An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests

被引：0

作者：

Ren J. ^{[1
,2
]}

Liu X. ^{[1
,2
]}

Wang Q. ^{[1
,2
]}

He H. ^{[1
,2
]}

Zhao X. ^{[3
,4
]}

机构：

[1] School of Information Science and Engineering, Yanshan University, Qinhuangdao, 066001, Hebei

[2] Hebei Key Laboratory of Software Engineering, Yanshan University, Qinhuangdao, 066001, Hebei

[3] School of Software, Beijing Institute of Technology, Beijing

[4] Beijing Key Laboratory of Software Security Engineering Technology, Beijing Institute of Technology, Beijing

来源：

Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2019年 / 56卷 / 03期

基金：

中国国家自然科学基金;

关键词：

Intrusion detection system; KNN outlier detection; Multi-level; Network security; Random forests model;

D O I：

10.7544/issn1000-1239.2019.20180063

中图分类号：

学科分类号：

摘要：

Intrusion detection system can efficiently detect attack behaviors, which will do great damage for network security. Currently many intrusion detection systems have low detection rates in these abnormal behaviors Probe (probing), U2R (user to root) and R2L (remote to local). Focusing on this weakness, a new hybrid multi-level intrusion detection method is proposed to identify network data as normal or abnormal behaviors. This method contains KNN (K nearest neighbors) outlier detection algorithm and multi-level random forests (RF) model, called KNN-RF. Firstly KNN outlier detection algorithm is applied to detect and delete outliers in each category and get a small high-quality training dataset. Then according to the similarity of network traffic, a new method of the division of data categories is put forward and this division method can avoid the mutual interference of anomaly behaviors in the detection process, especially for the detecting of the attack behaviors of small traffic. Based on this division, a multi-level random forests model is constructed to detect network abnormal behaviors and improve the efficiency of detecting known and unknown attacks. The popular KDD (knowledge discovery and data mining) Cup 1999 dataset is used to evaluate the performance of the proposed method. Compared with other algorithms, the proposed method is significantly superior to other algorithms in accuracy and detection rate, and can detect Probe, U2R and R2L effectively. © 2019, Science Press. All right reserved.

引用

页码：566 / 575

页数：9

共 19 条

[1] Lee W., Stolfo S.J., Mok K.W., A data mining framework for building intrusion detection models, Proc of the 20th IEEE Symp on Security & Privacy, pp. 120-132, (1999)
[2] Roesch M., Snort-lightweight intrusion detection for networks, Proc of the 13th USENIX Conf on System Administration, pp. 229-238, (1999)
[3] Om H., Kundu A., A hybrid system for reducing the false alarm rate of anomaly intrusion detection system, Proc of the 1st Int Conf on Recent Advances in Information Technology, pp. 131-136, (2012)
[4] Raman M.R.G., Somu N., Kirthivasan K., Et al., An efficient intrusion detection system based on hypergraph-genetic algorithm for parameter optimization and feature selection in support vector machine, Knowledge-Based Systems, 134, pp. 1-12, (2017)
[5] Khammassi C., Krichen S., A GA-LR wrapper approach for feature selection in network intrusion detection, Computers & Security, 70, pp. 255-277, (2017)
[6] Aljawarneh S., Aldwairi M., Yassein M.B., Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model, Journal of Computational Science, 25, pp. 152-160, (2018)
[7] George A., Anomaly detection based on machine learning dimensionality reduction using PCA and classification using SVM, International Journal of Computer Applications, 47, 21, pp. 5-8, (2012)
[8] Hashem S.H., Efficiency of SVM and PCA to enhance intrusion detection system, Journal of Asian Scientific Research, 3, 4, pp. 381-395, (2013)
[9] Cheng X., Yu H., Li Z., Improved K-means network intrusion detection algorithm, Intelligent Computer & Applications, 2, 2, pp. 21-23, (2012)
[10] Alyaseen W.L., Othman Z.A., Nazri M.Z.A., Hybrid modified K-means with C4.5 for intrusion detection systems in multiagent systems, The Scientific World Journal, 2015, 2, (2015)

← 1 2 →