A hybrid machine learning method for increasing the performance of network intrusion detection systems
Abstract The internet has grown enormously for many years. It is not just connecting computer networks but also a group of devices worldwide involving big data. The internet provides an opportunity to make various innovations for any sector, such as education, health, public facility, financial tech...
Guardado en:
| Autores principales: | , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
SpringerOpen
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/b5d8dd21db6844dea6dc47ca17b98505 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:b5d8dd21db6844dea6dc47ca17b98505 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:b5d8dd21db6844dea6dc47ca17b985052021-11-07T12:02:36ZA hybrid machine learning method for increasing the performance of network intrusion detection systems10.1186/s40537-021-00531-w2196-1115https://doaj.org/article/b5d8dd21db6844dea6dc47ca17b985052021-11-01T00:00:00Zhttps://doi.org/10.1186/s40537-021-00531-whttps://doaj.org/toc/2196-1115Abstract The internet has grown enormously for many years. It is not just connecting computer networks but also a group of devices worldwide involving big data. The internet provides an opportunity to make various innovations for any sector, such as education, health, public facility, financial technology, and digital commerce. Despite its advantages, the internet may contain dangerous activities and cyber-attacks that may happen to anyone connected through the internet. To detect any cyber-attack intrudes on the network system, an intrusion detection system (IDS) is applied, which can identify those incoming attacks. The intrusion detection system works in two mechanisms: signature-based detection and anomaly-based detection. In anomaly-based detection, the quality of the machine learning model obtained is influenced by the data training process. The biggest challenge of machine learning methods is how to build an appropriate model to represent the dataset. This research proposes a hybrid machine learning method by combining the feature selection method, representing the supervised learning and data reduction method as the unsupervised learning to build an appropriate model. It works by selecting relevant and significant features using feature importance decision tree-based method with recursive feature elimination and detecting anomaly/outlier data using the Local Outlier Factor (LOF) method. The experimental results show that the proposed method achieves the highest accuracy in detecting R2L (i.e., 99.89%) and keeps higher for other attack types than most other research in the NSL-KDD dataset. Therefore, it has a more stable performance than the others. More challenges are experienced in the UNSW-NB15 dataset with binary classes.Achmad Akbar MegantaraTohari AhmadSpringerOpenarticleIntrusion detection systemFeature selectionData reductionDecision treeLocal Outlier FactorNetwork securityComputer engineering. Computer hardwareTK7885-7895Information technologyT58.5-58.64Electronic computers. Computer scienceQA75.5-76.95ENJournal of Big Data, Vol 8, Iss 1, Pp 1-19 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Intrusion detection system Feature selection Data reduction Decision tree Local Outlier Factor Network security Computer engineering. Computer hardware TK7885-7895 Information technology T58.5-58.64 Electronic computers. Computer science QA75.5-76.95 |
| spellingShingle |
Intrusion detection system Feature selection Data reduction Decision tree Local Outlier Factor Network security Computer engineering. Computer hardware TK7885-7895 Information technology T58.5-58.64 Electronic computers. Computer science QA75.5-76.95 Achmad Akbar Megantara Tohari Ahmad A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| description |
Abstract The internet has grown enormously for many years. It is not just connecting computer networks but also a group of devices worldwide involving big data. The internet provides an opportunity to make various innovations for any sector, such as education, health, public facility, financial technology, and digital commerce. Despite its advantages, the internet may contain dangerous activities and cyber-attacks that may happen to anyone connected through the internet. To detect any cyber-attack intrudes on the network system, an intrusion detection system (IDS) is applied, which can identify those incoming attacks. The intrusion detection system works in two mechanisms: signature-based detection and anomaly-based detection. In anomaly-based detection, the quality of the machine learning model obtained is influenced by the data training process. The biggest challenge of machine learning methods is how to build an appropriate model to represent the dataset. This research proposes a hybrid machine learning method by combining the feature selection method, representing the supervised learning and data reduction method as the unsupervised learning to build an appropriate model. It works by selecting relevant and significant features using feature importance decision tree-based method with recursive feature elimination and detecting anomaly/outlier data using the Local Outlier Factor (LOF) method. The experimental results show that the proposed method achieves the highest accuracy in detecting R2L (i.e., 99.89%) and keeps higher for other attack types than most other research in the NSL-KDD dataset. Therefore, it has a more stable performance than the others. More challenges are experienced in the UNSW-NB15 dataset with binary classes. |
| format |
article |
| author |
Achmad Akbar Megantara Tohari Ahmad |
| author_facet |
Achmad Akbar Megantara Tohari Ahmad |
| author_sort |
Achmad Akbar Megantara |
| title |
A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| title_short |
A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| title_full |
A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| title_fullStr |
A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| title_full_unstemmed |
A hybrid machine learning method for increasing the performance of network intrusion detection systems |
| title_sort |
hybrid machine learning method for increasing the performance of network intrusion detection systems |
| publisher |
SpringerOpen |
| publishDate |
2021 |
| url |
https://doaj.org/article/b5d8dd21db6844dea6dc47ca17b98505 |
| work_keys_str_mv |
AT achmadakbarmegantara ahybridmachinelearningmethodforincreasingtheperformanceofnetworkintrusiondetectionsystems AT tohariahmad ahybridmachinelearningmethodforincreasingtheperformanceofnetworkintrusiondetectionsystems AT achmadakbarmegantara hybridmachinelearningmethodforincreasingtheperformanceofnetworkintrusiondetectionsystems AT tohariahmad hybridmachinelearningmethodforincreasingtheperformanceofnetworkintrusiondetectionsystems |
| _version_ |
1718443570210275328 |