Network Intrusion Detection using a Hybrid of Hidden Markov Model and Extreme Learning Machine

Authors

Computer Engineering Department, Mashhad branch, Islamic Azad University, Mashhad, Iran

Abstract

With the growth of information technology, network security is raised as one of the most important issues and challenges. Anomaly-based intrusion detection system is a valuable technology for network protection against malicious activities. In this paper a new approach is proposed based on hidden Markov model (HMM) and extreme learning machine (ELM) for intrusion detection. In the proposed model, the data that have been collected from network traffic are preprocessed at first. Then, the sequence of observations, are fed into HMM and the model is trained using Baum-Welch algorithm. In the recognition phase, Viterbi algorithm is used and the optimal state sequences are extracted from the input observations. Then, the sequence of states is considered as the input of ELM network and classified to normal or attack classes. Darpa98 dataset which is network trafic data is used to evaluate the approach. We evaluated the approach on this data set for challenges such as insufficient training data and the effect of training samples insufficiency, for which the proposed model provided satisfacory results. Experiments show that our approach has higher accuracy and lower false positive as compared with other methods and the accuracy of the proposed intrusion detection system is 98 percent.

Keywords


[1] J. Cannady, “Artificial neural networks for misuse detection, ” National information systems security conference, pp. 368-81, 1998.
[2] S. E. Smaha, “Haystack: An intrusion detection system,” Aerospace Computer Security Applications Conference, pp. 37-44, 1988.
[3] M. Panda and M. R. Patra, “Mining association rules for constructing a network intrusion detection model,” International journal of applied engineering research, vol. 4, pp. 381-98, 2009.
[4] J. P. Anderson, Computer Security Threat Monitoring and Surveillance, Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, 1980.
[5] E.D. Denning, “An intrusion detection model,” Seventh IEEE Symposium on Security and Privacy, pp. 119–131, 1986.
[6] رحیم بجانی, محمد کلانتری و امیرمسعود افتخاری مقدم, «ارائه چهارچوبی مبتنی بر نظریه بازی‌ها برای جلب مشارکت گره‌ها در فرآیند شناسایی گره‌های مخرب در شبکه‌های حسگر بی‌سیم»، مجله مهندسی برق دانشگاه تبریز، مقاله آماده انتشار، انتشار آنلاین از تاریخ 3 شهریور 1396.
[7] R. S. Naoum, N. A. Abid and Z. N. Al-Sultani, "An enhanced resilient backpropagation artificial neural network for intrusion detection system," International Journal of Computer Science and Network Security (IJCSNS), vol. 12, pp. 11-16, 2012.
[8] L. Koc, T. A. Mazzuchi, and S. Sarkani, "A network intrusion detection system based on a hidden naïve bayes multiclass classifier," Expert Systems with Applications, vol. 39, pp.13492-13500, 2012.
[9] مسعود فرکی و مازیار پالهنگ. «بازشناسی برخط حروف فارسی بر پایه مدل مخفی مارکوف»، مجله مهندسی برق دانشگاه تبریز, 40(1), 23-34، 1389.
[10] R. Khanna and H. Liu, "System approach to intrusion detection using hidden markov model,” International conference on Wireless communications and mobile computing, pp. 349-354,2006.
[11] R. Jain and N. S. Abouzakhar, “Hidden markov model based anomaly intrusion detection,” International Conference of Internet Technology And Secured Transactions, pp. 528-533, 2012.
[12] J. C. Badajena and C. Rout, “Incorporating hidden markov model into anomaly detection technique for network intrusion detection,” International Journal of Computer Applications, vol. 53, No. 11, pp. 42-47, 2012.
[13] S. Selim, M. Hashem and T. M. Nazmy, “Intrusion detection using multi-stage neural network,” International Journal of Computer Science and Information Security, vol. 8, No. 4, pp. 14-20, 2010.
[14] C. Cheng, W. P. Tay and G.-B. Huang, “Extreme learning machines for intrusion detection,” International Joint Conference on Neural Networks (IJCNN), pp. 1-8, 2012.
[15] G. Creech and F. Jiang, “The application of extreme learning machines to the network intrusion detection problem,” International Conference of Numerical Analysis and Applied Mathematics, pp. 1506-1511, 2012.
[16] S. Dhopte and M. Chaudhari, “Genetic algorithm for intrusion detection system,” IJRIT International Journal of Research in Information Technology, vol. 2, pp. 503-509, 2014.
[17] Y. B. Bhavsar and K. C. Waghmare, "Intrusion detection system using data mining technique: support vector machine," International Journal of Emerging Technology and Advanced Engineering, vol. 3, pp. 581-586, 2013.
[18] M. Govindarajan and R. Chandrasekaran, “Intrusion detection using k-Nearest Neighbor,” International Conference of Advanced Computing, pp. 13-20, 2009.
[19] M. Khosronejad, E. Sharififar, H. A. Torshizi and M. Jalali, "Developing a hybrid method of hidden markov models and c5.0 as a intrusion detection system," International Journal of Database Theory and Application, vol. 6, pp. 165-174, 2013.
[20] D. Ariu, R. Tronci and G. Giacinto, "HMMPayl: An intrusion detection system based on hidden markov models," computers & security, vol. 30, pp. 221-241, 2011.
[21] N. Devarakonda, S. Pamidi, V. V. Kumari and A. Govardhan, "Intrusion detection system using bayesian network and hidden markov model," Procedia Technology, vol. 4, pp. 506-514, 2012.
[22] J. M. Fossaceca, T. A. Mazzuchi and S. Sarkani, "MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, 2015.
[23]  F. Kuang, W. Xu and S. Zhang, "A novel hybrid kpca and svm with ga model for intrusion detection," Applied oft Computing, vol. 18, pp. 178-184, 2014.
[24] A. Chandrasekhar and K. Raghuveer, “Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers,” International Conference Computer Communication and Informatics, pp. 1-7, 2013.
[25] “KDD Cup Dataset.” http://kdd.ics.uci.edu/databases/kddcup99/
[26] W. L. Al‐Yaseen, Z. A. Othman and M.A.A. Nazri, “Multi‐level hybrid support vector machine and extreme learning machine based on modified K‐means for intrusion detection system,” Expert Syst. Appl, vol. 67, pp. 296‐303, 2017.
[27] E. De la Hoz, E. De la Hoz, A. Ortiz, J. Ortega and B. Prieto, “PCA filtering and probabilistic SOM for network intrusion detection” Neurocomputing, vol. 164, pp. 71–81, 2015.
[28] W. Feng, Q. Zhang, G. Hu and J.X. Huang, “Mining network data for intrusion detection through combining SVMs with ant colony networks,” Future Generation Computer Systems, vol. 37, pp. 127–140, 2014.
[29] R.A.R. Ashfaq, X.Z. Wang, J.Z. Huang, H. Abbas and Y.L. He, “Fuzziness based semi-supervised learning approach for intrusion detection system,” Information Sciences, vol. 378, pp. 484–497, 2017.
[30] P. Saini and S. Godara, "Modelling intrusion detection system using hidden markov model: a review," International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 4, pp. 542-547, 2014.
[31] "Darpa1998 Dataset." Available: http://www.ll.mit.edu/ ideval/ data/