Selective Ensemble of KELM-Based Complex Network Intrusion Detection
LIU Jin-ping1,2, HE Jie-zhou1, MA Tian-yu3, ZHANG Wu-xia1, TANG Zhao-hui4, XU Peng-fei1
1. Hunan Provincial Key Laboratory of Intelligent Computing and Language Information Processing, Hunan Normal University, Changsha, Hunan 410081, China;
2. Key Laboratory of Computing and Stochastic Mathematics(Ministry of Education), Hunan Normal University, Changsha, Hunan 410081, China;
3. School of Physics and Electronics, Hunan Normal University, Changsha, Hunan 410081, China;
4. School of Information Science and Engineering, Central South University, Changsha, Hunan 410083, China
Abstract:To solve the problem of the low detection accuracy of new intrusions with long detection time due to the complex and changeable nature of network intrusions,this paper proposes a network intrusion detection method based on the selective learning of Kernel Extreme Learning Machines (KELMs).First,based on the high efficiency learning characteristics of the single KELM learner,multiple KELMs are trained independently by the Bagging strategy.Then,based on the margin distance minimization (MDM) guidelines,KELM learners are integrated by selecting a part of them with high gains based on the MDM-based gain measures.Extensive validation and comparative experiments on the the KDD99 data set and on a hybrid network simulation platform mixed with wireless networks and Ethernet networks demonstrate that the proposed method achieves better recognition accuracies with faster recognition speed than the network intrusion detection methods based on the single learner and the traditional ensemble learning,which can effectively detect the known and unknown network intrusion connection in real time.
[1] 高妮,高岭,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. GAO Ni,GAO Ling,et al.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[2] HAMAMOTO A H,SAMPAIO L D H,ABR O T,et al.Network anomaly detection system using genetic algorithm and fuzzy logic[J].Expert Systems with Applications,2018,92(1):309-402.
[3] 李立勋,张斌,董书琴,等.基于脆弱性变换的网络动态防御有效性分析方法[J].电子学报,2018,46(12):3014-3020. LI Li-xun,ZHANGBin,DONG Shu-qin,et al.Effectiveness analysis approach based on vulnerability mutation for network dynamic defense[J].Acta Electronica Sincia,2018,46(12):3014-3020.(in Chinese)
[4] SULTANA N,CHILAMKURTI N,PENG W,et al.Survey on SDN based network intrusion detection system using machine learning approaches[J].Peer-to-Peer Networking and Applications,2018,11(1-2):1-9.
[5] CHITRAKAR R,HUANG C.Selection of candidate support vectors in incremental SVM for network intrusion detection[J].Computers & Security,2014,45(3):231-241.
[6] WANG C R,XU R F,LEE S J,et al.Network intrusion detection using equality constrained-optimization-based extreme learning machines[J].Knowledge-Based Systems,2018,147(1):68-80.
[7] SONG Y,YAO S,et al.A new k-ary crisp decision tree induction with continuous valued attributes[J].Chinese Journal of Electronics,2017,26(5):999-1007.
[8] SHEN Y,ZHENG K,WU C,et al.An ensemble method based on selection using bat algorithm for intrusion detection[J].Computer Journal,2018,61(4):526-538.
[9] MA T,WANG F,CHENG J,et al.A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks[J].Sensors,2016,16(10):1701.
[10] LIU J,HE J,ZHANG W,et al.TCvBsISM:Texture classification via B-splines-based image statistical modeling[J].IEEE Access,2018,6(1):44876-44893.
[11] LI S,SONG S,HUANG G,et al.Cross-domain extreme learning machines for domain adaptation[J].IEEE Transactions on Systems Man & Cybernetics Systems,2018,PP(99):1-14.
[12] HUANG G B.What are extreme learning machines? filling the gap between Frank Rosenblatt's dream and John Von Neumann's puzzle[J].Cognitive Computation,2015,7(3):263-278.
[13] HUANG G,HUANG G B,SONG S,et al.Trends in extreme learning machines:a review[J].Neural Networks,2015,61(C):32-48.
[14] HUANG J,YU Z L,CAI Z,et al.Extreme learning machine with multi-scale local receptive fields for texture classification[J].Multidimensional Systems and Signal Processing,2017,28(3):995-1011.
[15] LIANG N Y,HUANG G B,SARATCHANDRAN P,et al.A fast and accurate online sequential learning algorithm for feedforward networks[J].IEEE Trans Neural Netw,2006,17(6):1411-1423.
[16] 杨乐,杨磊.基于核函数的在线序列ELM模型[J].纺织高校基础科学学报,2013,26(4):516-520. YANG Le,et al.Online sequence ELM model based on the kernel function[J].Basic Science Journal of Textile Universities,2013,26(4):516-520.(in Chinese)
[17] MA G,WANG Y,WU L.Subspace ensemble learning via totally-corrective boosting for gait recognition[J].Neurocomputing,2016,224(1):119-127.
[18] ERDAL H,KARAHANOÉLUB Í.Bagging ensemble models for bank profitability:an emprical research on Turkish development and investment banks[J].Applied Soft Computing,2016,49(1):861-867.
[19] DRUCKER H,CORTES C,JACKEL L D,et al.Boosting and other ensemble methods[J].Neural Computation,1994,6(6):1289-1301.
[20] ZHOU Z,CHEN J,SONG Y,et al.RFSEN-ELM:Selective ensemble of extreme learning machines using rotation forest for image classification[J].Neural Network World,2017,27(5):499-517.
[21] ZHOU Z H,WU J,TANG W.Ensembling neural networks:many could be better than all[J].Artificial Intelligence,2002,137(1-2):239:263.
[22] MARTINEZMUOZ G,HERNANDEZLOBATO D,SUAREZ A.An Analysis of ensemble pruning techniques based on ordered aggregation[J].IEEE Transactions on Pattern Analysis & Machine Intelligence,2009,31(2):245-259.
[23] MART NEZ-MU OZ G,SU REZ A.Aggregation ordering in bagging[OL].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.146.3650.2004.
[24] DAVIS J J,CLARK A J.Data preprocessing for anomaly based network intrusion detection:A review[J].Computers & Security,2011,30(6):353-375.
[25] HASAN M A M,NASSER M,PAL B,et al.Support vector machine and random forest modeling for intrusion detection system (IDS)[J].Journal of Intelligent Learning Systems & Applications,2014,6(1):45-52.
[26] KOC L,MAZZUCHI T A,SARKANI S.A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier[J].Expert Systems with Applications,2012,39(18):13492-13500.
[27] HU J,MIN J.Automated detection of driver fatigue based on EEG signals using gradient boosting decision tree model[J].Cognitive Neurodynamics,2018,12(12):1-10.
[28] Duan Q,Al-Shaer E.Traffic-aware dynamic firewall policy management:techniques and applications[J].IEEE Communications Magazine,2013,51(7):73-79.