Keywords: information security, industrial Internet of Things, intrusion detection system, network attack, NSL-KDD dataset
Hybrid intrusion detection system with the use of a classifiers committee
UDC 004.056
DOI: 10.26102/2310-6018/2022.39.4.020
The issues of detecting network attacks to Industrial Internet of Things (IIoT) systems are analyzed. Existing approaches for detecting such attacks based on the use of artificial intelligence methods are considered. The high interest to integration of machine learning and artificial intelligence methods as a part of hybrid systems is emphasized. Such integration makes it possible to compensate the shortcomings of some algorithms due to the advantages of others. The goal of this research is to improve the efficiency of network attacks detection. The paper proposes the implementation of a multi-level hybrid attack detection system on the basis of combining several classifiers in the committee including the artificial immune system, the multilayer perceptron, and the random forest algorithm. The choice of these classifiers is due to their high classification efficiency and the ability of artificial immune system to detect unknown network attacks. The decision is made on the basis of the conclusion of each expert (classifiers) with the use of voting mechanism. Such approach provides more accurate result in accordance with the Condorcet's jury theorem. To carry out computational experiments for assessing the effectiveness of the proposed system, the NSL-KDD network traffic data set was employed. The results of experiments carried out demonstrate the high efficiency of the proposed hybrid attack detection system based on use of classifiers committee.
1. 1. Threat Intelligence Report 2020. NOKIA. Available from: https://pages.nokia.com/T005JU-Threat-Intelligence-Report-2020.html?_ga=2.216248470.16 53315497.1608038999-829562352.1608038999 (accessed on 23.09.2021).
2. 2. Chto ugrozhaet promyshlennomu internetu veshchej i kak ot etogo zashchitit'sya. Kaspersky Lab, Vc.ru. Available from: https://vc.ru/kaspersky/265770-chto-ugrozhaet-promyshlennomu-internetu-veshchey-i-kak-ot-etogo-zashchititsya (accessed on 23.09.2021). (In Russ.).
3. 3. Branitskiy A.A., Kotenko I.V. Analysis and classification of methods for network attack detection. Trudy SPIIRAN = SPIIRAS Proceedings. 2016;2(45):207–244. DOI: 10.15622/sp.45.13. (In Russ.).
4. 4. Dobkach L. An analysis of methods for identifying computer attacks. Legal Informatics. 2020;1:67–75.
5. 5. ICT219 Lecture 11 – Hybrid Intelligent Systems. StuDocu. Available from: https://www.studocu.com/en-au/document/murdoch-university/intelligent-systems/ict219-lecture-11-hybrid-intelligent-systems/1280311 (accessed on 23.09.2021).
6. 6. Averkin A.A., Yarushev S.A., Pavlov V.U. Cognitive hybrid systems for decision support and forecasting. Programmnye produkty i sistemy = Software & Systems. 2017;4(30):632–642. DOI: 10.15827/0236-235X.120.632-642. (In Russ.).
7. 7. Lin L. An intelligent fault diagnosis model of WSN based on artificial immune system. 2020 5th International Conference on Smart Grid and Electrical Automation (ICSGEA). 2020:405–408. DOI: 10.1109/ICSGEA51094.2020.00093.
8. 8. Dounias G. Hybrid computational intelligence in medicine. Available from: http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=EE461823CC470C45FC8909C60AC93956?doi=10.1.1.71.6170&rep=rep1&type=pdf (accessed on 25.07.2021).
9. 9. Panda M., Abraham A., Patra M.R. Hybrid intelligent systems for detecting network intrusions. Security and Communication Networks. 2012;8(16). Available from: https://www.researchgate.net/publication/260408971_Hybrid_intelligent_systems_for_detecting_network_intrusions. DOI: 10.1002/sec.592 (accessed on 15.08.2021).
10. 10. Salama M.A., Ramadan R., Darwish A., Eid H.F. Hybrid intelligent intrusion detection scheme. Advances in Intelligent and Soft Computing. 2011;96:295–302. DOI: 10.1007/978-3-642-20505-7_26.
11. 11. Khan M.A., Kim Y. Deep learning-based hybrid intelligent intrusion detection system. Computers, Materials & Continua. 2021;1(68):671–687. DOI: 10.32604/cmc.2021.015647.
12. 12. Panda M., Abraham A., Patrac M.R. A hybrid intelligent approach for network intrusion detection. Procedia Engineering. 2012;30:1–9. DOI: 10.1016/j.proeng.2012.01.827.
13. 13. Chavez A., Lai C., Jacobs N., Hossain-McKenzie S., Jones C.B., Johnson J., Summers A. Hybrid intrusion detection system design for distributed energy resource systems. IEEE CyberPELS; 2019. Available from: https://ieeexplore.ieee.org/document/8925064 (accessed on 28.07.2021).
14. 14. Alem S., Espes D., Martin E., Nana L., De Lamotte F. A Hybrid Intrusion Detection System in Industry 4.0 Based on ISA95 Standard. 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), 2019:1–8, DOI: 10.1109/AICCSA47632.2019.9035260.
15. 15. Alaparthy V., Morgera S. A multi-level intrusion detection system for wireless sensor networks based on immune theory. IEEE Access. 2018;6:47364–47373. DOI: 10.1109/ACCESS.2018.2866962.
16. 16. Xiao X., Zhang R. A danger theory inspired protection approach for hierarchical wireless sensor networks. KSII Transactions on Internet and Information Systems. 2019;5(13):2732-2753.
17. 17. Aldhaheri S., Alghazzawi D., Cheng L., Alzahrani B., Al-Barakat A., DeepDCA: novel network-based detection of IoT attacks using artificial immune system. Applied Sciences. 2020;10:1909–1932.
18. 18. Powers S.T., He J. A hybrid artificial immune system and Self Organising Map for network intrusion detection. Information Sciences. 2008;178(15):3024–3042. DOI: 10.1016/j.ins.2007.11.028.
19. 19. Nguyen V.T., Dung L.H., Le T.D. A combination of artificial immune system and deep learning for virus detection. International Journal of Applied Engineering Research. 2018;13(22):15622–15628.
20. 20. Mahboubian M., Hamid N.A.W.A. A machine learning based AIS IDS. International Journal of Machine Learning and Computing. 2013;3(3):259–262.
21. 21. Vaitsekhovich L. Intrusion detection in TCP/IP networks using immune systems paradigm and neural network detectors. XI International PhD Workshop OWD. 2009:219–224. Available from: https://www.researchgate.net/publication/306194779_Intrusion_detectio n_in_TCPIP_networks_using_immune_systems_paradigm_and_neural_network_detectors (accessed on 25.08.2021).
22. 22. Komar M., Golovko V., Sachenko A., Bezobrazov S. Development of neural network immune detectors for computer attacks recognition and classification. 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). 2013:665-668. DOI: 10.1109/IDAACS.2013.6663008.
23. 23. Golovko V., Komar M., Sachenko A., Principles of neural network artificial immune system design to detect attacks on computers. International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET). 2010:237–237. Available from: https://ieeexplore.ieee.org/document/5446089 (accessed on 12.08.2021).
24. 24. Sukhov V.E. Network traffic anomaly detection system based on artificial immune systems and neural networks approach. Vestnik Ryazanskogo gosudarstvennogo radiotekhnicheskogo universiteta = Vestnik of Ryazan State Radio Engineering University. 2015;54-1:84–90. (In Russ.).
25. 25. Khang M.T., Nguyen V.T., Le T.D. A combination of artificial neural network and artificial immune system for virus detection. Journal on Electronics and Communications. 2015;(5)3-4:52–57. DOI: 10.21553/rev-jec.133.
26. 26. Estlund D.M. Opinion leaders, independence, and Condorcet's Jury Theorem. Theory and Decision. 1994;36:131–162. DOI: 10.1007/BF01079210.
27. 27. Combining multiple learners, Lecture Notes for E Alpaydın 2004 Introduction to Machine Learning, The MIT Press (V1.1). Available from: http://people.sabanciuniv.edu/berrin/cs512/lectures/9-i2ml-chap15-classifier-combination-short.pdf (accessed on 24.09.2021).
28. 28. Le T.-T.-H., Park T., Cho D., Kim H. An effective classification for DoS attacks in wireless sensor networks. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). 2018:689–692. DOI: 10.1109/ICUFN.2018.8436999.
29. 29. Alsulaimanand L., Al-Ahmadi S. Performance evaluation of machine learning techniques for DoS detection in wireless sensor network. International Journal of Network Security & Its Applications (IJNSA). 2021;13(2):21–29.
30. 30. NSL-KDD. University of New Brunswick. Available from: https://www.unb.ca/cic/datasets/nsl.html (accessed on 25.09.2022).
31. 31. Vasilyev V.I., Shamsutdinov R.R. Intelligent network intrusion detection system based on artificial immune system mechanisms. Modeling, Optimization and Information Technology. 2019;7(1). Available from: https://moit.vivt.ru/wp-content/uploads/2019/01/VasilyevShamsutdinov_1_19_1.pdf DOI: 10.26102/2310-6018/2019.24.1.010 (In Russ) (accessed on 23.09.2021).
32. 32. Han H., Wang W.Y., Mao B.H. Borderline-SMOTE: a new over-sampling method in imbalanced data sets learning. International conference on intelligent computing, Springer, Berlin, Heidelberg. 2005:878-887.
Keywords: information security, industrial Internet of Things, intrusion detection system, network attack, NSL-KDD dataset
For citation: Vasilyev V.I., Vulfin A.M., Gvozdev V.E., Shamsutdinov R.R. Hybrid intrusion detection system with the use of a classifiers committee. Modeling, Optimization and Information Technology. 2022;10(4). URL: https://moitvivt.ru/ru/journal/pdf?id=1267 DOI: 10.26102/2310-6018/2022.39.4.020 .
Received 07.11.2022
Revised 13.12.2022
Accepted 28.12.2022
Published 31.12.2022