Due to our increased dependence on Internet and growing number of intrusion incidents, building effective intrusion detection systems are essential for protecting Internet resources and yet it is a great challenge. In literature, many researchers utilized Artificial Neural Networks (ANN) in supervised learning based intrusion detection successfully. Here, ANN maps the network traffic into predefined classes i.e. normal or specific attack type based upon training from label dataset. However, for ANN-based IDS, detection rate (DR) and false positive rate (FPR) are still needed to be improved. In this study, we propose an ensemble approach, called MANNE, for ANN-based IDS that evolves ANNs by Multi Objective Genetic algorithm to solve the problem. It helps IDS to achieve high DR, less FPR and in turn high intrusion detection capability. The procedure of MANNE is as follows: firstly, a Pareto front consisting of a set of non-dominated ANN solutions is created using MOGA, which formulates the base classifiers. Subsequently, based upon this pool of non-dominated ANN solutions as base classifiers, another Pareto front consisting of a set of non-dominated ensembles is created which exhibits classification tradeoffs. Finally, prediction aggregation is done to get final ensemble prediction from predictions of base classifiers. Experimental results on the KDD CUP 1999 dataset show that our proposed ensemble approach, MANNE, outperforms ANN trained by Back Propagation and its ensembles using bagging & boosting methods in terms of defined performance metrics. We also compared our approach with other well-known methods such as decision tree and its ensembles using bagging & boosting methods.
G. Kumar, K. Kumar and M. Sachdeva, “The Use of Artificial Intelligence based Techniques For Intrusion Detection—A Review,” Artificial Intelligence Review, Vol. 34, No. 4, 2010, pp. 369-387.
A. Patcha and J. M. Park, “An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends,” Computer Networks, Vol. 51, No. 12, 2007, pp. 3448-3470.
G. Wang, J. Hao, J. Ma and L. Huang, “A New Approach to Intrusion Detection Using Arti?cial Neural Networks and Fuzzy Clustering,” Expert Systems with Applications, Vol. 37, No. 9, 2010, pp. 6225-6232.
M. Govindarajan and R. M. Chandrasekaran, “Intrusion Detection Using Neural Based Hybrid Classi?cation Methods,” Computer Networks, Vol. 55, No. 8, 2011, pp. 1662-1671. doi:10.1016/j.comnet.2010.12.008
V. Engen, J. Vincent, A. C. Schierz and K. Phalp, “Multi-Objective Evolution of the Pareto Optimal Set of Neural Network Classi?er Ensembles,” Proceedings of the International Conference on Machine Learning and Cybernetics (ICMLC), Baoding, 2009, pp. 74-79.
D. Joo, T. Hong and I. Han, “The Neural Network Models for IDS Based on The Asymmetric Costs of False Negative Errors and False Positive Errors,” Expert Systems with Applications, Vol. 25, No. 1, 2003, pp. 69-75. doi:10.1016/S0957-4174(03)00007-1
V. Engen, “Machine Learning for Network Based Intrusion Detection: An Investigation into Discrepancies in Findings with the KDD Cup ‘99 Data Set and Multi-Objective Evolution of Neural Network Classifier Ensembles for Imbalanced Data,” Ph.D. Thesis, School of Design, Engineering and Computing, Bournemouth University, Bournemouth, 2010.
K. Deb, A. Pratap, S. Agarwal and T. Meyarivan, “A Fast and Elitist Multiobjective Genetic Algorithm: NSGA-II,” IEEE Transactions on Evolutionary Computation, Vol. 6, No. 2, 2002, pp. 182-197. doi:10.1109/4235.996017
Y. Freund and R. E. Shapire, “A Decision-Theoretic Generalization of on Line Learning and an Application to Boosting,” Journal of Computer and System Sciences, Vol. 55, No. 1, 1997, pp. 119-139.
O. Depren, M. Topallar, E. Anarim and M. K. Ciliz, “An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks,” Expert Systems with Applications, Vol. 29, No. 4, 2005, pp. 713-722. doi:10.1016/j.eswa.2005.05.002
P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez and E. Vazquez, “Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges,” Computers & Security, Vol. 28, No. 1, 2009, pp. 18-28.
S. Mukkamala, G. Janoski and A. Sung, “Intrusion Detection Using Neural Networks and Support Vector Machines,” Proceedings of the IEEE International Joint Conference on Neural Networks, 2002, pp. 1702-1707.
R. Cunningham and R. Lippmann, “Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks,” Computer Networks, Vol. 34, No. 4, 2000, pp. 597-603. doi:10.1016/S1389-1286(00)00140-7
S. J. Han and S. B. Cho, “Evolutionary Neural Networks for Anomaly Detection Based on the Behavior of a Program,” IEEE Transactions on Systems, Man and Cybernetics (Part B), Vol. 36, No. 3, 2005, pp. 559-570.
Y. H. Chen, A. Abraham and B. Yang, “Hybrid Flexible Neural-Tree-Based Intrusion Detection Systems,” International Journal of Intelligent Systems, Vol. 22, No. 4, 2007, pp. 337-352. doi:10.1002/int.20203
S. Sahin, M. R. Tolun and R. Hassanpour, “Hybrid expert Systems: A Survey of Current Approaches and Applications,” Expert Systems with Applications, Vol. 39, No. 4, 2012, pp. 4609-4617.
J. Francois Connolly, E. Granger and R. Sabourin, “Evolution of Heterogeneous Ensembles through Dynamic Particle Swarm Optimization for Video-Based Face Recognition,” Pattern Recognition, Vol. 45, 2012, pp. 2460-2477. doi:10.1016/j.patcog.2011.12.016
G. Giacinto and F. Roli, “Design of Effective Neural Network Ensembles for Image Classification Purposes”, Image and Vision Computing, 2001, Vol. 19, No 9-10, pp. 699-707. doi:10.1016/S0262-8856(01)00045-2
C. Brown, A. Cowperthwaite, A. Hijazi and A. Somayaji, “Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with Netadhict,” Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, Piscataway, 2009, pp. 1-7.
E. Zitzler and L. Thiele, “Multiobjective Evolutionary Algorithms: A Comparative Case Study and the Strength Pareto Approach,” IEEE Transactions on Evolutionary Computation, Vol. 3, No. 4, 1999, pp. 257-271.
H. Ishibuchi and Y. Nojima, “Evolutionary Multiobjective Optimization for the Design of Fuzzy Rulebased Ensemble Classi?ers,” International Journal of Hybrid Intelligent Systems, Vol. 3, No. 3, 2006, pp. 129-145.
A. Y. Shamseldin, K. M. O. Connor and A. E. Nasr, “A Comparative Study of Three Neural Network Forecast Combination Methods for Simulated River Flows of Different Rainfall—Runoff Models,” Hydrological Sciences Journal, Vol. 52, No. 5, 2007, pp. 896-916.
A. Konak, D. W. Coit and A. E. Smith, “Multi-Objective Optimization Using Genetic Algorithms: A tutorial,” Reliability Engineering and System Safety, Vol. 91, No. 9, 2006, pp. 992-1007. doi:10.1016/j.ress.2005.11.018
A. Zhou, B. Y. Qu, H. Li, S. Z. Zhao, P. N. Suganthan and Q. Zhang, “Multiobjective Evolutionary Algorithms: A Survey of the State of the Art,” Swarm and Evolutionary Computation, Vol. 1, No. 1, 2011, pp. 32-49.
M. Tavallaee, E. Bagheri, W. Lu and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” Proceedings of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA), 2009. doi:10.1109/CISDA.2009.5356528
J. McHugh, “Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory,” ACM Transactions on Information and System Security, Vol. 3, No. 4, 2000, pp. 262-294.
C. F. Tsai, Y. F. Hsu, C. Y. Lin and W. Y. Lin, “Intrusion Detection by Machine Learning: A Review,” Expert Systems with Applications, Vol. 36, No. 10, 2009, pp. 11994-12000. doi:10.1016/j.eswa.2009.05.029
G. Kumar, K. Kumar and M. Sachdeva, “An Empirical Comparative Analysis of Feature Reduction Methods for Intrusion Detection,” International Journal of Information and Telecommunication, Vol. 1, No. 1, 2010, pp. 44-51.
G. Gu, P. Fogla, D. Dagon, W. Lee and B. Skoric, “Measuring Intrusion Detection Capability: An Infor- mation-Theoretic Approach,” Proceedings of ACM Symposium on InformAction, Computer and Communi- cations Security (ASIACCS’06), March 2006, pp. 90-101.
M. Skurichina and R. P. W. Duin, “Bagging, Boosting and the Random Subspace Method for Linear Classifiers,” Pattern Analysis and Applications, Vol. 5, No. 2, 2002, pp. 121-135. doi:10.1007/s100440200011