A Fusion-Based Data Mining Model for Intrusion Detection in Distributed Environments
Main Article Content
Abstract
As distributed systems become more prevalent, the frequency of distributed attacks—such as distributed denial-of-service (DDoS) and worms—is increasing. Traditional intrusion detection systems are struggling to efficiently identify and report threats in a timely manner. Consequently, various Distributed Intrusion Detection Systems (DIDS) utilizing machine learning algorithms have been implemented. However, their effectiveness has been limited due to high computational costs and suboptimal accuracy levels. This paper aims to enhance the Fusion-Based Data Mining Model for Intrusion Detection in Distributed Environments. Two well-known distributed attack datasets, NSL-KDD’15 and UNSW-NB’15, were utilized in this study. (Fusion-Based Data Mining Model (FBDMM)) was chosen as the evaluation framework due to its widespread use. To minimize computational costs, both Principal Component Analysis (PCA) and Information Gain Ratio (IGR) were employed to extract the five most significant features from each dataset. Classifiers such as Support Vector Machines (SVM), Naïve Bayes (NB), and Multilayer Perceptron (MLP) were The hybridized using a Voting Classification technique to boost accuracy. The The hybridized Data Mining Model (Fusion-Based Data Mining Model (FBDMM)) comprised six classifiers: PCA+SVM, IGR+SVM, PCA+NB, IGR+NB, PCA+MLP, and IGR+MLP. The evaluation results were compared across these six classifiers based on accuracy (ACC), detection rate (DR), and false alarm rate (FAR). Computational costs, measured in System Running Time (SRT), were compared between five-feature and full-feature sets: forty-one features for NSL-KDD’15 and forty-nine features for UNSW-NB’15. The Fusion-Based Data Mining Model (FBDMM) achieved ACC, DR, and FAR values of 77.78, 96.98, and 2.55, respectively, while the highest performance among individual classifiers for NSL-KDD’15 was 72.17, 92.29, and 2.71. For UNSW-NB’15, the Fusion-Based Data Mining Model (FBDMM) recorded ACC, DR, and FAR values of 85.58, 95.98, and 3.35, respectively, with the best performance from individual classifiers being 82.88, 97.23, and 4.66. The SRT for NSL-KDD’15 was 10 seconds with five features and 5,200 seconds with forty-one features, while for UNSW-NB’15, it was 9 seconds with five features and 68,000 seconds with forty-nine features. The findings indicate that fusion-based Data Mining Model outperforms existing data mining models used in Distributed Intrusion Detection Systems in terms of both accuracy and computational cost. Therefore, fusion-based Data Mining Model is recommended for use in Distributed Intrusion Detection.
Article Details
References
Abdurrazaq, M. N., Bambang, R. T., & Rahardjo, B. (2014). Distributed intrusion detection system using cooperative agent based on ant colony clustering. 2014 IEEE International Conference on Electrical Engineering and Computer Science, 109–114. DOI: https://doi.org/10.1109/ICEECS.2014.7045229
Aladesote, O. I., Olutola, A., & Olayemi, O. (2016). Feature or attribute extraction for intrusion detection system using gain ratio and principal component analysis (PCA). Communications on Applied Electronics (CAE), 4(3), 1–4. DOI: https://doi.org/10.5120/cae2016652032
Al-Dabbagh, A. W. (2017). An intrusion detection system for cyber attacks in wireless networked control systems. IEEE Transactions on Circuits and Systems. https://doi.org/10.1109/TCSII.2017.2690843 DOI: https://doi.org/10.1109/TCSII.2017.2690843
Aljumah, A. (2017). Detection of distributed denial of service attacks using artificial neural networks. International Journal of Advanced Computer Science and Applications, 8(8), 306–318. DOI: https://doi.org/10.14569/IJACSA.2017.080841
Anand, A., & Patel, B. (2012). An overview on intrusion detection system and types of attacks it can detect considering different protocols. International Journal of Advanced Research in Computer Science and Software Engineering, 2(8).
Antonio, S. D., Formicola, V., Mazzariello, C., Oliviero, F., & Romano, S. P. (2010). Performance assessment of a distributed intrusion detection system in a real network scenario. IEEE. https://doi.org/10.1109/ICSNC.2010.23 DOI: https://doi.org/10.1109/CRISIS.2010.5764922
Cepheli, Ö., Büyükçorak, S., & Karabulut, K. G. (2016). Hybrid intrusion detection system for DDoS attacks. Journal of Electrical and Computer Engineering, Article ID 1075648. https://doi.org/10.1155/2016/1075648 DOI: https://doi.org/10.1155/2016/1075648
Dhanabal, L., & Shantharajah, S. P. (2015). A study of NSL-KDD dataset for intrusion detection systems based on classification. International Journal of Advanced Research in Computer and Communication Engineering, 4(6), 446–452. https://doi.org/10.17148/IJARCCE.2015.4696
Du, Y., Hui-qiang, W., & Pang, Y. G. (2004). Design of a distributed intrusion detection system based on independent agents. Proceedings of IClSlP 2004. https://doi.org/10.1109/ICISP.2004.135
Hui, Z. (2011). A design of distributed collaborative intrusion detection model. International Conference on Computer Science and Education (ICCSE), 99–101. DOI: https://doi.org/10.1109/ICCSE.2011.6028593
Ibrahim, N. M., & Zainal, A. (2018). A model for adaptive and distributed intrusion detection for cloud computing. 2018 Seventh ICT International Student Project Conference (ICT-ISPC). https://doi.org/10.1109/ICT-ISPC.2018.123456 DOI: https://doi.org/10.1109/ICT-ISPC.2018.8523905