1. bookVolume 9 (2019): Issue 3 (July 2019)
Journal Details
First Published
30 Dec 2014
Publication timeframe
4 times per year
access type Open Access

Applying a Neural Network Ensemble to Intrusion Detection

Published Online: 09 May 2019
Volume & Issue: Volume 9 (2019) - Issue 3 (July 2019)
Page range: 177 - 188
Received: 27 Jul 2018
Accepted: 19 Nov 2018
Journal Details
First Published
30 Dec 2014
Publication timeframe
4 times per year

An intrusion detection system (IDS) is an important feature to employ in order to protect a system against network attacks. An IDS monitors the activity within a network of connected computers as to analyze the activity of intrusive patterns. In the event of an ‘attack’, the system has to respond appropriately. Different machine learning techniques have been applied in the past. These techniques fall either into the clustering or the classification category. In this paper, the classification method is used whereby a neural network ensemble method is employed to classify the different types of attacks. The neural network ensemble method consists of an autoencoder, a deep belief neural network, a deep neural network, and an extreme learning machine. The data used for the investigation is the NSL-KDD data set. In particular, the detection rate and false alarm rate among other measures (confusion matrix, classification accuracy, and AUC) of the implemented neural network ensemble are evaluated.


[1] Cyber security, http://whatis.techtarget.com/definition/cybersecurity, last retrieved in 2018.Search in Google Scholar

[2] W. Stallings, Network security essentials: applications and standards, 5th edition, Pearson, 2013.10.1016/B978-0-12-394397-2.00054-4Search in Google Scholar

[3] Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise, https://www.upguard.com/articles/top-freenetwork-based-intrusion-detection-systems-ids-for-the-enterprise, last retrieved in 2018.Search in Google Scholar

[4] K. Scarfone and P. Mell, Guide to Intrusion Detection and Prevention Systems Recommendations (IDPS), National Institute of Standards and Technology, NIST Spec. Publ. 800-97, 2007.10.6028/NIST.SP.800-94Search in Google Scholar

[5] B. C. Rhodes, J. A. Mahaffey, J. D. Cannady, Multiple self-organizing maps for intrusion detection, 23rd national information systems security conference, 2000.Search in Google Scholar

[6] P. O. Kane, S. Sezer, K. McLaughlin, Obfuscation: the hidden malware, IEEE Security & Privacy 9 (5), 41-47, 2011.10.1109/MSP.2011.98Search in Google Scholar

[7] G. Gu, P. Porras, V. Yegneswaran, M. Fong, W. Lee, Bothunter: Detecting malware infection through ids-driven dialog correlation, in: Proceedings of 16th USENIX Security Symposium, USENIX Association, 2007.Search in Google Scholar

[8] G. Gu, R. Perdisci, J. Zhang, W. Lee, et al., Botminer: Clustering analysis of network trace for protocol-and structure-independent botnet detection., in: USENIX Security Symposium, pp. 139-154, 2008.Search in Google Scholar

[9] G. Gu, J. Zhang, W. Lee, Botsniffer: Detecting botnet command and control channels in network trace, in: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08), 2008.Search in Google Scholar

[10] V. Julien, Suricata ids, Tech. rep., Open Information Security Foundation (OISF), available online: http://suricata-ids.org/download/, last retrieved in 2018.Search in Google Scholar

[11] M. Roesch, Snort: Lightweight intrusion detection for networks., in: LISA, pp. 229-238, 1999.Search in Google Scholar

[12] V. Paxson, Bro: a system for detecting network intruders in real-time, Computer networks 31 (23), 2435-2463, 1999.10.1016/S1389-1286(99)00112-7Search in Google Scholar

[13] D. M. Chess, S. R. White, Undetectable computer viruses, in: Virus Bulletin, pp. 107-115, 2000.Search in Google Scholar

[14] R. Vaarandi, K. Podins, Network ids alert classifi-cation with frequent itemset mining and data clustering, in: Network and Service Management (CNSM), 2010 International Conference on, IEEE, pp. 451-456, 2010.10.1109/CNSM.2010.5691262Search in Google Scholar

[15] M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, A Detailed Analysis of the KDD CUP 99 Data Set, IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009.10.1109/CISDA.2009.5356528Search in Google Scholar

[16] S. A. Ludwig, Intrusion Detection of Multiple Attack Classes using a Deep Neural Net Ensemble, IEEE Symposium Series on Computational Intelligence (SSCI), Honolulu, HI, USA, October 2017.10.1109/SSCI.2017.8280825Search in Google Scholar

[17] I. Chairunnisa, Lukas, and H. D. Widiputra. Clustering base intrusion detection for network profiling using k-means, ecm and k-nearest neighbor algorithms. In Konferensi Nasional Sistem dan Informatika, 2009.Search in Google Scholar

[18] S. Zanero and S. M. Savaresi. Unsupervised learning techniques for an intrusion detection system. In SAC ’04: Proceedings of the 2004 ACM symposium on Applied computing, pages 412-419, New York, NY, USA, 2004.10.1145/967900.967988Search in Google Scholar

[19] A. Ali, A. Saleh, and T. Ramdan. Multilayer perceptrons networks for an intelligent adaptive intrusion detection system. International Journal of Computer Science and Network Security, 10(2), 2010.Search in Google Scholar

[20] N. Gornitz, M. Kloft, K. Rieck, and U. Brefeld. Active learning for network intrusion detection. In 2nd ACM workshop on security and artificial intelligence, pp. 47-54, 2009.10.1145/1654988.1655002Search in Google Scholar

[21] M. Kloft, U. Brefeld, P. Dussel, C. Gehl, and P. Laskov. Automatic feature selection for anomaly detection. In AISEC 2008, pp. 71-76, 2008.10.1145/1456377.1456395Search in Google Scholar

[22] R. Chitrakar and C. Huang, Selection of candidate support vectors in incremental SVM for network intrusion detection, Computers & Security, vol. 45, pp. 231-241, 2014.10.1016/j.cose.2014.06.006Search in Google Scholar

[23] F. Giroire, J. Chandrashekar, G. Iannaccone, K. Papagiannaki, E. M. Schooler, and N. Taft. The cubicle vs. the coffee shop: Behavioral modes in enterprise end-users. In Proceedings of the 2008 Passive and Active Measurement Conference, pages 202-211, Springer, 2008.10.1007/978-3-540-79232-1_21Search in Google Scholar

[24] M. Pillai, J. Eloff, and H. Venter. An approach to implement a network intrusion detection system using genetic algorithms. In Proceedings of South African Institute of Computer Scientists and Information Technologists, pp. 221-228, Western Cape, South Africa, 2004.Search in Google Scholar

[25] G. E. Hinton, S. Osindero, and Y.-W. Teh, A fast learning algorithm for deep belief nets, Neural computation, vol. 18, pp. 1527-1554, 2006.Search in Google Scholar

[26] R. Salakhutdinov and G. E. Hinton, Deep boltzmann machines, International conference on artifi-cial intelligence and statistics, 2009.Search in Google Scholar

[27] M. Z. Alom, V. Bontupalli and T. M. Taha, Intrusion detection using deep belief networks, 2015 National Aerospace and Electronics Conference (NAE-CON), Dayton, OH, 2015.10.1109/NAECON.2015.7443094Search in Google Scholar

[28] K. Alrawashdeh and C. Purdy, Toward an Online Anomaly Intrusion Detection System Based on Deep Learning, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), Anaheim, CA, 2016.10.1109/ICMLA.2016.0040Search in Google Scholar

[29] Y. Li, R. Ma, R. Jiao, A Hybrid Malicious Code Detection Method based on Deep Learning, International Journal of Security and Its Applications, vol. 9, no. 5, 2015.10.14257/ijsia.2015.9.5.21Search in Google Scholar

[30] Y. Liu and X. Zhang, Intrusion Detection Based on IDBM, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, Auckland, 2016.10.1109/DASC-PICom-DataCom-CyberSciTec.2016.48Search in Google Scholar

[31] S. Potluri and C. Diedrich, Accelerated deep neural networks for enhanced Intrusion Detection System, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), Berlin, 2016.10.1109/ETFA.2016.7733515Search in Google Scholar

[32] T. A. Tang, L. Mhamdi, D. McLernon, S. A. Raza Zaidi, M. Ghogho, Deep learning approach for Network Intrusion Detection in Software Defined Networking, 2016 International Conference on Wireless Networks and Mobile Communications (WIN-COM), Fez, Morocco, 2016.10.1109/WINCOM.2016.7777224Search in Google Scholar

[33] W. Lee, S. J. Stolfo, A framework for constructing features and models for intrusion detection systems, ACM Transactions on Information and System Security 3:227-261, 2000.10.1145/382912.382914Search in Google Scholar

[34] B. V. Dasarathy and B. V. Sheela, Composite classifier system design: concepts and methodology, Proceedings of the IEEE, vol. 67, no. 5, pp. 708-713, 1979.10.1109/PROC.1979.11321Search in Google Scholar

[35] L. K. Hansen and P. Salamon, Neural network ensembles, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 12, no. 10, pp. 993-1001, 1990.10.1109/34.58871Search in Google Scholar

[36] R. E. Schapire, The Strength of Weak Learnability, Machine Learning, vol. 5, no. 2, pp. 197-227, 1990.10.1007/BF00116037Search in Google Scholar

[37] A. Javaid, Q. Niyaz, W. Sun, and M. Alam, A Deep Learning Approach for Network Intrusion Detection System. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, Brussels, Belgium, 2016.10.4108/eai.3-12-2015.2262516Search in Google Scholar

[38] D. P. Kingma, J. Ba, Adam: A Method for Stochastic Optimization, Proceedings of the 3rd International Conference on Learning Representations (ICLR), 2014.Search in Google Scholar

[39] G.-B. Huang, Q.-Y. Zhu, and C.-K. Siew, Extreme learning machine: theory and applications, Neurocomputing, vol. 70, no. 1-3, pp. 489-501, 2006.10.1016/j.neucom.2005.12.126Search in Google Scholar

[40] G.-B. Huang, L. Chen, and C.-K. Siew, Universal approximation using incremental constructive feed- forward networks with random hidden nodes, IEEE Transactions on Neural Networks, vol. 17, no. 4, pp. 879-892, 2006.10.1109/TNN.2006.87597716856652Search in Google Scholar

[41] A. Ozgur, H. Erdem, A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015 (Version 1), PeerJ Preprints, 2016.10.7287/peerj.preprints.1954v1Search in Google Scholar

[42] DARPA Intrusion Detection Data Set, 1998.Search in Google Scholar

[43] R. Sommer, V. Paxson, Outside the closed world: On using machine learning for network intrusion detection, Proceedings of the 2010 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, USA, 2010.10.1109/SP.2010.25Search in Google Scholar

[44] N. V. Chawla, N. Japkowicz, A. Kotcz, Editorial: Special Issue on Learning from Imbalanced Data Sets, SIGKDD Explor. Newsl., vol. 6, no. 1, pp. 1-6, 2014.10.1145/1007730.1007733Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo