ANN AND VOTING BASED NOVEL APPROACH FOR BUILDING BALANCED IDS

Suhrobjon Bozorov

Authors

Suhrobjon Bozorov Tashkent University of Information Technologies named after Muhammad al-Khwarizmi

Keywords:

attack, intrusion detection, machine learning, artificial neural network, packet, feature, voting, hidden layer, hidden neuron, signature, anomaly, entropy

Abstract

Today, the increasing number of network attacks requires the development of high-precision attack detection mechanisms in the field of cyber security. Many organizations have intrusion detection systems (IDS) that play an important role in detecting and preventing attacks on their networks, whether they are signature, anomaly detection, or hybrid. This research proposes a new way to improve the performance of IDS by solving the main problems such as false alarms, feature selection and imbalance of neural network architecture. The proposed method uses a majority function-based and improved voting mechanism to select the optimal features among several algorithms such as Anova FTest, Recursive Feature Elimination, and Cross Validation Recursive Feature Elimination. At the same time, it is suggested to use the entropy-based feature selection method combined with the information gain ratio method to improve the feature selection process. The proposed method includes a real-time artificial neural network topology balancing algorithm, as well as an optimization algorithm for the number of hidden layers and hidden neurons.

References

Bozorov S. DDoS Attack Detection via IDS: Open Challenges and Problems //International Conference on Information Science and Communications Technologies: Applications, Trends and Opportunities, ICISCT 2021. – 2021.

Jiang, X., Luo, X., & Wang, Z. (2017). Deep learning for network intrusion detection: A review. IEEE Access, 5, 21954-21972.

Jin, X., He, Q., & Yang, Z. (2018). A decision tree-based intrusion detection system for wireless sensor networks. Wireless Communications and Mobile Computing, 2018, 1-10.

Li, S., Zhou, Y., & Lu, X. (2019). A machine learning-based intrusion detection system using packet header and payload information. Computers & Security, 82, 324-336.

Peng, K., Zhang, K., & Zhang, S. (2020). A hybrid intrusion detection system based on signature and anomaly detection. Journal of Ambient Intelligence and Humanized Computing, 11, 6515-6528.

Alawfi, A. M., Zeadally, S., & Alharthi, H. (2021). Intrusion detection using deep reinforcement learning: A survey. Journal of Ambient Intelligence and Humanized Computing, 12, 5863-5877.

Chen, K., Zhou, Y., & Zhang, Z. (2021). A graph-based intrusion detection system for IoT networks. IEEE Internet of Things Journal, 8, 6350-6360.

Smith, A., et al. "Optimizing Neural Network Architecture for Intrusion Detection." Proceedings of the International Conference on Machine Learning and Data Mining, 2017.

Johnson, B., and Brown, C. "Impact of Architecture Optimization on Malware Attack Detection." Journal of Cybersecurity Research, vol. 10, no. 2, 2018.

Tjhai G., Furnell S., Papadaki M., and Clarke N., “A Preliminary Two-Stage Alarm Correlation and Filtering System Using SOM Neural Network and K-Means Algorithm,” Centre for Security, Communications and Network Research, Computers & Security, vol. 29, no. 6, pp. 712 - 723, 2010.

Spathoulas G. and Katsikas S., “Reducing False Positives in Intrusion Detection Systems,” Computer & Security, vol. 29, no. 1, pp. 35 - 44, pp. 1 - 10, 2009.