TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection
<p>Machine learning techniques are becoming mainstream in intrusion detection systems as they allow real-time response and have the ability to learn and adapt. By using a comprehensive dataset with multiple attack types, a well-trained model can be created to improve the anomaly detection perf...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , , , |
| Published: |
2020
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513560847056896 |
|---|---|
| author | Zina Chkirbene (16869987) |
| author2 | Aiman Erbad (14150589) Ridha Hamila (7006457) Amr Mohamed (3508121) Mohsen Guizani (12580291) Mounir Hamdi (14150652) |
| author2_role | author author author author author |
| author_facet | Zina Chkirbene (16869987) Aiman Erbad (14150589) Ridha Hamila (7006457) Amr Mohamed (3508121) Mohsen Guizani (12580291) Mounir Hamdi (14150652) |
| author_role | author |
| dc.creator.none.fl_str_mv | Zina Chkirbene (16869987) Aiman Erbad (14150589) Ridha Hamila (7006457) Amr Mohamed (3508121) Mohsen Guizani (12580291) Mounir Hamdi (14150652) |
| dc.date.none.fl_str_mv | 2020-05-15T00:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1109/access.2020.2994931 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/TIDCS_A_Dynamic_Intrusion_Detection_and_Classification_System_Based_Feature_Selection/24056217 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Feature extraction Intrusion detection Heuristic algorithms Cloud computing Machine learning Computational modeling Machine learning algorithms Cloud security Node past behavior Feature selection Trustworthiness System cleansing Machine learning techniques |
| dc.title.none.fl_str_mv | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p>Machine learning techniques are becoming mainstream in intrusion detection systems as they allow real-time response and have the ability to learn and adapt. By using a comprehensive dataset with multiple attack types, a well-trained model can be created to improve the anomaly detection performance. However, high dimensional data present a significant challenge for machine learning techniques. Processing similar features that provide redundant information increases the computational time, which is a critical problem especially for users with constrained resources (battery, energy). In this paper, we propose two models for intrusion detection and classification scheme Trust-based Intrusion Detection and Classification System (TIDCS) and Trust-based Intrusion Detection and Classification System- Accelerated (TIDCS-A) for secure network. TIDCS reduces the number of features in the input data based on a new algorithm for feature selection. Initially, the features are grouped randomly to increase the probability of making them participating in the generation of different groups, and sorted based on their accuracy scores. Only the high ranked features are then selected to obtain a classification for any received packet from the nodes in the network, which is saved as part of the node's past performance. TIDCS proposes a periodic system cleansing where trust relationships between participant nodes are evaluated and renewed periodically. TIDCS-A proposes a dynamic algorithm to compute the exact time for nodes cleansing states and restricts the exposure window of the nodes. The final classification decision for both models is estimated by incorporating the node's past behavior with the machine learning algorithm. Any detected attack reduces the trustworthiness of the nodes involved, leading to a dynamic system cleansing. An evaluation of TIDCS and TIDCS-A using the NSL-KDD and UNSW datasets shows that both models can detect malicious behaviors providing higher accuracy, detection rates, and lower false alarm than state-of-art techniques. For instance, for UNSW dataset, the accuracy detection is 91% for TICDS, 83.47%by using online AODE, 88% for CADF, 90% for EDM, 90% for TANN and 69.6% for NB. Consequently, TICDS has better performance than the state of art techniques in terms of accuracy detection, while providing good detection and false alarm rates.</p><h2>Other Information</h2><p>Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0/legalcode" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2020.2994931" target="_blank">https://dx.doi.org/10.1109/access.2020.2994931</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_a1caf318b2c7f28e30243bb3e88d4ad6 |
| identifier_str_mv | 10.1109/access.2020.2994931 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/24056217 |
| publishDate | 2020 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature SelectionZina Chkirbene (16869987)Aiman Erbad (14150589)Ridha Hamila (7006457)Amr Mohamed (3508121)Mohsen Guizani (12580291)Mounir Hamdi (14150652)Information and computing sciencesCybersecurity and privacyDistributed computing and systems softwareMachine learningFeature extractionIntrusion detectionHeuristic algorithmsCloud computingMachine learningComputational modelingMachine learning algorithmsCloud securityNode past behaviorFeature selectionTrustworthinessSystem cleansingMachine learning techniques<p>Machine learning techniques are becoming mainstream in intrusion detection systems as they allow real-time response and have the ability to learn and adapt. By using a comprehensive dataset with multiple attack types, a well-trained model can be created to improve the anomaly detection performance. However, high dimensional data present a significant challenge for machine learning techniques. Processing similar features that provide redundant information increases the computational time, which is a critical problem especially for users with constrained resources (battery, energy). In this paper, we propose two models for intrusion detection and classification scheme Trust-based Intrusion Detection and Classification System (TIDCS) and Trust-based Intrusion Detection and Classification System- Accelerated (TIDCS-A) for secure network. TIDCS reduces the number of features in the input data based on a new algorithm for feature selection. Initially, the features are grouped randomly to increase the probability of making them participating in the generation of different groups, and sorted based on their accuracy scores. Only the high ranked features are then selected to obtain a classification for any received packet from the nodes in the network, which is saved as part of the node's past performance. TIDCS proposes a periodic system cleansing where trust relationships between participant nodes are evaluated and renewed periodically. TIDCS-A proposes a dynamic algorithm to compute the exact time for nodes cleansing states and restricts the exposure window of the nodes. The final classification decision for both models is estimated by incorporating the node's past behavior with the machine learning algorithm. Any detected attack reduces the trustworthiness of the nodes involved, leading to a dynamic system cleansing. An evaluation of TIDCS and TIDCS-A using the NSL-KDD and UNSW datasets shows that both models can detect malicious behaviors providing higher accuracy, detection rates, and lower false alarm than state-of-art techniques. For instance, for UNSW dataset, the accuracy detection is 91% for TICDS, 83.47%by using online AODE, 88% for CADF, 90% for EDM, 90% for TANN and 69.6% for NB. Consequently, TICDS has better performance than the state of art techniques in terms of accuracy detection, while providing good detection and false alarm rates.</p><h2>Other Information</h2><p>Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0/legalcode" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2020.2994931" target="_blank">https://dx.doi.org/10.1109/access.2020.2994931</a></p>2020-05-15T00:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1109/access.2020.2994931https://figshare.com/articles/journal_contribution/TIDCS_A_Dynamic_Intrusion_Detection_and_Classification_System_Based_Feature_Selection/24056217CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/240562172020-05-15T00:00:00Z |
| spellingShingle | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection Zina Chkirbene (16869987) Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Feature extraction Intrusion detection Heuristic algorithms Cloud computing Machine learning Computational modeling Machine learning algorithms Cloud security Node past behavior Feature selection Trustworthiness System cleansing Machine learning techniques |
| status_str | publishedVersion |
| title | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| title_full | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| title_fullStr | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| title_full_unstemmed | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| title_short | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| title_sort | TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection |
| topic | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Feature extraction Intrusion detection Heuristic algorithms Cloud computing Machine learning Computational modeling Machine learning algorithms Cloud security Node past behavior Feature selection Trustworthiness System cleansing Machine learning techniques |