A Hybrid approach for Intrusion Detection using K-Nearest Neighbor and Artificial Neural Network

Article Sidebar

PDF
Published: Dec 20, 2020
DOI: https://doi.org/10.26483/ijarcs.v11i6.6678
Keywords:
hybrid, k-nearest neighbor, artificial neural network, min-max normalization, one hot encoding, principal component analysis

Main Article Content

Charith Dissanayake
Anuradha Athukorala

Abstract

Network intrusion detection is an important process in this era due to the increase of cyber violations. In this article, a hybrid approach which utilizes K-Nearest Neighbor algorithm and Artificial Neural Network to detect intrusions, is proposed.  NSL-KDD dataset was used for the study. Initially, data preprocessing was carried out. Encoding was done as the first step of the pre-process which was accomplished using one hot encoding. Then, features were inserted into feature scaling which was done using Min-max normalization. Feature reduction is the final step of the pre-process which was achieved using Principal Component Analysis. Subsequently, K-Nearest Neighbor algorithm was used as binary classifier that classify data into normal and abnormal classes. Then, the abnormal class was further classified into four major attack types using Artificial Neural Network. Finally, the model was evaluated and results show that the model has high accuracy and very low overfitting and underfitting.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 11 No. 6 (2020): November - December 2020
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.

References

J. K. Chahal and A. Kaur, “A hybrid approach based on classification and clustering for intrusion detection system,†Int. J. Math. Sci. Comput., vol. 4, no. November 2016, pp. 34–40, 2016.

J. J. Davis and A. J. Clark, “Data preprocessing for anomaly based network intrusion detection: A review,†Comput. Secur., vol. 30, no. 6–7, pp. 353–375, 2011.

S. Choudhury and A. Bhowal, “Comparative analysis of machine learning algorithms along with classifiers for network intrusion detection,†in 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials, ICSTM 2015 - Proceedings, 2015, no. May, pp. 89–95.

W. Wang, X. Guan, and X. Zhang, “Processing of massive audit data streams for real-time anomaly intrusion detection,†Comput. Commun., vol. 31, no. 1, pp. 58–72, 2008.

A. Özgür and H. Erdem, “The impact of using large training data set KDD99 on classification accuracy,†PeerJ, vol. 5, no. March, 2017.

T. Mehmood and H. B. Rais, “Machine learning algorithms in context of intrusion detection,†in 3rd International Conference on Computer and Information Sciences (ICCOINS), 2016, pp. 369–373.

V. Kshirsagar and M. S. Joshi, “Rule based classifier models for intrusion detection system,†Int. J. Comput. Sci. Inf. Technol., vol. 7, no. 1, pp. 367–370, 2016.

T. R. Devi and S. Badugu, “A Review on Network intrusion detection systems using machine learning,†in International Conference on Emerging Trends in Engineering, 2020, pp. 598–607.

R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,†in Proceedings - IEEE Symposium on Security and Privacy, 2010, pp. 305–316.

G. M. Gandhi, K. Appavoo, and S. K. Srivatsa, “Effective network intrusion detection using classifiers decision trees and decision rules,†Int. J. Adv. Netw. Appl., vol. 2, no. 3, pp. 686–692, 2010.

P. Ghosh, C. Debnath, D. Metia, and D. R. Dutta, “An efficient hybrid multilevel intrusion detection system in cloud environment,†IOSR J. Comput. Eng., vol. 16, no. 4, pp. 16–26, 2014.

S. Lakhina, S. Joseph, and B. Verma, “Feature reduction using principal component analysis for effective anomaly–based intrusion detection on NSL-KDD,†Int. J. Eng. Sci. Technol., vol. 2, no. 6, pp. 1790–1799, 2010.

G. Kim, S. Lee, and S. Kim, “A novel hybrid intrusion detection method integrating anomaly detection with misuse detection,†Expert Syst. Appl., vol. 41, no. 4 PART 2, pp. 1690–1700, 2014.

B. M. Aslahi-Shahri et al., “A hybrid method consisting of GA and SVM for intrusion detection system,†Neural Comput. Appl., vol. 27, no. 6, pp. 1669–1676, 2016.

R. M. Elbasiony, E. A. Sallam, T. E. Eltobely, and M. M. Fahmy, “A hybrid network intrusion detection framework based on random forests and weighted k-means,†Ain Shams Eng. J., vol. 4, no. 4, pp. 753–762, 2013.

K. Potdar, T. S., and C. D., “A comparative study of categorical variable encoding techniques for neural network classifiers,†Int. J. Comput. Appl., vol. 175, no. 4, pp. 7–9, 2017.

O. I. Aladesote, A. Olutola, and O. Olayemi, “Feature or attribute extraction for intrusion detection system using gain ratio and Principal Component Analysis (PCA),†Commun. Appl. Electron., vol. 4, no. 3, pp. 1–4, 2016.

K. K. Vasan and B. Surendiran, “Dimensionality reduction using Principal Component Analysis for network intrusion detection,†Perspect. Sci., vol. 8, no. September, pp. 510–512, 2016.

I. S. Atawodi, “A machine learning approach to network intrusion detection system using K Nearest Neighbor and Random Forest,†Masters Thesis, 2019.

K. Chumachenko, “machine learning methods for malware detection and classification,†Proc. 21st Pan-Hellenic Conf. Informatics - PCI 2017, p. 93, 2017.

F. Haddadi, S. Khanchi, M. Shetabi, and V. Derhami, “Intrusion detection and attack classification using feed-forward neural network,†in 2nd International Conference on Computer and Network Technology, ICCNT 2010, 2010, pp. 262–266. doi: 10.1109/ICCNT.2010.28

P. Sibi, S. Allwyn Jones, and P. Siddarth, “Analysis of different activation functions using back propagation neural networks,†J. Theor. Appl. Inf. Technol., vol. 47, no. 3, pp. 1344–1348, 2013.