Malicious Traffic Detection and Containment based on Connection Attempt Failures using Kernelized ELM with Automated Worm Containment Algorithm (original) (raw)
Related papers
An Efficient Extreme Learning Machine based Intrusion Detection System
This paper presents an intrusion detection technique based on online sequential extreme learning machine. For performance evaluation, KDDCUP99 dataset is used. In this paper, we use three feature selection techniques – filtered subset evaluation, CFS subset evaluation and consistency subset evaluation to eliminate redundant features. Two network traffic profiling techniques are used. Alpha profiling is done to reduce time complexity and beta profiling is used to remove redundant connection records and hence reduce the size of dataset Keyword-Network traffic profiling, OS-ELM __________________________________________________________________________________________________
International Journal of Communication Networks and Information Security (IJCNIS)
In the proposed hybrid intrusion detection process, misuse detection and anomaly detection model is integrated to detect the attack in traffic pattern. In misuse detection model, the traffic pattern is classified into known attack and not known attack. Each extracted normal data set does not have known attack and it contains small amount of varied connection patterns than overall normal data set. Anomaly detection model classifies the not known attack as normal data set and unknown attack thus improving the performance of normal traffic behavior. Experiment is carried out using NSL –KDD dataset and performance of proposed approach is compared with traditional learning approaches in terms of training time, testing time, false positive ratio and detection ratio. The proposed method detects the known attacks and unknown attacks with ratio of 99.8 % and 52% respectively.
A HOST BASED INTRUSION DETECTION SYSTEM USING IMPROVED EXTREME LEARNING MACHINE
HIDS is very challenging due to high false alarm rate. Host based systems are based on building some reference models from execution traces to characterize the system behavior. These models are then used to classify the normal as well as abnormal behavior. Most of the popular techniques are based on using Extreme Learning Machine (ELM).First analyze the discontiguous patterns of system calls and extract the important feature using ELM. This method provides powerful solution to IDS problems. For dynamic nature interpret the semantic structure between system calls and programming languages. However the use of ELM requires long training time due to the large size of typical system call traces which makes ELM computationally infeasible. So in order to overcome this problem this paper introduces a new host based intrusion detection system using Improved Extreme Learning Machine (I-ELM), in an attempt to reduce the training overhead problem while increasing the detection rate. The key concept is to apply N-gram extraction algorithm. This method mainly focuses on mining the frequent common patterns (N-grams) in the system call traces instead of considering each trace. Thus the length of training sequence is reduced significantly compare to traditional ELM while keeping the accuracy rate.
Hybrid Intrusion Detection System using Extreme Learning Machine based on GA & PSO
Computer Integrated Manufacturing Systems, 2022
Now a day, there are many numbers of intrusion detection systems (IDS) available to detect the intruders. The aim of our research paper is to correct the detection rate of overall accuracy by using feature reduction. Generally, all types of IDS models are trying to improve the detection accuracy of intruders. In this research study, we used the dataset KDD'1999 and NSL-KDD of DARPA from the UCI repository. That dataset has 41features which contain number of attacks. If we use all features on the IDS model than the detection rate of intruder accuracy is very low in execution time and detection time is much more. GA and PSO algorithm used to optimize the results by using the best-optimized features and for classification purposes, we have used ELM. We found the result performance of GA-ELM and PSO-ELM. Then we found, the overall performance of PSO-ELM is seeming to better than comparing to the GA-ELM. Accuracy of PSO-ELM is 99.92% and GA-ELM is 99.89%with the comparison in between testing time.
Detection of cyber-based attacks on computer networks continues to be a relevant and challenging area of research. Daily reports of incidents appear in public media including major ex-filtrations of data for the purposes of stealing identities, credit card numbers, and intellectual property as well as to take control of network resources. Methods used by attackers constantly change in order to defeat techniques employed by information technology (IT) teams intended to discover or block intrusions. “Zero Day” attacks whose “signatures” are not yet in IT databases are continually being uncovered. Machine learning approaches have been widely used to increase the effectiveness of intrusion detection platforms. While some machine learning techniques are effective at detecting certain types of attacks, there are no known methods that can be applied universally and achieve consistent results for multiple attack types. The focus of our research is the development of a framework that combines the outputs of multiple learners in order to improve the efficacy of network intrusion on data that contains instances of multiple classes of attacks. We have chosen the Extreme Learning Machine (ELM) as the core learning algorithm due to recent research that suggests that ELMs are straightforward to implement, computationally efficient and have excellent learning performance characteristics on par with the Support Vector Machine (SVM), one of the most widely used and best performing machine learning platforms (Liu, Gao, & Li, 2012). We introduce the novel Multiple Adaptive Reduced Kernel Extreme Learning Machine (MARK-ELM) which combines Multiple Kernel Boosting (Xia & Hoi, 2013) with the Multiple Classification Reduced Kernel ELM (Deng, Zheng, & Zhang, 2013). We tested this approach on several machine learning datasets as well as the KDD Cup 99 (Hettich & Bay, 1999) intrusion detection dataset. Our results indicate that MARK-ELM works well for the majority of University of California, Irvine (UCI) Machine Learning Repository small datasets and is scalable for larger datasets. For UCI datasets we achieved performance similar to the MKBoost Support Vector Machine (SVM) approach. In our experiments we demonstrate that MARK-ELM achieves superior detection rates and much lower false alarm rates than other approaches on intrusion detection data.