Anomaly-Based Network Intrusion Detection System through Feature Selection and Hybrid Machine Learning Technique

2018 16th International Conference on ICT and Knowledge Engineering (ICT&KE) Pub Date : 2018-11-01 DOI:10.1109/ICTKE.2018.8612331

Apichit Pattawaro, Chantri Polprasert

{"title":"Anomaly-Based Network Intrusion Detection System through Feature Selection and Hybrid Machine Learning Technique","authors":"Apichit Pattawaro, Chantri Polprasert","doi":"10.1109/ICTKE.2018.8612331","DOIUrl":null,"url":null,"abstract":"In this paper, we propose an anomaly-based network intrusion detection system based on a combination of feature selection, K-Means clustering and XGBoost classification model. We test the performance of our proposed system over NSL-KDD dataset using KDDTest+ dataset. A feature selection method based on attribute ratio (AR) [14] is applied to construct a reduced feature subset of NSL-KDD dataset. After applying K-Means clustering, hyperparameter tuning of each classification model corresponding to each cluster is implemented. Using only 2 clusters, our proposed model obtains accuracy equal to 84.41% with detection rate equal to 86.36% and false alarm rate equal to 18.20% for KDDTest+ dataset. The performance of our proposed model outperforms those obtained using the recurrent neural network (RNN)-based deep neural network and other tree-based classifiers. In addition, due to feature selection, our proposed model employs only 75 out of 122 features (61.47%) to achieve this level of performance comparable to those using full number of features to train the model.","PeriodicalId":342802,"journal":{"name":"2018 16th International Conference on ICT and Knowledge Engineering (ICT&KE)","volume":"44 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 16th International Conference on ICT and Knowledge Engineering (ICT&KE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTKE.2018.8612331","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

In this paper, we propose an anomaly-based network intrusion detection system based on a combination of feature selection, K-Means clustering and XGBoost classification model. We test the performance of our proposed system over NSL-KDD dataset using KDDTest+ dataset. A feature selection method based on attribute ratio (AR) [14] is applied to construct a reduced feature subset of NSL-KDD dataset. After applying K-Means clustering, hyperparameter tuning of each classification model corresponding to each cluster is implemented. Using only 2 clusters, our proposed model obtains accuracy equal to 84.41% with detection rate equal to 86.36% and false alarm rate equal to 18.20% for KDDTest+ dataset. The performance of our proposed model outperforms those obtained using the recurrent neural network (RNN)-based deep neural network and other tree-based classifiers. In addition, due to feature selection, our proposed model employs only 75 out of 122 features (61.47%) to achieve this level of performance comparable to those using full number of features to train the model.

查看原文本刊更多论文

基于特征选择和混合机器学习技术的异常网络入侵检测系统

本文提出了一种基于特征选择、K-Means聚类和XGBoost分类模型相结合的基于异常的网络入侵检测系统。我们使用KDDTest+数据集在NSL-KDD数据集上测试我们提出的系统的性能。采用基于属性比(AR)的特征选择方法[14]构建NSL-KDD数据集的约简特征子集。应用K-Means聚类后，对每个聚类对应的每个分类模型进行超参数调优。仅使用2个聚类，对于KDDTest+数据集，我们提出的模型准确率为84.41%，检测率为86.36%，误报率为18.20%。我们提出的模型的性能优于使用基于循环神经网络(RNN)的深度神经网络和其他基于树的分类器获得的性能。此外，由于特征选择，我们提出的模型仅使用122个特征中的75个(61.47%)来达到与使用全部特征训练模型相当的性能水平。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 16th International Conference on ICT and Knowledge Engineering (ICT&KE)

自引率

0.00%

发文量