Semi-supervised multi-layered clustering model for intrusion detection

Al-Jarrah, Omar Y.; Al-Hammdi, Yousof; Yoo, Paul D.; Muhaidat, Sami; Al‐Qutayri, Mahmoud

doi:10.1016/j.dcan.2017.09.009

Cited by 53 publications

(18 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The study concluded that random tree classifier was the winner under various performance metrics. RUSBoost [120,137,146] Not mentioned [137] LogitBoost [94,103,120] GentleBoost [53,120] LPBoost [62] RealBoost [53,56] MultiBoost [56] CatBoost [107,147] ModestBoost [53] Random subspace [46,137,146] Rotation forest [55,56,70,85,110,111] Tree Maximum probability voting [68,106,135] Product probability voting [68,135] Sum probability voting [76] Minimum probability voting [68,145] Median probability voting [106,145] Bayesian [98] Al-Jarrah et al [80] proposed a semi-supervised multi-layered clustering (SMLC) model for IDSs. The performance of SMLC was compared with that of supervised ensemble ML models and a well-known semi-supervised model (i.e., tri-training).…”

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

101

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are intrinsically linked to a comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques. Furthermore, this study reports and analyzes an empirical investigation of a new classifier ensemble approach, called stack of ensemble (SoE) for anomaly-based IDS. The SoE is an ensemble classifier that adopts parallel architecture to combine three individual ensemble learners such as random forest, gradient boosting machine, and extreme gradient boosting machine in a homogeneous manner. The performance significance among classification algorithms is statistically examined in terms of their Matthews correlation coefficients, accuracies, false positive rates, and area under ROC curve metrics. Our study fills the gap in current literature concerning an up-to-date systematic mapping study, not to mention an extensive empirical evaluation of the recent advances of ensemble learning techniques applied to IDSs.

show abstract

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

101

View full text Add to dashboard Cite

show abstract

“…Thus, such learning could be useful in situations where there is an absence of large amounts of labelled data; an example is the case of a photo archive where not all images are labelled, thus consisting of some unlabeled data, one of which is used to enhance the accuracy of IDS [78,79]. In another study, two semi-supervised Spectral Graph Transducers used for classification and the Gaussian Fields technique were employed for detecting attacks that are not known, while a semi-unsupervised clustering approach, known as the Metric Pairwise Constrained K-Means (MPCK-Means), was employed for improving the manner in which detection systems perform [80].…”

Section: Semi-supervised Learningmentioning

confidence: 99%

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

et al. 2021

View full text Add to dashboard Cite

In this article, a Host-Based Intrusion Detection System (HIDS) using a Modified Vector Space Representation (MVSR) N-gram and Multilayer Perceptron (MLP) model for securing the Internet of Things (IoT), based on lightweight techniques and using Fog Computing devices, is proposed. The Australian Defence Force Academy Linux Dataset (ADFA-LD), which contains exploits and attacks on various applications, is employed for the analysis. The proposed method is divided into the feature extraction stage, the feature selection stage, and classification modeling. To maintain the lightweight criteria, the feature extraction stage considers a combination of 1-gram and 2-gram for the system call encoding. In addition, a Sparse Matrix is used to reduce the space by keeping only the weight of the features that appear in the trace, thus ignoring the zero weights. Subsequently, Linear Correlation Coefficient (LCC) is utilized to compensate for any missing N-gram in the test data. In the feature selection stage, the Mutual Information (MI) method and Principle Component Analysis (PCA) are utilized and then compared to reduce the number of input features. Following the feature selection stage, the modeling and performance evaluation of various Machine Learning classifiers are conducted using a Raspberry Pi IoT device. Further analysis of the effect of MLP parameters, such as the number of nodes, number of features, activation, solver, and regularization parameters, is also conducted. From the simulation, it can be seen that different parameters affect the accuracy and lightweight evaluation. By using a single hidden layer and four nodes, the proposed method with MI can achieve 96% accuracy, 97% recall, 96% F1-Measure, 5% False Positive Rate (FPR), highest curve of Receiver Operating Characteristic (ROC), and 96% Area Under the Curve (AUC). It also achieved low CPU time usage of 4.404 (ms) milliseconds and low energy consumption of 8.809 (mj) millijoules.

show abstract

“…The anomalies are the data instances whose characteristics deviate significantly from the built model. Al‐Jarrah et al 97 proposed a semisupervised multilayered clustering (SMLC) model for the detection of network attacks. SMLC assumes that the resulting clusters of the K‐Means algorithm depend on the chosen number of clusters.…”

Section: Anomaly‐based Intrusion Detection Techniquesmentioning

confidence: 99%

Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets

Hajj

Sibai

Abdo

et al. 2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

With the Internet's unprecedented growth and nations' reliance on computer networks, new cyber‐attacks are created every day as means for achieving financial gain, imposing political agendas, and developing cyberwarfare arsenals. Network security is thus acquiring increasing attention among researchers, practitioners, network architects, policy makers, and others. To defend organizations' networks from existing, foreseen, and future threats, intrusion detection systems (IDSs) are becoming a must. Existing surveys on anomaly‐based IDS (AIDS) focus on specific components such as detection mechanisms and lack many others. In contrast to existing surveys, this article covers the full scope needed by researchers and practitioners alike when studying AIDS. The scope ranges from the intrusion detection techniques to attacks forms and passing through the relevant attack features, most‐used datasets, challenges, and potential solutions. This article provides an exhaustive review of IDSs and discusses their requirements and performance metrics in deep. It presents a taxonomy of IDSs based on four criteria: information source, detection strategy, detection mode, and architecture. Then, in‐depth analysis and a comparison of network intrusion detection approaches based on anomaly detection techniques are given. The article also introduces a classification of computer network attacks, along with their different forms and the relevant network traffic features to detect them, as well as a summary of the popular datasets used by the researchers to evaluate the IDSs. Finally, the article highlights several research challenges and the possible solutions to deal with them.

show abstract

Semi-supervised multi-layered clustering model for intrusion detection

Cited by 53 publications

References 21 publications

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets

Contact Info

Product

Resources

About