations, is satisfied. with two subsets: selectedfeatures and unselectedfeatures. The DT classifier will evaluate each selectedfeatures in each pi, the best solution will be kept in both AVBestsubset and bestsubset. As we mentioned before, the size of bestsubset is less than AVBestsubset by one element, so we have to remove one element from bestsubset randomly. Cases 1 and 2 In these cases, the best k of population P will be used to generate new subsets. This can be done by sorting the P in descending order based on the fitness values and choosing the first k subsets from P, where k is a random number between (1, N/2), N is the size of P. After that, the new subsets will be generated from each subset in k subsets using Reflection set and Visibility set. Where Reflectioni is a set with R features selected randomly from selectedfeatures that is associated with pi, i = {1, 2,, k}, and Visibilityi is a set with V features selected randomly from unselectedfeatures which is also associated with pi. The combination (union) of Reflectioni and Visibilityi will produce a new subset. The DT will evaluate the new produced subset. If there is any new generated subset better than AVBestsubset, AVBestsubset will be replaced with it. Cases 3 and 4 In these two cases, a single feature-exchanging operator is used to produce new solutions from bestsubset. A random feature is selected from selectedfeatures to be exchanged with another random feature selected from unselectedfeatures, where selectedfeatures and unselectedfeatures are the two subsets associated with bestsubset. This operator is repeated t times, where t is an integer constant value; its value is specified by the user. If any new produced solution is better than bestsubset, replace bestsubset with it. Case 5 In this case, the AVBestsubset will be used to produce R subsets of features by removing one element from AVBestsubset each time. The number of generations (R) is equal to the size of AVBestsubset. Each of the generated group will be evaluated by the DT, if any new subset is C. Multiple-classifier approach The combination of multiple classifiers has been viewed as a new direction for the development of highly reliable intrusion detection system [4]. The three classifiers used in this system are J48,Random Forest and Naïve Bayesian. The most relevant features are selected by the CFA using all the three used classifiers. These selected features are classified by the different classifier. Classification output given by the classifiers J48, Random Forest and Naive Bayes are used in taking the final decision. Decision fusion is done with the help of majority voting algorithm [9]. Multiple classifiers are used to achieve better accuracy. IV. RESULT AND DISCUSSION A. System Setup The proposed system model is simulated in NetBeans IDE using JAVA on a laptop powered by Dual core AMD A4 3330x APU @ 2.30 GHz and 2 GB DDR3 RAM @ 1333MHz. In the proposed model the NSL-KDD dataset is used to benchmark the system. The system was trained using a training data set with 17342 instances and tested using a test dataset with 25192 instances. B. Dataset NSL-KDD data set is used to train and test the proposed model. It has the lower complexity level. This is the improved version of KDD CUP99 dataset. It doesn t contain any redundant records and help the classifier to produce the best result. In NSL-KDD, each record has the 41 attributes and it is classified as either normal or attack. TABLE 1. NSL-KDD CUP99 DATASET INFORMATION Class Train Dataset Test Dataset Normal 8317 13449 DoS 6536 9234 R2L 209 209 Probe 2269 2289 U2R 11 11 Total Instances 17342 25192 265

% % International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169 C. Performance evaluation In order to estimate the efficiency of the proposed 100 model, we use performance measures: Detection rate, false alarm rate and accuracy. Evaluation parameters are: 50 True Positive (TP): detect the attack packet as it is. False Positive (FP): detect the normal packet as attack. True Negative (TN): no detection of attack packet. False Negative (FN): detect the attack packet as normal 0 Performance i)attack Detection Rate (ADR) measure the correctly detected attack. TP Detection Rate *100 (1) TP FN ii)false Alarm Rate (FAR) measures the number of false alarm generated by the proposed model. FP False Alarm Rate *100 (2) TN FP iii)accuracy shows the proposed model has the ability to correctly detect the attacks. TP TN Accuracy *100 (3) TP TN FP FN D. Experimental Result Single Performance All experiments were performed using an Intel Core i5 processor with 4 GB of RAM under windows7. The evaluation of classifiers such as J48, Naïve Bayes and Random forest with all 41 features (without Feature selection) is done and the result are shown in Table 2 and Fig. 2. From the Table 2 it s found that the accuracy of all the classifiers is too low. TABLE 2. CLASSIFIERS PERFORMANCE FOR 41 FEATURES J48 75.21 23 63.97 Naive Bayes 77.9 22.09 55.77 Random Forest 74.77 23 62.98 Figure 2. Single Performance without feature selection Then same process is done with the selected features using CFA. The results are shown in Table 3and Fig. 3. Using CFA, minimum number of features is selected. For these features above 3 classifier give the better accuracy. For selected features, Naïve Bayes give the better accuracy rate 86.55%. It also gives the better attack detection rate. Using CFA, Naïve Bayes give the better result. TABLE 3. CLASSIFIERS PERFORMANCE WITH FEATURE SELECTION No of Features J48 20 80.32 19 80.85 Naive Bayes 5 86.22 13 86.55 RandomForest 7 82.99 17.1 79.71 100 J48 Naive Bayes Random Forest 50 0 No of Features Performance J48 Naive Bayes Random Forest Figure 3. Single Performance with feature selection E. Multi classifier Performance In our proposed model, combining all these classifiers with the majority voting fusion rule it gives the 266

overall better accuracy rate using minimum number of selected features is shown in Table 4. Multi TABLE 4. MULTI CLASSIFIER PERFORMANCE No. of Features 20 85.25 14.05 91.23 Table 4.3: Performance of multi classifier using CFA. CONCLUSION In this paper, multi classifier fusion with CFA based feature selection is proposed. The cuttlefish algorithm is used to remove the redundant information from the data and to select the best feature set for individual classifiers. The feature set derived from the CFA is used to train the different IDS. The evaluation of the IDS is done using NSL- KDD test dataset. Three experiments had been carried out. In experiment I the classification performance of three classifiers using all features is found out. In experiment II the classification performance of three classifiers using selected features found using CFA is found out. In experiment III hybrid intrusion detection system was created with J48, Random forest and Naïve Bayesian and decision fusion is done by majority voting rule. The performance of the Experiment III gives very good results. selection algorithm, IEEE Transactions on Computers, 2014. [7] Anqing Wu and Li Feng, Information Fusion and Intelligent Pattern Recognition for Network Intrusion in Industrial Network Systems Based on ICA and PSO ANN, Green Communications and Networks, Lecture Notes in Electrical Engineering, Springer Science Business Media B.V. 2012. [8] Adel Sabry Eesa, Zeynep Orman, Adnan Mohsin Abdulazeez Brifcani, A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems, Expert Systems with Applications, pp. 2670 2679, 2015. [9] Jayakumar Kaliappan, Revathi Thiagarajan, and Karpagam Sundararajan, Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection, Hindawi Publishing Corporation, Scientific World Journal, 2015, Article ID 314601. [10] Jayakumar Kaliappan, Revathi Thiagarajan, and Karpagam Sundararajan, Intrusion Detection using Artificial Neural Networks (ANN) with best set of features, The International Arab Journal of Information, Vol. 2015, REFERENCES [1] Monowar H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools, IEEE Communications Surveys & Tutorials, Vol. 16, No. 1, First Quarter 2014. [2] F.Amiri, M.Rezaei yousefi, C. lucas, A.Shakery, N. Yazdani, Information based feature selection for intrusion detection systems, Journals of Network and Computer Application, Vol. 34, Issue 4, 2011. [3] Meesala Shobha Rani, S. Basil Xavier, A Hybrid Intrusion Detection System Based on C 5.0 Decision Tree Algorithm and One-Class SVM with CFA, International Journal of Innovative Research in Computer and Communication Engineering, Vol. 3, Issue 6, June 2015 [4] Giorgio Giacinto, Fabio Roli, Luca Didaci, Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters Vol. 24, pp.1795 1803, 2003. [5] Bayu Adhi Tama and Kyung Hyune Rhee, A Combination of PSO-Based Feature Selection and Tree-Based s Ensemble for Intrusion Detection Systems, Springer Science Business Media Singapore, 2015. [6] Mohammed A. Ambusaidi, Zhiyuan Tan, Building an intrusion detection system using a filter-based feature 267

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback