مدلی برای تشخیص نفوذ چند کلاسه با داده های نامتوازن مجموعه داده CICIDS-2017

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشکده مدیریت و اقتصاد - دانشگاه آزاد علوم تحقیقات - تهران - ایران

2 دانشکده مهندسی برق و کامپیوتر - دانشگاه تبریز - تبریز - ایران

3 دانشکده مهندسی برق و کامپیوتر - دانشگاه ایوان کی - سمنان - ایران

4 دانشکده مدیریت و حسابداری دانشگاه آزاد اسلامی کرج - کرج - ایران

چکیده

امروزه بخش عمده‌ای از فعالیت‌ها و تعاملات اقتصادی، تجاری، فرهنگی، اجتماعی و حاکمیتی در تمام کشورها، از طریق فضای سایبر انجام می‌گیرد. باتوجه‌به آسیب‌پذیری‌های ذاتی موجود در این فضا، مخاطرات سامانه‌های مبتنی بر آن نیز در حال افزایش می‌باشند؛ بنابراین، امنیت شبکه‌ها و سیستم‌ها در مقابل انواع نفوذ، به یکی از مهم‌ترین چالش‌های عصر حاضر تبدیل شده است. در این پژوهش، یک مدل برای تشخیص نفوذ در شبکه، بررسی و پیشنهاد شده است. در روش پیشنهادی که یک روش چند کلاسه می‌باشد، از الگوریتم سنجاقک برای انتخاب ویژگی و از جنگل تصادفی به‌منظور دسته‌بندی استفاده شده است. داده‌های بکار رفته در پژوهش، مجموعه‌داده نامتوازن CICIDS-2017 بوده است لذا عملیات متوازن‌سازی در آن استفاده شده است. مسئله با الگوریتم‌های مختلف مورد آزمون قرار گرفته و بهترین الگوریتم انتخاب شده است. مقدار صحت در روش پیشنهادی برابر با 85/99 به‌دست‌آمده است. همچنین، نتایج پژوهش با چندین روش دیگر که توسط محققان قبلی پیشنهاد شده مورد مقایسه قرار گرفته است و این مقایسه نشان می‌دهد که روش پیشنهادی نسبت به اکثر پژوهش‌هایی که در مقاله معرفی شده‌اند، دارای معیارهای ارزیابی بالاتری بوده است.

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

A model for multi-class intrusion detection with imbalanced data in the CICIDS-2017 dataset

نویسندگان [English]

  • Mahmoud Niaei 1
  • Jafar Tanha 2
  • Gholamreza Shahmohammadi 3
  • Alireza Poorebrahimi 4
1 Faculty of Management and Accounting, Azad University, Research Sciences, Tehran, Iran
2 Faculty of Electrical and Computer Engineering, University of Tabriz, Tabriz, Iran
3 Faculty of Electrical and Computer Engineering, Ivan Key University, Semnan, Iran
4 Faculty of Management and Accounting, Islamic Azad University, Karaj, Iran
چکیده [English]

Today, most economic, commercial, cultural, social and governmental activities and interactions in all countries are carried out through cyberspace. Due to the inherent vulnerabilities in cyberspace, the risks of systems are increasing. Therefore, the security of networks and systems against various types of intrusion has become one of the most important challenges of the present age. In this research, a model for detecting network intrusion has been reviewed and proposed. The proposed method is a multi-class method and the dragonfly algorithm is used for feature selection and the Random forest algorithm is used for classification. For analysis, the CICIDS-2017 unbalanced data set has been used, so the balancing operation has been used. To select the method, different algorithms are tested and the best algorithm is selected. The value of accuracy in the proposed method is 0.9985. In addition, the research results have been compared with several other methods proposed by previous researchers, and this comparison shows that the proposed method were better than most of the researches presented in the article.

کلیدواژه‌ها [English]

  • intrusion detection
  • feature selection
  • Dragonfly Algorithm
  • Imbalanced Data
  • CICIDS-2017
Choudhary and N. Kesswani, “Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT”. Procedia Computer Science, 2020. 167: p. 1561-1573.
Javaid, et al., “A deep learning approach for network intrusion detection system”. Eai Endorsed Transactions on Security and Safety, 2016. 3(9): p. e2.
Faker, and E. Dogdu, “Intrusion detection using big data and deep learning techniques”, Proceedings of the 2019 ACM Southeast Conference. 2019.
B. Bhavsar, and K.C. Waghmare, “Intrusion detection system using data mining technique: Support vector machine”, International Journal of Emerging Technology and Advanced Engineering, 2013. 3(3): p. 581-586.
Mirjalili, “Dragonfly algorithm: a new meta-heuristic optimization technique for solving single-objective, discrete, and multi-objective problems”,Neural Computing and Applications, 2016. 27(4): p. 1053-1073.
Hindy, et al., “A taxonomy and survey of intrusion detection system design techniques”, network threats and datasets. 2018.
Yahalom, et al., “Improving the effectiveness of intrusion detection systems for hierarchical data”. Knowledge-Based Systems, 2019. 168: p. 59-69.
Bedi, N. Gupta, and V. Jindal, “Siam-IDS: Handling class imbalance problem in intrusion detection systems using siamese neural network”. Procedia Computer Science, 2020. 171: p. 780-789.
Dhanabal, and S. Shantharajah, “A study on NSL-KDD dataset for intrusion detection system based on classification algorithms”. International journal of advanced research in computer and communication engineering, 2015. 4(6): p. 446-452.
A. Tait, , et al., “Intrusion Detection using Machine Learning Techniques: An Experimental Comparison”. arXiv preprint arXiv:2105.13435, 2021.
Vinayakumar, et al., “Deep learning approach for intelligent intrusion detection system”. IEEE Access, 2019. 7: p. 41525-41550.
L.G. Rios, et al. “Detection of denial of service attacks in communication networks”. in 2020 IEEE International Symposium on Circuits and Systems (ISCAS). 2020. IEEE.
Ahmim, et al. “A novel hierarchical intrusion detection system based on decision tree and rules-based models”. in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). 2019. IEEE.
A.H. Ghanem, et al., “An efficient intrusion detection model based on hybridization of artificial bee colony and dragonfly algorithms for training multilayer perceptrons”. IEEE Access, 2020. 8: p. 130452-130475.
Toupas, et al. “An intrusion detection system for multi-class classification based on deep neural networks”. in 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA). 2019. IEEE.
Boukhamla ,and J.C. Gaviro, “CICIDS2017 dataset: performance improvements and validation as a robust intrusion detection system testbed”. International Journal of Information and Computer Security, 2021. 16(1-2): p. 20-32.
Panigrahi, and S. Borah, “A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems”. International Journal of Engineering & Technology, 2018. 7(3.24): p. 479-482.
Panwar, Y. Raiwani, and L.S. Panwar. “Evaluation of network intrusion detection with features selection and machine learning algorithms on CICIDS-2017 dataset”. in International Conference on Advances in Engineering Science Management & Technology (ICAESMT)-2019, Uttaranchal University, Dehradun, India. 2019.
M. Mafarja, et al. “Binary dragonfly algorithm for feature selection”. in 2017 International conference on new trends in computing sciences (ICTCS). 2017. IEEE.
Bhavani, M.K. Rao, and A.M. Reddy. “Network intrusion detection system using random forest and decision tree machine learning techniques”. in First international conference on sustainable technologies for computational intelligence. 2020. Springer.
Pal, “Random forest classifier for remote sensing classification”. International journal of remote sensing, 2005. 26(1): p. 217-222.
Nkenyereye, B.A. Tama, and S. Lim, “A stacking-based deep neural network approach for effective network anomaly detection”. CMC-Computers Materials & Continua, 2021. 66(2): p. 2217-2227.
Kurochkin, and S. Volkov. “Using GRU based deep neural network for intrusion detection in software-defined networks”. in IOP Conference Series: Materials Science and Engineering. 2020. IOP Publishing.
Marir, et al., “Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark”. IEEE Access, 2018. 6: p. 59657-59671.