Applying a Neural Network Ensemble to Intrusion Detection

Open access


An intrusion detection system (IDS) is an important feature to employ in order to protect a system against network attacks. An IDS monitors the activity within a network of connected computers as to analyze the activity of intrusive patterns. In the event of an ‘attack’, the system has to respond appropriately. Different machine learning techniques have been applied in the past. These techniques fall either into the clustering or the classification category. In this paper, the classification method is used whereby a neural network ensemble method is employed to classify the different types of attacks. The neural network ensemble method consists of an autoencoder, a deep belief neural network, a deep neural network, and an extreme learning machine. The data used for the investigation is the NSL-KDD data set. In particular, the detection rate and false alarm rate among other measures (confusion matrix, classification accuracy, and AUC) of the implemented neural network ensemble are evaluated.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Cyber security last retrieved in 2018.

  • [2] W. Stallings Network security essentials: applications and standards 5th edition Pearson 2013.

  • [3] Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise last retrieved in 2018.

  • [4] K. Scarfone and P. Mell Guide to Intrusion Detection and Prevention Systems Recommendations (IDPS) National Institute of Standards and Technology NIST Spec. Publ. 800-97 2007.

  • [5] B. C. Rhodes J. A. Mahaffey J. D. Cannady Multiple self-organizing maps for intrusion detection 23rd national information systems security conference 2000.

  • [6] P. O. Kane S. Sezer K. McLaughlin Obfuscation: the hidden malware IEEE Security & Privacy 9 (5) 41-47 2011.

  • [7] G. Gu P. Porras V. Yegneswaran M. Fong W. Lee Bothunter: Detecting malware infection through ids-driven dialog correlation in: Proceedings of 16th USENIX Security Symposium USENIX Association 2007.

  • [8] G. Gu R. Perdisci J. Zhang W. Lee et al. Botminer: Clustering analysis of network trace for protocol-and structure-independent botnet detection. in: USENIX Security Symposium pp. 139-154 2008.

  • [9] G. Gu J. Zhang W. Lee Botsniffer: Detecting botnet command and control channels in network trace in: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08) 2008.

  • [10] V. Julien Suricata ids Tech. rep. Open Information Security Foundation (OISF) available online: last retrieved in 2018.

  • [11] M. Roesch Snort: Lightweight intrusion detection for networks. in: LISA pp. 229-238 1999.

  • [12] V. Paxson Bro: a system for detecting network intruders in real-time Computer networks 31 (23) 2435-2463 1999.

  • [13] D. M. Chess S. R. White Undetectable computer viruses in: Virus Bulletin pp. 107-115 2000.

  • [14] R. Vaarandi K. Podins Network ids alert classifi-cation with frequent itemset mining and data clustering in: Network and Service Management (CNSM) 2010 International Conference on IEEE pp. 451-456 2010.

  • [15] M. Tavallaee E. Bagheri W. Lu and A. Ghorbani A Detailed Analysis of the KDD CUP 99 Data Set IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) 2009.

  • [16] S. A. Ludwig Intrusion Detection of Multiple Attack Classes using a Deep Neural Net Ensemble IEEE Symposium Series on Computational Intelligence (SSCI) Honolulu HI USA October 2017.

  • [17] I. Chairunnisa Lukas and H. D. Widiputra. Clustering base intrusion detection for network profiling using k-means ecm and k-nearest neighbor algorithms. In Konferensi Nasional Sistem dan Informatika 2009.

  • [18] S. Zanero and S. M. Savaresi. Unsupervised learning techniques for an intrusion detection system. In SAC ’04: Proceedings of the 2004 ACM symposium on Applied computing pages 412-419 New York NY USA 2004.

  • [19] A. Ali A. Saleh and T. Ramdan. Multilayer perceptrons networks for an intelligent adaptive intrusion detection system. International Journal of Computer Science and Network Security 10(2) 2010.

  • [20] N. Gornitz M. Kloft K. Rieck and U. Brefeld. Active learning for network intrusion detection. In 2nd ACM workshop on security and artificial intelligence pp. 47-54 2009.

  • [21] M. Kloft U. Brefeld P. Dussel C. Gehl and P. Laskov. Automatic feature selection for anomaly detection. In AISEC 2008 pp. 71-76 2008.

  • [22] R. Chitrakar and C. Huang Selection of candidate support vectors in incremental SVM for network intrusion detection Computers & Security vol. 45 pp. 231-241 2014.

  • [23] F. Giroire J. Chandrashekar G. Iannaccone K. Papagiannaki E. M. Schooler and N. Taft. The cubicle vs. the coffee shop: Behavioral modes in enterprise end-users. In Proceedings of the 2008 Passive and Active Measurement Conference pages 202-211 Springer 2008.

  • [24] M. Pillai J. Eloff and H. Venter. An approach to implement a network intrusion detection system using genetic algorithms. In Proceedings of South African Institute of Computer Scientists and Information Technologists pp. 221-228 Western Cape South Africa 2004.

  • [25] G. E. Hinton S. Osindero and Y.-W. Teh A fast learning algorithm for deep belief nets Neural computation vol. 18 pp. 1527-1554 2006.

  • [26] R. Salakhutdinov and G. E. Hinton Deep boltzmann machines International conference on artifi-cial intelligence and statistics 2009.

  • [27] M. Z. Alom V. Bontupalli and T. M. Taha Intrusion detection using deep belief networks 2015 National Aerospace and Electronics Conference (NAE-CON) Dayton OH 2015.

  • [28] K. Alrawashdeh and C. Purdy Toward an Online Anomaly Intrusion Detection System Based on Deep Learning 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA) Anaheim CA 2016.

  • [29] Y. Li R. Ma R. Jiao A Hybrid Malicious Code Detection Method based on Deep Learning International Journal of Security and Its Applications vol. 9 no. 5 2015.

  • [30] Y. Liu and X. Zhang Intrusion Detection Based on IDBM 2016 IEEE 14th Intl Conf on Dependable Autonomic and Secure Computing Auckland 2016.

  • [31] S. Potluri and C. Diedrich Accelerated deep neural networks for enhanced Intrusion Detection System 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA) Berlin 2016.

  • [32] T. A. Tang L. Mhamdi D. McLernon S. A. Raza Zaidi M. Ghogho Deep learning approach for Network Intrusion Detection in Software Defined Networking 2016 International Conference on Wireless Networks and Mobile Communications (WIN-COM) Fez Morocco 2016.

  • [33] W. Lee S. J. Stolfo A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security 3:227-261 2000.

  • [34] B. V. Dasarathy and B. V. Sheela Composite classifier system design: concepts and methodology Proceedings of the IEEE vol. 67 no. 5 pp. 708-713 1979.

  • [35] L. K. Hansen and P. Salamon Neural network ensembles IEEE Transactions on Pattern Analysis and Machine Intelligence vol. 12 no. 10 pp. 993-1001 1990.

  • [36] R. E. Schapire The Strength of Weak Learnability Machine Learning vol. 5 no. 2 pp. 197-227 1990.

  • [37] A. Javaid Q. Niyaz W. Sun and M. Alam A Deep Learning Approach for Network Intrusion Detection System. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies Brussels Belgium 2016.

  • [38] D. P. Kingma J. Ba Adam: A Method for Stochastic Optimization Proceedings of the 3rd International Conference on Learning Representations (ICLR) 2014.

  • [39] G.-B. Huang Q.-Y. Zhu and C.-K. Siew Extreme learning machine: theory and applications Neurocomputing vol. 70 no. 1-3 pp. 489-501 2006.

  • [40] G.-B. Huang L. Chen and C.-K. Siew Universal approximation using incremental constructive feed- forward networks with random hidden nodes IEEE Transactions on Neural Networks vol. 17 no. 4 pp. 879-892 2006.

  • [41] A. Ozgur H. Erdem A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015 (Version 1) PeerJ Preprints 2016.

  • [42] DARPA Intrusion Detection Data Set 1998.

  • [43] R. Sommer V. Paxson Outside the closed world: On using machine learning for network intrusion detection Proceedings of the 2010 IEEE Symposium on Security and Privacy IEEE Computer Society Washington DC USA 2010.

  • [44] N. V. Chawla N. Japkowicz A. Kotcz Editorial: Special Issue on Learning from Imbalanced Data Sets SIGKDD Explor. Newsl. vol. 6 no. 1 pp. 1-6 2014.

Journal information
Impact Factor

CiteScore 2018: 4.70

SCImago Journal Rank (SJR) 2018: 0.351
Source Normalized Impact per Paper (SNIP) 2018: 4.066

Cited By
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 826 826 61
PDF Downloads 659 659 76