تشخیص نفوذ شبکه با استفاده از رویکرد ترکیبی مدل مخفی مارکوف و یادگیری ماشین مفرط

نویسندگان

دانشکده فنی و مهندسی - دانشگاه آزاد اسلامی واحد مشهد

چکیده

با رشد فناوری اطلاعات، امنیت شبکه به‌عنوان یکی از مباحث چالش‌برانگیز مطرح است. تکنیک‌های تشخیص نفوذ مبتنی بر ناهنجاری یک فناوری ارزشمند برای حفاظت از شبکه‌ها در برابر فعالیت‌های مخرب است. در این مقاله رویکردی جدید مبتنی بر مدل مخفی مارکوف (HMM) و ماشین یادگیری مفرط (ELM) جهت تشخیص نفوذ ارائه شده است. در مدل پیشنهادی، داده‌هایی که از ترافیک شبکه جمع‌آوری شده‌اند، ابتدا پیش‌پردازش می‌شوند. سپس دنباله مشاهدات، به HMM داده می‌شود و مدل با الگوریتم بام-ولچ آموزش می‌بیند. در مرحله شناسایی نفوذ با اعمال الگوریتم ویتربی بر روی مشاهدات به‌دست‌آمده، محتمل‌ترین دنباله حالات استخراج می‌شوند. در مرحله بعد، دنباله حالات به‌عنوان ورودی برای شبکه ELM در نظر گرفته می‌شوند و دسته‌بند داده‌های جدید را با توجه به آنچه آموزش‌دیده به یکی از کلاس‌های نرمال یا حمله نسبت می‌دهد. مجموعه داده مورداستفاده Darpa98 می‌باشد که داده‌های ترافیک شبکه است. مشکلاتی همچون ناکافی‌بودن داده‌های آموزش و اثر کاهش نمونه‌های آموزشی بر صحت نهایی در این مجموعه داده مورد آزمایش قرار گرفته است، که مدل پیشنهادی نتایج بهتری نسبت به روش‌های پیشین ارائه کرده است. آزمایش‌ها نشان می‌دهد که این رویکرد توانسته نسبت به سایر روش‌ها نرخ صحت بالاتر و نرخ مثبت کاذب کمتری را حاصل نماید و کارایی تشخیص نفوذ را بهبود بخشد.

کلیدواژه‌ها

عنوان مقاله [English]

Network Intrusion Detection using a Hybrid of Hidden Markov Model and Extreme Learning Machine

نویسندگان [English]

  • M. Najjar
  • M. H. Moattar
Computer Engineering Department, Mashhad branch, Islamic Azad University, Mashhad, Iran
چکیده [English]

With the growth of information technology, network security is raised as one of the most important issues and challenges. Anomaly-based intrusion detection system is a valuable technology for network protection against malicious activities. In this paper a new approach is proposed based on hidden Markov model (HMM) and extreme learning machine (ELM) for intrusion detection. In the proposed model, the data that have been collected from network traffic are preprocessed at first. Then, the sequence of observations, are fed into HMM and the model is trained using Baum-Welch algorithm. In the recognition phase, Viterbi algorithm is used and the optimal state sequences are extracted from the input observations. Then, the sequence of states is considered as the input of ELM network and classified to normal or attack classes. Darpa98 dataset which is network trafic data is used to evaluate the approach. We evaluated the approach on this data set for challenges such as insufficient training data and the effect of training samples insufficiency, for which the proposed model provided satisfacory results. Experiments show that our approach has higher accuracy and lower false positive as compared with other methods and the accuracy of the proposed intrusion detection system is 98 percent.

کلیدواژه‌ها [English]

  • Intrusion detection systems
  • Hidden markov model
  • Viterbi algorithm
  • Feedforward neural network
  • Extreme learning machine

مراجع

[1] J. Cannady, “Artificial neural networks for misuse detection, ” National information systems security conference, pp. 368-81, 1998.
[2] S. E. Smaha, “Haystack: An intrusion detection system,” Aerospace Computer Security Applications Conference, pp. 37-44, 1988.
[3] M. Panda and M. R. Patra, “Mining association rules for constructing a network intrusion detection model,” International journal of applied engineering research, vol. 4, pp. 381-98, 2009.
[4] J. P. Anderson, Computer Security Threat Monitoring and Surveillance, Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, 1980.
[5] E.D. Denning, “An intrusion detection model,” Seventh IEEE Symposium on Security and Privacy, pp. 119–131, 1986.
[6] رحیم بجانی, محمد کلانتری و امیرمسعود افتخاری مقدم, «ارائه چهارچوبی مبتنی بر نظریه بازی‌ها برای جلب مشارکت گره‌ها در فرآیند شناسایی گره‌های مخرب در شبکه‌های حسگر بی‌سیم»، مجله مهندسی برق دانشگاه تبریز، مقاله آماده انتشار، انتشار آنلاین از تاریخ 3 شهریور 1396.
[7] R. S. Naoum, N. A. Abid and Z. N. Al-Sultani, "An enhanced resilient backpropagation artificial neural network for intrusion detection system," International Journal of Computer Science and Network Security (IJCSNS), vol. 12, pp. 11-16, 2012.
[8] L. Koc, T. A. Mazzuchi, and S. Sarkani, "A network intrusion detection system based on a hidden naïve bayes multiclass classifier," Expert Systems with Applications, vol. 39, pp.13492-13500, 2012.
[9] مسعود فرکی و مازیار پالهنگ. «بازشناسی برخط حروف فارسی بر پایه مدل مخفی مارکوف»، مجله مهندسی برق دانشگاه تبریز, 40(1), 23-34، 1389.
[10] R. Khanna and H. Liu, "System approach to intrusion detection using hidden markov model,” International conference on Wireless communications and mobile computing, pp. 349-354,2006.
[11] R. Jain and N. S. Abouzakhar, “Hidden markov model based anomaly intrusion detection,” International Conference of Internet Technology And Secured Transactions, pp. 528-533, 2012.
[12] J. C. Badajena and C. Rout, “Incorporating hidden markov model into anomaly detection technique for network intrusion detection,” International Journal of Computer Applications, vol. 53, No. 11, pp. 42-47, 2012.
[13] S. Selim, M. Hashem and T. M. Nazmy, “Intrusion detection using multi-stage neural network,” International Journal of Computer Science and Information Security, vol. 8, No. 4, pp. 14-20, 2010.
[14] C. Cheng, W. P. Tay and G.-B. Huang, “Extreme learning machines for intrusion detection,” International Joint Conference on Neural Networks (IJCNN), pp. 1-8, 2012.
[15] G. Creech and F. Jiang, “The application of extreme learning machines to the network intrusion detection problem,” International Conference of Numerical Analysis and Applied Mathematics, pp. 1506-1511, 2012.
[16] S. Dhopte and M. Chaudhari, “Genetic algorithm for intrusion detection system,” IJRIT International Journal of Research in Information Technology, vol. 2, pp. 503-509, 2014.
[17] Y. B. Bhavsar and K. C. Waghmare, "Intrusion detection system using data mining technique: support vector machine," International Journal of Emerging Technology and Advanced Engineering, vol. 3, pp. 581-586, 2013.
[18] M. Govindarajan and R. Chandrasekaran, “Intrusion detection using k-Nearest Neighbor,” International Conference of Advanced Computing, pp. 13-20, 2009.
[19] M. Khosronejad, E. Sharififar, H. A. Torshizi and M. Jalali, "Developing a hybrid method of hidden markov models and c5.0 as a intrusion detection system," International Journal of Database Theory and Application, vol. 6, pp. 165-174, 2013.
[20] D. Ariu, R. Tronci and G. Giacinto, "HMMPayl: An intrusion detection system based on hidden markov models," computers & security, vol. 30, pp. 221-241, 2011.
[21] N. Devarakonda, S. Pamidi, V. V. Kumari and A. Govardhan, "Intrusion detection system using bayesian network and hidden markov model," Procedia Technology, vol. 4, pp. 506-514, 2012.
[22] J. M. Fossaceca, T. A. Mazzuchi and S. Sarkani, "MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, 2015.
[23]  F. Kuang, W. Xu and S. Zhang, "A novel hybrid kpca and svm with ga model for intrusion detection," Applied oft Computing, vol. 18, pp. 178-184, 2014.
[24] A. Chandrasekhar and K. Raghuveer, “Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers,” International Conference Computer Communication and Informatics, pp. 1-7, 2013.
[25] “KDD Cup Dataset.” http://kdd.ics.uci.edu/databases/kddcup99/
[26] W. L. Al‐Yaseen, Z. A. Othman and M.A.A. Nazri, “Multi‐level hybrid support vector machine and extreme learning machine based on modified K‐means for intrusion detection system,” Expert Syst. Appl, vol. 67, pp. 296‐303, 2017.
[27] E. De la Hoz, E. De la Hoz, A. Ortiz, J. Ortega and B. Prieto, “PCA filtering and probabilistic SOM for network intrusion detection” Neurocomputing, vol. 164, pp. 71–81, 2015.
[28] W. Feng, Q. Zhang, G. Hu and J.X. Huang, “Mining network data for intrusion detection through combining SVMs with ant colony networks,” Future Generation Computer Systems, vol. 37, pp. 127–140, 2014.
[29] R.A.R. Ashfaq, X.Z. Wang, J.Z. Huang, H. Abbas and Y.L. He, “Fuzziness based semi-supervised learning approach for intrusion detection system,” Information Sciences, vol. 378, pp. 484–497, 2017.
[30] P. Saini and S. Godara, "Modelling intrusion detection system using hidden markov model: a review," International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 4, pp. 542-547, 2014.
[31] "Darpa1998 Dataset." Available: http://www.ll.mit.edu/ ideval/ data/

فایل ها

هم رسانی

ارجاع به این مقاله

آمار