Performance Analysis of Multi-level Hybrid Random Forest and Support Vector Machine based on K-means for Feature Reduced Intrusion Detection
There is drastic increase in needs of networking and data sharing in today's world. Such globalization of increased information technology and development there exists need of network security. Firewalls may provide some level of security but they never alert administrator for upcoming attacks. In order to find such abnormal behavior of network packets there is need of reliable detection system for improvement of efficiency and accuracy. As in today's developing network environment there is threat of new type of attacks daily in the network. So, the network administration system is also needed to be updated regularly for upgradation of security level. One of the network packet monitoring system is Intrusion detection systems (IDS). The proposed model is designed using machine learning approach for detection of malicious activities of the network packets. For that KDD-99 dataset is used. First of all the dataset is normalized for reducing calculation complexity, further features are reduced using co-relation algorithm. The reduced features determine that only efficient features can be used for malicious behavior detection. From result analysis it is seen that while selecting 15 features using co-relation outperforms best. After feature reduction data clustering is performed using k-mean clustering algorithm. By using clustering, small datasets is built that represents the entire original dataset which can expressively reduce the training time of classifiers and improve the efficiency. In final step of proposed algorithm multilevel hybrid classifiers, based on support vector machine, extreme learning machine and random forest, are designed for classification of dataset into five attack categories i.e. DOS, U2R, R2L, Probe and Normal. As compared to some other multilevel classifier work the proposed algorithm proves its efficiency in terms of high accuracy, high detection rate and false alarm rate (FAR).
KeywordsIntrusion Detection, Feature Reduction, Correlation, Particle Swarm Optimization, Genetic Algorithm, Multilevel Classifiers.
 J. Ryan, M. Lin and R. Miikkulainen, "Intrusion detection with neural networks," Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press, 1998.
 A. K. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection," Proceedings of the 8thconference on USENIX Security Symposium, 1999, pp. 12-12.
 Y. Meng, "The practice on using machine learning for network anomaly intrusion detection," International Conference on Machine Learning and Cybernetics, Guilin, 2011, pp. 576-581.
 Manjula C. Belavagi and BalachandraMuniyal, "Performance evaluation of supervised machine learning algorithms for intrusion detection," Procedia Computer Science, vol. 89, 2016, pp. 117-123.
 Saad Mohamed Ali Mohamed Gadal and Rania A. Mokhtar, "Anomaly Detection Approach using Hybrid Algorithm of Data Mining Technique", International Conference on Communication, Control, Computing and Electronics Engineering, IEEE, 2017.
 S. M. A. M. Gadal and R. A. Mokhtar, "Anomaly detection approach using hybrid algorithm of data mining technique," 2017 International Conference on Communication, Control, Computing and Electronics Engineering (ICCCCEE), Khartoum, 2017, pp. 1-6.
 Shi-JinnHorng, Ming-Yang Su, Yuan-Hsin Chen, Tzong-Wann Kao, Rong-Jian Chen, Jui-Lin Lai and Citra Dwi Perkasa, "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert Systems with Applications, vol. 38, no. 1, 2011, pp. 306-313.
 F. Kuang, W. Xu and S. Zhang, "A novel hybrid KPCA and SVM with GA model for intrusion detection", Applied Soft Computing, vol. 18, 2014, pp. 178-184.
 M. E. KarsligEl, A. G. Yavuz, M. A. Guvensan, K. Hanifi and H. Bank, "Network intrusion detection using machine learning anomaly detection algorithms," 25thSignal Processing and Communications Applications Conference (SIU), Antalya, 2017, pp. 1-4.
 WathiqLaftah Al-Yaseen, Zulaiha Ali Othman and MohdZakree Ahmad Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system,"Expert Systems with Applications, vol. 67, 2017, pp. 296-303.
 SumaiyaThaseen Ikram and Aswani Kumar Cherukuri, "Intrusion detection model using fusion of chi-square feature selection and multi class SVM,"Journal of King Saud University -Computer and Information Sciences, vol. 29, no. 4, 2017, pp. 462-472.
 Y. Imamverdiyev and L. Sukhostat, "Anomaly detection in network traffic using extreme learning machine," 10thInternational Conference on Application of Information and Communication Technologies (AICT), Baku, 2016, pp. 1-4.
 ChunGuo, YuanPing, NianLiu and Shou-Shan Luo, "A two-level hybrid approach for intrusion detection," Neurocomputing, vol. 214,no. 19, 2016, pp. 391-400.
 Shelly Xiaonan WuWolf Gang Banzhaf, "The use of computational intelligence in intrusion detection systems: A review," Applied Soft Computing, vol. 10, no. 1, 2010, pp. 1-35.
 M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network anomaly detection: Methods, systems and tools," IEEE Communications Surveys and Tutorials, vol. 16, no. 1, 2014, pp. 303-336.