Open Access Open Access  Restricted Access Subscription Access

Towards Improved Detection of Intrusions with Constraint-Based Clustering (CBC)


Affiliations
1 Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
2 Department of Information Science and Engineering, CMR Institute of Technology, Bangalore, India
3 Department of Computer Science and Engineering, SRM Institute of Science and Technology, SRM Nagar, Chennai, Tamil Nadu, India
 

The modern society is greatly benefited by the advancement of the Internet. The quick surge in the number of connections and the ease of access to the Internet have given rise to tremendous security threat to individuals and organizations. In addition to intrusion prevention techniques like firewalls, intrusion detection systems (IDS) are an obligatory level of safety for establishments to identify insiders and outsiders with malicious intentions. Anomaly-based IDS is in the literature for the last few decades, but still the existing methods lack in three main aspects – difficulty in handling mixed attribute types, more dependence on input parameters and incompetence in maintaining a good balance between detection rate (DR) and false alarm rate (FAR). The research work proposed in this paper proposes a semi supervised IDS based on outlier detection which first selects the important features that help in identifying intrusive events and then applies a constraint-based clustering algorithm to closely learn the properties of normal connections. The proposed method can handle data with mixed attribute types efficiently, requires less number of parameters and maintains a good balance between DR and FAR. The standard NSL-KDD benchmark dataset is used for performance evaluation and the experimental results yielded an overall DR of 99.52% and FAR of 1.15%. It is successful in identifying 99.81% of DoS attacks, 99.71% of Probe attacks, 98.73% of R2L attacks and 96.50% of U2R attacks.

Keywords

Anomaly, Classification, Feature Extraction, NSL-KDD Dataset, Outlier, Intrusion Detection.
User
Notifications
Font Size

  • V. Chandola, A. Banerjee and V. Kumar, “Anomaly Detection: A Survey”, in ACM Computing Surveys (CSUR), ACM, Vol. 41, No.3, pp. 1-58, 2009.
  • V. Hodge and J. Austin, “A Survey of Outlier Detection Methodologies”, Artificial Intelligence Review, Vol. 22, No. 2, pp. 85-126, 2004.
  • M. I. Petrovskiy, “Outlier Detection Algorithms in Data Mining Systems”, Programming and Computer Software, Vol. 24, No. 4, pp. 228-237, 2003;
  • E. M. Knorr and T. Ng. Raymond, Finding intensional knowledge of distance-based outliers, in VLDB, vol. 99, pp. 211-222, 1999.
  • F. Angiulli, S. Basta and C. Pizzuti, “Distance-based detection and prediction of outliers”, IEEE Transactions on Knowledge and Data Engineering, Vol.18, No. 2, 2005, pp. 145-160.
  • J. Zhang, “Advancements of outlier detection: A Survey”, ICST Transactions on Scalable Information Systems, Vol. 13, No. 1, 2013, pp. 1-26.
  • M. M. Breunig, H. P. Kriegel, R. T. Ng and J. Sander, “LOF: Identifying Density-based Local Outliers” in Proceedings of the 2000 ACM SIGMOD International Conference on Management of data, 2000, pp. 93-104.
  • S. Ramaswamy, R. Rastogi and K. Shim, “Efficient algorithms for mining outliers from large data sets”, in Proceedings of the 2000 ACM SIGMOD International conference on Management of Data, 2000, pp. 427-438.
  • Z. He, X. Xu, Z.J. Huang and S. Deng, “FP-outlier: Frequent pattern based outlier detection”, Computer Science and Information Systems, Vol. 2, No. 1, 2015, pp. 103-118.
  • C.C. Aggarwal, “Data Mining: Text Book”, Springer International Publishing, Switzerland, 2015, pp. 246-248.
  • P. Murugavel and M. Punithavalli, “Improved Hybrid Clustering and Distance-based Technique for outlier removal”, International Journal of Computer Science and Engineering (IJCSE), Vol. 3, No. 1, 2011, pp. 333-339.
  • S. Cherednichenko, “Outlier Detection in Clustering”, University of Joensuu, Department of Computer Science (Doctoral dissertation, Master’s Thesis), 2005.
  • C. H. Teixeira, G. H. Orair, W. Meira Jr and S. Parthasarathy, “An efficient algorithm for outlier detection in high dimensional real databases” in Technical report, University of Minas Gerais, 2008.
  • G. Singh, F. Masseglia, C. Fiot, A. Marascu and P. Poncelet, “Data mining for intrusion detection: from outliers to true intrusions”, In Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Berlin, Heidelberg, 2009, pp. 891-898.
  • P. Casas, J. Mazel and P. Owezarski, “UNADA: Unsupervised Network Anomaly Detection using Sub-space Outliers Ranking”, in International Conference on Research in Networking, Springer, Berlin, Heidelberg, 2011, pp. 40-51.
  • M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, “NADO: Network Anomaly Detection using Outlier approach”, in Proceedings of the 2011 International Conference on Communication, Computing & Security, 2011, pp. 531-536.
  • E. De la Hoz, E. De la Hoz, A. Ortiz, J. Ortega, and B. Prie, “PCA filtering and probabilistic SOM for network anomaly detection”, Neurocomputing, Vol. 164, pp. 71-81, 2015.
  • H. Mohamad Tahir, W. Hasan, A. Md Said, N.H. Zakaria, N. Katuk, N.F. Kabir, M.H. Omar, O. Ghazali, and N.I. Yahaya, “Hybrid machine learning technique for intrusion detection system”, in Proc. ICOCI, 2015, pp. 464-472.
  • R. Singh, H. Kumar, and R.K. Singla, “An intrusion detection system using network traffic profiling and online sequential extreme learning machine”, Expert Systems with Applications, Vol.42, No.22, 2015, pp. 8609-8624.
  • M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita, “A multi-step outlier-based anomaly detection approach to network-wide traffic”, Information Science, Vol. 348, 2016, pp. 243-271.
  • S.M.H. Bamakan, H. Wang, T. Yingjie, and Y. Shi, “An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization”, Neurocomputing, vol. 199, 2016, pp. 90-102.
  • A.C. Enache, and V. Sgarciu, “Anomaly intrusions detection based on support vector machines with an improved bat algorithm”, in Proc. CSCS, 2015, pp. 317-321.
  • E.K. Viegas, A.O. Santin and L.S. Oliveira, “Toward a reliable anomaly-based intrusion detection in real-world environments”, Computer Networks, Vol. 127, 2017, pp. 200-216.
  • S. Aljawarneh, M. Aldwairi and M.B. Yassein, “Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model”, Journal of Computational Science, vol. 25, 2018, pp. 152-160.
  • P.A.A. Resende and A.C.Drummond, “Adaptive anomaly-based intrusion detection system using genetic algorithm and profiling”, Security and Privacy, Vol. 1, No. 4, 2018, p.e36.
  • E. Min, J. Long, Q. Liu, J. Cui and W. Chen, “TR-IDS: Anomaly-based intrusion detection through text-convolutional neural network and random forest”, Security and Communication Networks, 2018.
  • B.A. Tama, M. Comuzzi and K.H. Rhee, “TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system”, IEEE Access, Vol. 7, 2019, pp. 94497-94507.
  • S. Dwivedi, M. Vardhan, S. Tripathi and A.K. Shukla, “Implementation of adaptive scheme in evolutionary technique for anomaly-based intrusion detection”, Evolutionary Intelligence, Vol. 13, No. 1, 2020, pp. 103-117.
  • S. Zavrak, M. Iskefiyeli, Anomaly-based intrusion detection from network flow features using variational autoencoder, IEEE Access, Vol. 8, 2020, pp. 108346-108358.
  • L. Zhiqiang, L. Zhijun, G. Ting and S. Yucheng, “A Three-Layer Architecture for Intelligent Intrusion Detection using Deep Learning”, In Proceedings of Fifth International Congress on Information and Communication Technology, Springer, Singapore, 2021, pp. 245-255.
  • W. Cui, Q. Lu, A.M. Qureshi, W. Li and K. Wu, “An adaptive LeNet-5 model for anomaly detection”, Information Security Journal: A Global Perspective, Vol. 30, No. 1, 2021, pp. 19-29.
  • Z.A. Bakar, R. Mohemad, A. Ahmad and M.M. Deris, “A comparative study for outlier detection techniques in data mining”, in 2006 IEEE Conference on Cybernetics and Intelligent Systems, 2006, pp. 1-6, IEEE.
  • A.K. Tung, J. Han, L.V. Laskhmanan and R.T. Ng, “Constraint-based clustering in large databases”, in International Conference on Database Theory, Springer, 2001, pp. 405-419.
  • P. Gogoi, D.K. Bhattacharyya, B. Borah and J.K. Kalita, “A survey of outlier detection methods in network anomaly identification”, The Computer Journal, Vol. 54, No. 4, 2011, pp. 570-588.
  • S. Ganapathy, N. Jaisankar, P. Yogesh and A. Kannan, “Intelligent agent-based intrusion detection system using enhanced multiclass SVM”, Computational Intelligence and Neuroscience, vol. 2012, 10 pages.
  • J.R. Beulah and D.S. Punithavathani, “Simple Hybrid Feature Selection (SHFS) for enhancing network intrusion detection with NSL-KDD dataset”, International Journal of Applied Engineering Research, Vol. 10, No. 19, 2015, pp. 40498-40505.
  • J.R. Beulah and D.S. Punithavathani, “A hybrid feature selection method for improved detection of wired/wireless network intrusions”, Wireless Personal Communications, Vol. 98, No. 2, 2018, pp. 1853-1869.

Abstract Views: 313

PDF Views: 0




  • Towards Improved Detection of Intrusions with Constraint-Based Clustering (CBC)

Abstract Views: 313  |  PDF Views: 0

Authors

J. Rene Beulah
Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
C. Pretty Diana Cyril
Department of Computer Science and Engineering, College of Engineering and Technology, SRM Institute of Science and Technology, SRM Nagar, Kattankulathur, Kanchipuram, Chennai, Tamil Nadu, India
S. Geetha
Department of Information Science and Engineering, CMR Institute of Technology, Bangalore, India
D. Shiny Irene
Department of Computer Science and Engineering, SRM Institute of Science and Technology, SRM Nagar, Chennai, Tamil Nadu, India

Abstract


The modern society is greatly benefited by the advancement of the Internet. The quick surge in the number of connections and the ease of access to the Internet have given rise to tremendous security threat to individuals and organizations. In addition to intrusion prevention techniques like firewalls, intrusion detection systems (IDS) are an obligatory level of safety for establishments to identify insiders and outsiders with malicious intentions. Anomaly-based IDS is in the literature for the last few decades, but still the existing methods lack in three main aspects – difficulty in handling mixed attribute types, more dependence on input parameters and incompetence in maintaining a good balance between detection rate (DR) and false alarm rate (FAR). The research work proposed in this paper proposes a semi supervised IDS based on outlier detection which first selects the important features that help in identifying intrusive events and then applies a constraint-based clustering algorithm to closely learn the properties of normal connections. The proposed method can handle data with mixed attribute types efficiently, requires less number of parameters and maintains a good balance between DR and FAR. The standard NSL-KDD benchmark dataset is used for performance evaluation and the experimental results yielded an overall DR of 99.52% and FAR of 1.15%. It is successful in identifying 99.81% of DoS attacks, 99.71% of Probe attacks, 98.73% of R2L attacks and 96.50% of U2R attacks.

Keywords


Anomaly, Classification, Feature Extraction, NSL-KDD Dataset, Outlier, Intrusion Detection.

References





DOI: https://doi.org/10.22247/ijcna%2F2021%2F207980