Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System (2211.03933v3)

Published 8 Nov 2022 in cs.CR, cs.AI, cs.SY, eess.SY, stat.ME, and stat.ML

Abstract: Network intrusion detection systems (NIDS) to detect malicious attacks continue to meet challenges. NIDS are often developed offline while they face auto-generated port scan infiltration attempts, resulting in a significant time lag from adversarial adaption to NIDS response. To address these challenges, we use hypergraphs focused on internet protocol addresses and destination ports to capture evolving patterns of port scan attacks. The derived set of hypergraph-based metrics are then used to train an ensemble ML based NIDS that allows for real-time adaption in monitoring and detecting port scanning activities, other types of attacks, and adversarial intrusions at high accuracy, precision and recall performances. This ML adapting NIDS was developed through the combination of (1) intrusion examples, (2) NIDS update rules, (3) attack threshold choices to trigger NIDS retraining requests, and (4) a production environment with no prior knowledge of the nature of network traffic. 40 scenarios were auto-generated to evaluate the ML ensemble NIDS comprising three tree-based models. The resulting ML Ensemble NIDS was extended and evaluated with the CIC-IDS2017 dataset. Results show that under the model settings of an Update-ALL-NIDS rule (specifically retrain and update all the three models upon the same NIDS retraining request) the proposed ML ensemble NIDS evolved intelligently and produced the best results with nearly 100% detection performance throughout the simulation.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. M. J. D. Lucia, P. Maxwell, N. D. Bastian, A. Swami, B. Jalaian, and N. Leslie, “Machine learning for raw network traffic detection,” SPIE, vol. 11746, 2021. [Online]. Available: https://arxiv.org/abs/2009.13250
  2. R. R. Devi and M. Abualkibash, “Intrusion detection system classification using different machine learning algorithms on kdd-99 and nsl-kdd datasets - a review paper,” International Journal of Computer Science and Information Technology, vol. 11, no. 3, 2019.
  3. P. Maxwell, E. Alhajjar, and N. D. Bastian, “Intelligent feature engineering for cybersecurity,” 2019 IEEE International Conference on Big Data, 2019.
  4. M. Chale and N. D. Bastian, “Challenges and opportunities for generative methods in the cyber domain,” Proceedings of the 2021 Winter Simulation Conference, 2021.
  5. D. A. Bierbrauer, M. J. DeLucia, K. Reddy, P. Maxwell, and N. D. Bastian, “Transfer learning for raw network traffic detection,” Preprint submitted to Expert Systems with Applications, pp. 1–11, 2022.
  6. D. A. Bierbrauer, W. Kritzer, A. Chang, and N. D. Bastian, “Cybersecurity anomaly detection in adversarial environments,” AAAI FSS-21: Artificial Intelligence in Government and Public Sector, 2021.
  7. S. M. Devine and N. D. Bastian, “An adversarial training based machine learning approach to malware classification under adversarial conditions,” Proceedings of the 54th Hawaii International Conference on System Sciences, pp. 827–836, 2021.
  8. E. Alhajjar, P. Maxwell, and N. Bastian, “Adversarial machine learning in network intrusion detection systems,” Expert Systems with Applications, vol. 186, pp. 1–13, 2021.
  9. M. Schneider, D. Aspinall, and N. D. Bastian, “Evaluating model robustness to adversarial samples in network intrusion detection,” in Proceedings of the 2021 IEEE International Conference on Big Data.   IEEE, 2021, pp. 3343–3352.
  10. R. Bielawski, R. Gaynier, D. Ma, S. Lauzon, and A. Weimerskirch, “Cybersecurity of firmware updates,” 2020. [Online]. Available: https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/cybersecurity_of_firmware_updates_oct2020.pdf
  11. M. Aljanabi, M. A. Ismail, and A. H. Ali, “Intrusion detection systems, issues, challenges, and needs,” International Journal of Computational Intelligence Systems, vol. 14, no. 1, 2021.
  12. Q. Xiao, J. Liu, Q. Wang, Z. Jiang, X. Wang, and Y. Yao, “Towards network anomaly detection using graph embedding,” in Computational Science – International Conference on Computational Science 2020. Lecture Notes in Computer Science, V. V. Krzhizhanovskaya and et al, Eds.   Springer, 2020, vol. 12140, pp. 156––169.
  13. A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” 2019. [Online]. Available: https://doi.org/10.1186/s42400-019-0038-7
  14. L. Wang, A. Liu, and S. Jajodia, “Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts,” 2006.
  15. A. Guzzo, A. Pugliese, A. Rullo, and D. Saccà, “Intrusion detection with hypergraph-based attack models,” in Graph Structures for Knowledge Representation and Reasoning, M. Croitoru, S. Rudolph, S. Woltran, and C. Gonzales, Eds., vol. 8323.   Cham: Springer International Publishing, 2014, pp. 58–73.
  16. M. R. G. Raman, K. Kannan, S. Pal, , and V. S. S. Sriram, “Rough set-hypergraph-based feature selection approach for intrusion detection systems,” Defence Science Journal, vol. 66, no. 6, pp. 612–617, 2016.
  17. M. R. G. Raman, N. Somu, K. Kannan, R. Liscano, and V. S. Sriram, “An efficient intrusion detection system based on hypergraph - genetic algorithm for parameter optimization and feature selection in support vector machine,” Knowl. Based Sys., vol. 134, pp. 1–12, 2017.
  18. X. An, J. Su, X. Lü, and F. Lin, “Hypergraph clustering model-based association analysis of ddos attacks in fog computing intrusion detection system,” 2018. [Online]. Available: https://doi.org/10.1186/s13638-018-1267-2
  19. C. Joslyn, S. G. Aksoy, D. Arendt, J. Firoz, L. Jenkins, B. Praggastis, E. Purvine, and M. Zalewski, “Hypergraph analytics of domain name system relationships,” International Workshop on Algorithms and Models for the Web-Graph WAW 2020: Algorithms and Models for the Web Graph, vol. 12091, pp. 1 – 15, 2020.
  20. A. Kalekar, N. Kshatriya, S. Chakranarayan, and S. Wadekar, “Real time intrusion detection system using machine learning,” INTERNATIONAL JOURNAL OF ENGINEERING RESEARCH and TECHNOLOGY (IJERT), vol. 3, no. 2, 2014.
  21. P. Sangkatsanee, N. Wattanapongsakorn, and C. Charnsripinyo, “Practical real-time intrusion detection using machine learning approaches,” Computer Communications, vol. 34, pp. 2227–2235, 12 2011.
  22. S. Thirimanne, L. Jayawardana, L. Yasakethu, P. Liyanaarachchi, and C. Hewage, “Deep neural network based real-time intrusion detection system,” SN Computer Science, vol. 3, 03 2022.
  23. T. J. Shipp, D. J. Clouse, M. J. D. Lucia, M. B. Ahiskali, K. Steverson, J. M. Mullin, and N. D. Bastian, “Advancing the research and development of assured artificial intelligence and machine learning capabilities,” CoRR, vol. abs/2009.13250, 2020. [Online]. Available: https://arxiv.org/abs/2009.13250
  24. D. A. Bierbrauer, A. Chang, W. Kritzer, and N. D. Bastian, “Anomaly detection in cybersecurity: Unsupervised, graph-based and supervised learning methods in adversarial environments,” CoRR, vol. abs/2105.06742, 2021. [Online]. Available: https://arxiv.org/abs/2105.06742
  25. Z. Kolter and A. Madry, “Adversarial robustness – theory and practice,” 2019. [Online]. Available: https://adversarial-ml-tutorial.org/
  26. F. Stonedahl and U. Wilensky, “Netlogo virus on a network,” Evanston, IL, 2008. [Online]. Available: http://ccl.northwestern.edu/netlogo/models/VirusonaNetwork
  27. CIC, “Canadian institute for cybersecurity (cic) - intrusion detection evaluation dataset (cic-ids2017),” 2017. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html
  28. I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” Portugal, 2018. [Online]. Available: https://paperswithcode.com/dataset/cicids2017
  29. K. E. Monson, D. L. Arendt, S. G. Aksoy, B. L. Praggastis, E. Purvine, and C. A. Joslyn, “Hypernetx,” 2019. [Online]. Available: https://www.pnnl.gov/copyright/hypernetx
  30. B. Praggastis, D. Arendt, J. Y. Yun, T. Liu, A. Lumsdaine, C. Joslyn, M. Raugas, B. Kritzstein, S. Aksoy, D. Arendt, C. Joslyn, N. Landry, A. Lumsdaine, T. Liu, B. Praggastis, E. Purvine, M. Shi, and F. Theberge, “Hypernetx,” 2022. [Online]. Available: https://github.com/pnnl/HyperNetX
  31. S. G. Aksoy, C. Joslyn, C. O. Marrero, B. Praggastis, and E. Purvine, “Hypernetwork science via high-order hypergraph walks,” EPJ Data Science, vol. 9, p. 16, 2020. [Online]. Available: https://doi.org/10.1140/epjds/s13688-020-00231-0
  32. M. Ali, “Pycaret - classification,” 2020. [Online]. Available: https://pycaret.readthedocs.io/en/latest/api/classification.html
  33. M.-I. Nicolae, M. Sinn, M. N. Tran, B. Buesser, A. Rawat, M. Wistuba1, V. Zantedeschi, N. Baracaldo, B. Chen, H. Ludwig, I. M. Molloy, and B. Edwards, “Adversarial robustness toolbox v1.0.0,” 2019. [Online]. Available: https://arxiv.org/pdf/1807.01069
  34. S. Baluja and I. Fischer, “Adversarial transformation networks: Learning to generate adversarial examples,” 2017. [Online]. Available: https://arxiv.org/abs/1703.09387
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now