Hybrid intelligent intrusion detection system based on combining machine learning methods

The article is devoted to the problem of detecting network attacks in Industrial Internet of Things systems. The topicality of the problem under consideration due to a high level of security risks in such systems is analyzed. Various algorithms of network attack detection are considered, and an increasing interest to applying methods of artificial intelligence for solving this kind of problems is noted. The advantages of combining various algorithms of artificial intelligence and methods of machine learning as a part of hybrid intrusion detection systems are underlined. The approach to design of hybrid intelligent intrusion detection system (IDS) is proposed, which includes at the lower level the artificial immune system, responsible for detection of anomalies and unknown network attacks, fulfilling so a function of preliminary network traffic filtration, and the multiclass classificator at the upper level, determining the class of the attack detected at the lower level of the system. The neural network and the random forest algorithm are considered as methods of constructing the classifier of the upper level. The training and efficiency estimation of the system proposed were carried out with use of the NSL-KDD dataset. As experiments showed, the best results were achieved by combination in hybrid IDS of the algorithms of artificial immune system and random forest.

1. Threat Intelligence Report 2020. NOKIA. Available at: https://pages.nokia.com/T005JU-Threat-Intelligence-Report-2020.html?_ga=2.216248470.1653315497.1608038999-829562352.1608038999. (accessed 30.07.2021).

2. Laboratoriya Kasperskogo. Chto ugrozhaet promyshlennomu internetu veshchei i kak ot ehtogo zashchitit'sya. Vc.ru. Available at: https://vc.ru/kaspersky/265770-chto-ugrozhaet-promyshlennomu-internetu-veshchey-i-kak-ot-etogo-zashchititsya. (In Russ) (accessed 30.07.2021).

3. Laboratoriya Kasperskogo: rasprostranenie umnykh ustroistv v promyshlennosti povlechet za soboi smenu podkhoda k kiberzashchite. Kaspersky. Available at: https://www.kaspersky.ru/about/press-releases/2020_laboratoriya-kasperskogo-rasprostranenie-umnih-ustroistv-v-promishlennosti-povlechyot-za-soboi-smenu-podhoda-k-kiberzaschite. (accessed 30.07.2021).

4. Branitskiy A.A., Kotenko I.V. Analysis and Classification of Methods for Network Attack Detection. SPIIRAS Proceedings. 2016;2(45):207-244. (In Russ) DOI: 10.15622/sp.45.13.

5. Dobkach L. An Analysis of methods for identifying computer attacks. Legal Informatics. 2020;1:67-75. (In Russ) DOI: 10.21681/1994-1404-2020-1-67-75.

6. ICT219 Lecture 11 – Hybrid Intelligent Systems. StuDocu. Доступно по: https://www.studocu.com/en-au/document/murdoch-university/intelligent-systems/ict219-lecture-11-hybrid-intelligent-systems/1280311. (accessed 30.07.2021).

7. Averkin A.N. Yarushev S.A. Pavlov V.Yu. Cognitive hybrid systems for decision support and forecasting. Software & Systems. 2017;4(30):632-642. (In Russ) DOI:10.15827/0236-235X.120.632-642.

8. Dounias G. Hybrid Computational Intelligence in Medicine. Available at: http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=EE461823CC470C45FC8909C60AC93956?doi=10.1.1.71.6170&rep=rep1&type=pdf. (accessed 30.07.2021).

9. Panda M., Abraham A., Patra M.R., Hybrid intelligent systems for detecting network intrusions. Security and Communication Networks. 2012;8(16). Available at: https://www.researchgate.net/publication/260408971_Hybrid_intelligent_syst ems_for_detecting_network_intrusions. DOI: 10.1002/sec (accessed 30.07.2021).

10. Salama M.A., Ramadan R., Darwish A., Eid H.F. Hybrid Intelligent Intrusion Detection Scheme. Advances in Intelligent and Soft Computing. 2011;96:295-302. DOI: 10.1007/978-3-642-20505-7_26.

11. Khan M.A., Kim Y., Deep learning-based hybrid intelligent intrusion detection system. Computers, Materials & Continua. 2021;1(68):671–687. DOI:10.32604/cmc.2021.015647.

12. Panda M., Abraham A., Patrac M.R. A Hybrid Intelligent Approach for Network Intrusion Detection. Procedia Engineering. 2012;30:1-9. DOI:10.1016/j.proeng.2012.01.827.

13. Chavez A., Lai C., Jacobs N., Hossain-McKenzie S., Jones C.B., Johnson J., Summers A., Hybrid Intrusion Detection System Design for Distributed Energy Resource Systems. IEEE CyberPELS. 2019. Available at: https://ieeexplore.ieee.org/document/8925064 DOI: 10.1109/CyberPELS.2019.8925064 (accessed 30.07.2021).

14. Alem S., Espes D., Martin E., Nana L., Lamotte F. A hybrid intrusion detection system in industry 4.0 based on ISA95 standard. 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA). 2019:1-8. Available at: https://hal.archives-ouvertes.fr/hal-02506109v2/document. DOI: 10.1109/AICCSA47632.2019.9035260.

15. Nguyen V.T., Dung L.H., Le T.D. A Combination of Artificial Immune System and Deep Learning for Virus Detection. International Journal of Applied Engineering Research. 2018;13(22):15622-15628.

16. Powers S.T., He J. A hybrid artificial immune system and Self Organising Map for network intrusion detection. Information Sciences. 2008;15(178):3024-3042. DOI: 10.1016/j.ins.2007.11.028.

17. Mahboubian M., Hamid N.A.W.A. A Machine Learning Based AIS IDS. International Journal of Machine Learning and Computing. 2013;3(3):259-262. DOI: 10.7763/IJMLC.2013.V3.315.

18. Vaitsekhovich L. Intrusion Detection in TCP/IP Networks Using Immune Systems Paradigm and Neural Network Detectors, XI International PhD Workshop OWD.2009:219-224. Available at: https://www.researchgate.net/publication/306194779_Intrusion_detection_in_TCPIP_networks_using_immune_systems_paradigm_and_neural_network_detectors. (accessed 30.07.2021) .

19. Komar M., Golovko V., Sachenko A., Bezobrazov S. Development of neural network immune detectors for computer attacks recognition and classification. 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). 2013:665-668. DOI: 10.1109/IDAACS.2013.6663008.

20. Golovko V., Komar M., Sachenko A. Principles of neural network artificial immune system design to detect attacks on computers. International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET). 2010:237. Available at: https://ieeexplore.ieee.org/document/5446089. (accessed 30.07.2021).

21. Sukhov V.E. Sistema obnaruzheniya anomalii setevogo trafika na osnove iskusstvennykh immunnykh sistem i neirosetevykh detektorov, Vestnik of Ryazan State Radio Engineering University. 2015;54:84-90. (In Russ). Khang M.T., Nguyen V.T., Le T.D. A Combination of Artificial Neural Network and Artificial Immune System for Virus Detection. Journal on Electronics and Communications. 2015;3-4:52-57.

22. Khang M.T., Nguyen V.T., Le T.D. A Combination of Artificial Neural Network and Artificial Immune System for Virus Detection. Journal on Electronics and Communications. 2015;3-4:52-57.

23. NSL-KDD // University of New Brunswick. Available at: https://www.unb.ca/cic/datasets/nsl.html. (accessed 25.12.2020).

24. Vasilyev V.V., Shamsutdinov R.R. Intelligent network intrusion detection system based on artificial immune system mechanisms. Modeling, Optimization and Information Technology. 2019;1(7):521-535. Available at: https://moitvivt.ru/ru/journal/pdf?id=592. Doi: 10.26102/2310-6018/2019.24.1.010 (In Russ) (accessed 30.07.2021).