Build Network Intrusion Detection System based on combination of Fractal Density Peak Clustering and Artificial Neural Network
DOI:
https://doi.org/10.29304/jqcm.2023.15.1.1151Keywords:
Anomaly Intrusion Detection System, Density Peak Cluster algorithm, Neural Network algorithmAbstract
Imbalanced data poses a serious problem in intrusion detection systems. In this article, we propose a network intrusion detection system based on fractal density peak clustering and an artificial neural network (FD-ANN). The proposed detection system consists of three parts: data clustering based on the density-peak clustering (DPC) method, using the fractal concept as a membership weight of all data to the cluster, and a neural network to classify the data. The DPC method uses categorization of the tare data into subgroups with strongly correlated attributes to reduce the size of the training data and the imbalance of the sample. Each subgroup has its neural network to train the data. Based on fractal membership weights, the output of all classifiers of the sub-neural networks is combined using the aggregation function. The benchmarks of this model are based on the data sets NSL-KDD and UNSW-NB15. The proposed solution outperforms other known classification approaches in terms of overall accuracy, recall, precision, and F1 score.
Downloads
Download data is not yet available.
References
[1] S. Aljawarneh, M. Aldwairi, and M. Bani, “Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model,” J. Comput. Sci., vol. 25, pp. 152–160, 2018, doi: 10.1016/j.jocs.2017.03.006.
[2] S. M. Hadi, A. H. Alsaeedi, M. I. Dohan, R. R. Nuiaa, S. Manickam, and A. S. D. Alfoudi, “Dynamic Evolving Cauchy Possibilistic Clustering Based on the Self-Similarity Principle (DECS) for Enhancing Intrusion Detection System,” Int. J. Intell. Eng. Syst., vol. 15, no. 5, pp. 252–260, 2022, doi: 10.22266/ijies2022.1031.23.
[3] I. Škrjanc, S. Ozawa, T. Ban, and D. Dovžan, “Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering,” Appl. Soft Comput. J., vol. 62, pp. 592–601, 2018, doi: 10.1016/j.asoc.2017.11.008.
[4] D. B. Rawat, R. Doku, and M. Garuba, “Cybersecurity in Big Data Era: From Securing Big Data to Data-Driven Security,” IEEE Trans. Serv. Comput., vol. 14, no. 6, pp. 2055–2072, 2021, doi: 10.1109/TSC.2019.2907247.
[5] R. B. Basnet, R. Shash, C. Johnson, L. Walgren, and T. Doleck, “Towards detecting and classifying network intrusion traffic using deep learning frameworks,” J. Internet Serv. Inf. Secur., vol. 9, no. 4, pp. 1–17, 2019, doi: 10.22667/JISIS.2019.11.30.001.
[6] S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, and H. Karimipour, “Cyber intrusion detection by combined feature selection algorithm,” J. Inf. Secur. Appl., vol. 44, pp. 80–88, 2019, doi: 10.1016/j.jisa.2018.11.007.
[7] N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J., vol. 25, no. 1–3, pp. 18–31, 2016, doi: 10.1080/19393555.2015.1125974.
[8] A. Singh, K. Chatterjee, and S. C. Satapathy, “An edge based hybrid intrusion detection framework for mobile edge computing,” Complex Intell. Syst., 2021, doi: 10.1007/s40747-021-00498-4.
[9] V. Kumar, D. Sinha, A. K. Das, S. C. Pandey, and R. T. Goswami, “An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset,” Cluster Comput., vol. 23, no. 2, pp. 1397–1418, 2020, doi: 10.1007/s10586-019-03008-x.
[10] A. Cheema, M. Tariq, A. Hafiz, M. M. Khan, F. Ahmad, and M. Anwar, “Prevention Techniques against Distributed Denial of Service Attacks in Heterogeneous Networks: A Systematic Review,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/8379532.
[11] A. Heidari and M. A. Jabraeil Jamali, “Internet of Things intrusion detection systems: a comprehensive review and future directions,” Cluster Comput., 2022, doi: 10.1007/s10586-022-03776-z.
[12] A. K. Balyan et al., “A Hybrid Intrusion Detection Model Using EGA-PSO and Improved Random Forest Method,” Sensors, vol. 22, no. 16, pp. 1–20, 2022, doi: 10.3390/s22165986.
[13] R. R. Nuiaa, A. H. Alsaeedi, S. Manickam, and D. E. J. Al-Shammary, “Evolving Dynamic Fuzzy Clustering (EDFC) to Enhance DRDoS_DNS Attacks Detection Mechnism,” Int. J. Intell. Eng. Syst., vol. 15, no. 1, pp. 509–519, 2022, doi: 10.22266/IJIES2022.0228.46.
[14] R. R. Nuiaa, S. Manickam, and A. H. Alsaeedi, “Distributed reflection denial of service attack: A critical review,” Int. J. Electr. Comput. Eng., vol. 11, no. 6, pp. 5327–5341, 2021, doi: 10.11591/ijece.v11i6.pp5327-5341.
[15] Y. Yang, K. Zheng, C. Wu, X. Niu, and Y. Yang, “Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks,” Appl. Sci., vol. 9, no. 2, 2019, doi: 10.3390/app9020238.
[16] C. Tang, N. Luktarhan, and Y. Zhao, “Saae-dnn: Deep learning method on intrusion detection,” Symmetry (Basel)., vol. 12, no. 10, pp. 1–20, 2020, doi: 10.3390/sym12101695.
[17] C. Liu, Z. Gu, and J. Wang, “A Hybrid Intrusion Detection System Based on Scalable K-Means+ Random Forest and Deep Learning,” IEEE Access, vol. 9, pp. 75729–75740, 2021, doi: 10.1109/ACCESS.2021.3082147.
[18] I. Al-Turaiki and N. Altwaijry, “A Convolutional Neural Network for Improved Anomaly-Based Network Intrusion Detection,” Big Data, vol. 9, no. 3, pp. 233–252, 2021, doi: 10.1089/big.2020.0263.
[19] J. L. Lin, “Accelerating density peak clustering algorithm,” Symmetry (Basel)., vol. 11, no. 7, pp. 1–18, 2019, doi: 10.3390/sym11070859.
[20] A. Qiu and Z. Wang, “Optimization of Density Peak Clustering Algorithm Based on OpenMP,” J. Softw., vol. 13, no. 3, pp. 168–179, 2018, doi: 10.17706/jsw.13.3.168-179.
[21] N. Oliveira, I. Praça, E. Maia, and O. Sousa, “Intelligent cyber attack detection and classification for network-based intrusion detection systems,” Appl. Sci., vol. 11, no. 4, pp. 1–21, 2021, doi: 10.3390/app11041674.
[22] A. H. Alsaeedi, A. H. Aljanabi, M. E. Manna, and A. L. Albukhnefis, “A proactive metaheuristic model for optimizing weights of artificial neural network,” Indones. J. Electr. Eng. Comput. Sci., vol. 20, no. 2, pp. 976–984, 2020, doi: 10.11591/ijeecs.v20.i2.pp976-984.
[23] S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00379-6.
[24] A. S. Saljoughi, M. Mehvarz, and H. Mirvaziri, “Attacks and intrusion detection in cloud computing using neural networks and particle swarm optimization algorithms,” Emerg. Sci. J., vol. 1, no. 4, pp. 179–191, 2017, doi: 10.28991/ijse-01120.
[25] A. L. A. A. H. A. A. H. A. Mehdi Ebady Manna, “A proactive metaheuristic model for optimizing weights of artificial neural network,” Indones. J. Electr. Eng. Comput. Sci., vol. 20, no. 2, pp. 976–984, 2020, doi: 10.11591/ijeecs.v20.i2.pp976-984.
[26] UNB, “NSL-KDD.”
[27] A. S. Choudhary, P. P. Choudhary, and S. Salve, “A Study on Various Cyber Attacks and A Proposed Intelligent System for Monitoring Such Attacks,” Proc. 3rd Int. Conf. Inven. Comput. Technol. ICICT 2018, pp. 612–617, 2018, doi: 10.1109/ICICT43934.2018.9034445.
[2] S. M. Hadi, A. H. Alsaeedi, M. I. Dohan, R. R. Nuiaa, S. Manickam, and A. S. D. Alfoudi, “Dynamic Evolving Cauchy Possibilistic Clustering Based on the Self-Similarity Principle (DECS) for Enhancing Intrusion Detection System,” Int. J. Intell. Eng. Syst., vol. 15, no. 5, pp. 252–260, 2022, doi: 10.22266/ijies2022.1031.23.
[3] I. Škrjanc, S. Ozawa, T. Ban, and D. Dovžan, “Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering,” Appl. Soft Comput. J., vol. 62, pp. 592–601, 2018, doi: 10.1016/j.asoc.2017.11.008.
[4] D. B. Rawat, R. Doku, and M. Garuba, “Cybersecurity in Big Data Era: From Securing Big Data to Data-Driven Security,” IEEE Trans. Serv. Comput., vol. 14, no. 6, pp. 2055–2072, 2021, doi: 10.1109/TSC.2019.2907247.
[5] R. B. Basnet, R. Shash, C. Johnson, L. Walgren, and T. Doleck, “Towards detecting and classifying network intrusion traffic using deep learning frameworks,” J. Internet Serv. Inf. Secur., vol. 9, no. 4, pp. 1–17, 2019, doi: 10.22667/JISIS.2019.11.30.001.
[6] S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, and H. Karimipour, “Cyber intrusion detection by combined feature selection algorithm,” J. Inf. Secur. Appl., vol. 44, pp. 80–88, 2019, doi: 10.1016/j.jisa.2018.11.007.
[7] N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J., vol. 25, no. 1–3, pp. 18–31, 2016, doi: 10.1080/19393555.2015.1125974.
[8] A. Singh, K. Chatterjee, and S. C. Satapathy, “An edge based hybrid intrusion detection framework for mobile edge computing,” Complex Intell. Syst., 2021, doi: 10.1007/s40747-021-00498-4.
[9] V. Kumar, D. Sinha, A. K. Das, S. C. Pandey, and R. T. Goswami, “An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset,” Cluster Comput., vol. 23, no. 2, pp. 1397–1418, 2020, doi: 10.1007/s10586-019-03008-x.
[10] A. Cheema, M. Tariq, A. Hafiz, M. M. Khan, F. Ahmad, and M. Anwar, “Prevention Techniques against Distributed Denial of Service Attacks in Heterogeneous Networks: A Systematic Review,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/8379532.
[11] A. Heidari and M. A. Jabraeil Jamali, “Internet of Things intrusion detection systems: a comprehensive review and future directions,” Cluster Comput., 2022, doi: 10.1007/s10586-022-03776-z.
[12] A. K. Balyan et al., “A Hybrid Intrusion Detection Model Using EGA-PSO and Improved Random Forest Method,” Sensors, vol. 22, no. 16, pp. 1–20, 2022, doi: 10.3390/s22165986.
[13] R. R. Nuiaa, A. H. Alsaeedi, S. Manickam, and D. E. J. Al-Shammary, “Evolving Dynamic Fuzzy Clustering (EDFC) to Enhance DRDoS_DNS Attacks Detection Mechnism,” Int. J. Intell. Eng. Syst., vol. 15, no. 1, pp. 509–519, 2022, doi: 10.22266/IJIES2022.0228.46.
[14] R. R. Nuiaa, S. Manickam, and A. H. Alsaeedi, “Distributed reflection denial of service attack: A critical review,” Int. J. Electr. Comput. Eng., vol. 11, no. 6, pp. 5327–5341, 2021, doi: 10.11591/ijece.v11i6.pp5327-5341.
[15] Y. Yang, K. Zheng, C. Wu, X. Niu, and Y. Yang, “Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks,” Appl. Sci., vol. 9, no. 2, 2019, doi: 10.3390/app9020238.
[16] C. Tang, N. Luktarhan, and Y. Zhao, “Saae-dnn: Deep learning method on intrusion detection,” Symmetry (Basel)., vol. 12, no. 10, pp. 1–20, 2020, doi: 10.3390/sym12101695.
[17] C. Liu, Z. Gu, and J. Wang, “A Hybrid Intrusion Detection System Based on Scalable K-Means+ Random Forest and Deep Learning,” IEEE Access, vol. 9, pp. 75729–75740, 2021, doi: 10.1109/ACCESS.2021.3082147.
[18] I. Al-Turaiki and N. Altwaijry, “A Convolutional Neural Network for Improved Anomaly-Based Network Intrusion Detection,” Big Data, vol. 9, no. 3, pp. 233–252, 2021, doi: 10.1089/big.2020.0263.
[19] J. L. Lin, “Accelerating density peak clustering algorithm,” Symmetry (Basel)., vol. 11, no. 7, pp. 1–18, 2019, doi: 10.3390/sym11070859.
[20] A. Qiu and Z. Wang, “Optimization of Density Peak Clustering Algorithm Based on OpenMP,” J. Softw., vol. 13, no. 3, pp. 168–179, 2018, doi: 10.17706/jsw.13.3.168-179.
[21] N. Oliveira, I. Praça, E. Maia, and O. Sousa, “Intelligent cyber attack detection and classification for network-based intrusion detection systems,” Appl. Sci., vol. 11, no. 4, pp. 1–21, 2021, doi: 10.3390/app11041674.
[22] A. H. Alsaeedi, A. H. Aljanabi, M. E. Manna, and A. L. Albukhnefis, “A proactive metaheuristic model for optimizing weights of artificial neural network,” Indones. J. Electr. Eng. Comput. Sci., vol. 20, no. 2, pp. 976–984, 2020, doi: 10.11591/ijeecs.v20.i2.pp976-984.
[23] S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00379-6.
[24] A. S. Saljoughi, M. Mehvarz, and H. Mirvaziri, “Attacks and intrusion detection in cloud computing using neural networks and particle swarm optimization algorithms,” Emerg. Sci. J., vol. 1, no. 4, pp. 179–191, 2017, doi: 10.28991/ijse-01120.
[25] A. L. A. A. H. A. A. H. A. Mehdi Ebady Manna, “A proactive metaheuristic model for optimizing weights of artificial neural network,” Indones. J. Electr. Eng. Comput. Sci., vol. 20, no. 2, pp. 976–984, 2020, doi: 10.11591/ijeecs.v20.i2.pp976-984.
[26] UNB, “NSL-KDD.”
[27] A. S. Choudhary, P. P. Choudhary, and S. Salve, “A Study on Various Cyber Attacks and A Proposed Intelligent System for Monitoring Such Attacks,” Proc. 3rd Int. Conf. Inven. Comput. Technol. ICICT 2018, pp. 612–617, 2018, doi: 10.1109/ICICT43934.2018.9034445.
Downloads
Published
2023-03-07
How to Cite
Alkafagi, S. S. (2023). Build Network Intrusion Detection System based on combination of Fractal Density Peak Clustering and Artificial Neural Network. Journal of Al-Qadisiyah for Computer Science and Mathematics, 15(1), Comp Page 111–126. https://doi.org/10.29304/jqcm.2023.15.1.1151
Issue
Section
Computer Articles
