KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System

  • Alabdallah, Alaeddin (Computer Engineering Dept., Faculty of E&IT, An-Najah National University) ;
  • Awad, Mohammed (Computer Systems Engineering Dept., Faculty of E&IT, Arab American University)
  • Received : 2017.03.18
  • Accepted : 2018.04.16
  • Published : 2018.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Improving the intrusion detection system (IDS) is a pressing need for cyber security world. With the growth of computer networks, there are constantly daily new attacks. Machine Learning (ML) is one of the most important fields which have great contribution to address the intrusion detection issues. One of these issues relates to the imbalance of the diverse classes of network traffic. Accuracy paradox is a result of training ML algorithm with imbalanced classes. Most of the previous efforts concern improving the overall accuracy of these models which is truly important. However, even they improved the total accuracy of the system; it fell in the accuracy paradox. The seriousness of the threat caused by the minor classes and the pitfalls of the previous efforts to address this issue is the motive for this work. In this paper, we consolidated stratified sampling, cost function and weighted Support Vector Machine (WSVM) method to address the accuracy paradox of ID problem. This model achieved good results of total accuracy and superior results in the small classes like the User-To-Remote and Remote-To-Local attacks using the improved version of the benchmark dataset KDDCup99 which is called NSL-KDD.

Keywords

References

  1. Cisco, "Cisco 2016 annual security report," Cisco, 2016.
  2. R. Walters, "heritage," The heritage Foundation, 27 October 2014 . [Online]. Available: [Accessed 17 2 2017].
  3. S. M. Bellovin, "A look back at" security problems in the tcp/ip protocol suite," in Proc. of Computer Security Applications Conference, 2004. 20th Annual, 2004.
  4. D. Munjin and J.-H. Morin, "Toward internet of things application markets," in Proc. of Green Computing and Communications (GreenCom), 2012 IEEE International Conference on, 2012.
  5. M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network anomaly detection: methods, systems and tools," Ieee communications surveys \& tutorials, vol. 16, pp. 303-336, 2014. https://doi.org/10.1109/SURV.2013.052213.00046
  6. R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," in Proc. of Security and Privacy (SP), 2010 IEEE Symposium on, 2010.
  7. S. Revathi and A. Malathi, "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection," International Journal of Engineering Research and Technology. ESRSA Publications, 2013.
  8. P. Aggarwal and S. K. Sharma, "Analysis of KDD Dataset Attributes-Class wise for Intrusion Detection," Procedia Computer Science, vol. 57, pp. 842-851, 2015. https://doi.org/10.1016/j.procs.2015.07.490
  9. A.-C. Enache and V. V. Patriciu, "Intrusions detection based on support vector machine optimized with swarm intelligence," in Proc. of Applied Computational Intelligence and Informatics (SACI), 2014 IEEE 9th International Symposium on, 2014.
  10. S.-Y. Ji, B.-K. Jeong, S. Choi and D. H. Jeong, "A multi-level intrusion detection method for abnormal network behaviors," Journal of Network and Computer Applications, vol. 62, pp. 9-17, 2016. https://doi.org/10.1016/j.jnca.2015.12.004
  11. C. Thomas, "Improving intrusion detection for imbalanced network traffic," Security and Communication Networks, vol. 6, pp. 309-324, 2013. https://doi.org/10.1002/sec.564
  12. J. K. Bains, K. K. Kaki and K. Sharma, "Intrusion Detection System with Multi Layer using Bayesian Networks," International Journal of Computer Applications, vol. 67, 2013.
  13. M. Ahmed, A. N. Mahmood and J. Hu, "A survey of network anomaly detection techniques," Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016. https://doi.org/10.1016/j.jnca.2015.11.016
  14. W. Zong, G.-B. Huang and Y. Chen, "Weighted extreme learning machine for imbalance learning," Neurocomputing, vol. 101, pp. 229-242, 2013. https://doi.org/10.1016/j.neucom.2012.08.010
  15. R. Alejo, J. M. Sotoca and G. A. Casan, "An empirical study for the multi-class imbalance problem with neural networks," in Proc. of Iberoamerican Congress on Pattern Recognition, 2008.
  16. M. N. Abdurrazaq, B. Rahardjo and R. T. Bambang, "Improving performance of network scanning detection through PCA-based feature selection," in Proc. of Information Technology Systems and Innovation (ICITSI), 2014 International Conference on, 2014.
  17. S. Anu and K. P. M. Kumar, "Hybrid Network Intrusion Detection for DoS Attacks," Analysis (PCA), vol. 5, 2016.
  18. P. Laskov, P. Düssel, C. Schäfer and K. Rieck, "Learning intrusion detection: supervised or unsupervised?," in Proc. of International Conference on Image Analysis and Processing, 2005.
  19. R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas and Y.-L. He, "Fuzziness based semisupervised learning approach for intrusion detection system," Information Sciences, vol. 378, pp. 484-497, 2017. https://doi.org/10.1016/j.ins.2016.04.019
  20. W. L. Al-Yaseen, Z. A. Othman and M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Systems with Applications, vol. 67, pp. 296-303, 2017. https://doi.org/10.1016/j.eswa.2016.09.041
  21. J. M. Fossaceca, T. A. Mazzuchi and S. Sarkani, "MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, 2015. https://doi.org/10.1016/j.eswa.2014.12.040
  22. C. C. Aggarwal, Data mining: the textbook, Springer, 2015.
  23. M. Tavallaee, E. Bagheri, W. Lu and A.-A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proc. of Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009, 2009.
  24. I. Homoliak, D. Breitenbacher and P. Hanacek, "Convergence Optimization of Backpropagation Artificial Neural Network Used for Dichotomous Classification of Intrusion Detection Dataset," Journal of Computers (JCP), vol. 12, pp. 143--155, 2017.
  25. "Wikipedia," July 2012. [Online]. Available: [Accessed 9 2 2017].
  26. C.-C. Chang and C.-J. Lin, "LIBSVM: a library for support vector machines," ACM Transactions on Intelligent Systems and Technology (TIST), vol. 2, p. 27, 2011.
  27. C. Cortes and V. Vapnik, "Support-vector networks," Machine learning, vol. 20, pp. 273-297, 1995.
  28. H. Daume III, "A course in Machine Learning," Publisher, ciml.info , vol. 5, p. 69, 2012.

Cited by

  1. Deep learning algorithms for cyber security applications: A survey vol.29, pp.5, 2018, https://doi.org/10.3233/jcs-200095