A Novel Intrusion Detection Framework (IDF) using Machine Learning Methods

Journal of Cybersecurity and Information Management Pub Date : 1900-01-01 DOI:10.54216/jcim.100103

Shereen H. Ali

{"title":"A Novel Intrusion Detection Framework (IDF) using Machine Learning Methods","authors":"Shereen H. Ali","doi":"10.54216/jcim.100103","DOIUrl":null,"url":null,"abstract":"An intrusion detection system is a critical security feature that analyses network traffic in order to avoid serious unauthorized access to network resources. For securing networks against potential breaches, effective intrusion detection is critical. In this paper, a novel Intrusion Detection Framework (IDF) is proposed. The three modules that comprise the suggested IDF are: (i) Data Pre-processing Module (DPM), (ii) Feature Selection Module (FSM), and Classification Module (CM). DPM collects and processes network traffic in order to prepare data for training and testing. The FSM seeks to identify the key elements for recognizing DPM intrusion attempts. An Improved Particle Swarm Optimization is used (IPSO). IPSO is a hybrid method that uses both filter and wrapper approaches to generate accurate and relevant information for the classification step that follows. Primary Selection Phase (PSP) and Completed Selection Phase (CSP) are the two consecutive feature selection phases in IPSO. PSP employs a filtering approaches to quickly identify the most significant features for detecting intrusion threats while eliminating those that are redundant or ineffective. In CSP, the next level of IPSO, this behavior reduces the computing cost. For accurate feature selection, CSP uses Binary Particle Swarm Optimization (Bi-PSO) as a wrapper approach. Based on the most effective features identified by FSM, The CM aims to identify intrusion attempts with the minimal processing time. Therefore, a K-Nearest Neighbor KNN classifier has been deployed. As a result, based on the significant features identified by the IPSO technique, KNN can accurately detect intrusion attacks with the least amount of processing time. The experimental results have shown that the proposed IDF outperforms other recent techniques using UNSW_NB-15 dataset. The accuracy, precision, recall, F1score, and processing time of the experimental outcomes of our findings were assessed. Our results were competitive with an accuracy of 99.8%, precision of 99.94%, recall of 99.85%, F1-score of 99.89%, and excursion time of 59.15s when compared to the findings of the current works.","PeriodicalId":169383,"journal":{"name":"Journal of Cybersecurity and Information Management","volume":"106 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity and Information Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54216/jcim.100103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

An intrusion detection system is a critical security feature that analyses network traffic in order to avoid serious unauthorized access to network resources. For securing networks against potential breaches, effective intrusion detection is critical. In this paper, a novel Intrusion Detection Framework (IDF) is proposed. The three modules that comprise the suggested IDF are: (i) Data Pre-processing Module (DPM), (ii) Feature Selection Module (FSM), and Classification Module (CM). DPM collects and processes network traffic in order to prepare data for training and testing. The FSM seeks to identify the key elements for recognizing DPM intrusion attempts. An Improved Particle Swarm Optimization is used (IPSO). IPSO is a hybrid method that uses both filter and wrapper approaches to generate accurate and relevant information for the classification step that follows. Primary Selection Phase (PSP) and Completed Selection Phase (CSP) are the two consecutive feature selection phases in IPSO. PSP employs a filtering approaches to quickly identify the most significant features for detecting intrusion threats while eliminating those that are redundant or ineffective. In CSP, the next level of IPSO, this behavior reduces the computing cost. For accurate feature selection, CSP uses Binary Particle Swarm Optimization (Bi-PSO) as a wrapper approach. Based on the most effective features identified by FSM, The CM aims to identify intrusion attempts with the minimal processing time. Therefore, a K-Nearest Neighbor KNN classifier has been deployed. As a result, based on the significant features identified by the IPSO technique, KNN can accurately detect intrusion attacks with the least amount of processing time. The experimental results have shown that the proposed IDF outperforms other recent techniques using UNSW_NB-15 dataset. The accuracy, precision, recall, F1score, and processing time of the experimental outcomes of our findings were assessed. Our results were competitive with an accuracy of 99.8%, precision of 99.94%, recall of 99.85%, F1-score of 99.89%, and excursion time of 59.15s when compared to the findings of the current works.

查看原文本刊更多论文

基于机器学习的入侵检测框架(IDF)

入侵检测系统是一项重要的安全功能，它可以分析网络流量，以避免对网络资源的严重非法访问。为了保护网络免受潜在的破坏，有效的入侵检测至关重要。提出了一种新的入侵检测框架(IDF)。建议的IDF由三个模块组成:(i)数据预处理模块(DPM)， (ii)特征选择模块(FSM)和分类模块(CM)。DPM收集和处理网络流量，以便为培训和测试准备数据。FSM试图识别识别DPM入侵企图的关键要素。采用了改进的粒子群优化算法(IPSO)。IPSO是一种混合方法，它使用过滤器和包装器方法为接下来的分类步骤生成准确和相关的信息。初级选择阶段(PSP)和完成选择阶段(CSP)是IPSO中两个连续的特征选择阶段。PSP采用过滤方法快速识别入侵威胁检测中最重要的特征，同时消除冗余或无效的特征。在IPSO的下一级CSP中，这种行为降低了计算成本。为了精确的特征选择，CSP使用二元粒子群优化(Bi-PSO)作为包装方法。基于FSM识别出的最有效的特征，CM旨在以最少的处理时间识别入侵企图。因此，我们部署了一个k近邻KNN分类器。因此，基于IPSO技术识别的重要特征，KNN能够以最少的处理时间准确检测入侵攻击。实验结果表明，所提出的IDF优于最近使用UNSW_NB-15数据集的其他技术。对实验结果的正确率、精密度、查全率、F1score和处理时间进行了评估。与现有研究结果相比，我们的结果具有竞争力，准确率为99.8%，精密度为99.94%，召回率为99.85%，f1分数为99.89%，偏移时间为59.15s。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cybersecurity and Information Management

CiteScore

0.70

自引率

0.00%

发文量