Hierarchical Classification for Intrusion Detection System: Effective Design and Empirical Analysis (2403.13013v1)
Abstract: With the increased use of network technologies like Internet of Things (IoT) in many real-world applications, new types of cyberattacks have been emerging. To safeguard critical infrastructures from these emerging threats, it is crucial to deploy an Intrusion Detection System (IDS) that can detect different types of attacks accurately while minimizing false alarms. Machine learning approaches have been used extensively in IDS and they are mainly using flat multi-class classification to differentiate normal traffic and different types of attacks. Though cyberattack types exhibit a hierarchical structure where similar granular attack subtypes can be grouped into more high-level attack types, hierarchical classification approach has not been explored well. In this paper, we investigate the effectiveness of hierarchical classification approach in IDS. We use a three-level hierarchical classification model to classify various network attacks, where the first level classifies benign or attack, the second level classifies coarse high-level attack types, and the third level classifies a granular level attack types. Our empirical results of using 10 different classification algorithms in 10 different datasets show that there is no significant difference in terms of overall classification performance (i.e., detecting normal and different types of attack correctly) of hierarchical and flat classification approaches. However, flat classification approach misclassify attacks as normal whereas hierarchical approach misclassify one type of attack as another attack type. In other words, the hierarchical classification approach significantly minimises attacks from misclassified as normal traffic, which is more important in critical systems.
- A novel hierarchical intrusion detection system based on decision tree and rules-based models. In 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pages 228–233. IEEE.
- X-iiotid: A connectivity-agnostic and device-agnostic intrusion data set for industrial internet of things. IEEE Internet of Things Journal, 9(5):3962–3977.
- Towards a hierarchical deep learning approach for intrusion detection. In Machine Learning for Networking: Second IFIP TC 6 International Conference, MLN 2019, Paris, France, December 3–5, 2019, Revised Selected Papers 2, pages 15–27. Springer.
- Ton_iot telemetry dataset: A new generation dataset of iot and iiot for data-driven intrusion detection systems. Ieee Access, 8:165130–165150.
- A hierarchical intrusion detection system based on extreme learning machine and nature-inspired optimization. Computers & Security, 124:102957.
- An ensemble multi-view federated learning intrusion detection for iot. IEEE Access, 9:117734–117745.
- A machine learning approach for hierarchical classification of software requirements. Machine Learning with Applications, 12:100457.
- Ton_iot: The role of heterogeneity and the need for standardization of features and attack types in iot network intrusion data sets. IEEE Internet of Things Journal, 9(1):485–496.
- A mask-based output layer for multi-level hierarchical classification. In Proceedings of the 31st ACM International Conference on Information & Knowledge Management, pages 3833–3837.
- Detecting obfuscated malware using memory feature engineering. In ICISSP, pages 177–188.
- Meta-heuristic optimization algorithm-based hierarchical intrusion detection system. Computers, 11(12):170.
- An effective intrusion detection approach using svm with naïve bayes feature embedding. Computers & Security, 103:102158.
- Cse-ids: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems. Computers & Security, 112:102499.
- Encrypted traffic classification using extreme gradient boosting algorithm. In International Conference on Innovative Computing and Communications: Proceedings of ICICC 2021, Volume 3, pages 225–232. Springer.
- A bidirectional lstm deep learning approach for intrusion detection. Expert Systems with Applications, 185:115524.
- Multi-stage optimized machine learning framework for network intrusion detection. IEEE Transactions on Network and Service Management, 18(2):1803–1816.
- Ggnb: Graph-based gaussian naive bayes intrusion detection system for can bus. Vehicular Communications, 33:100442.
- Detecting http-based application layer dos attacks on web servers in the presence of sampling. Computer Networks, 121:25–36.
- Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE access, 8:32464–32476.
- Kasongo, S. M. (2021). An advanced intrusion detection system for iiot based on ga and tree based algorithms. IEEE Access, 9:113199–113212.
- Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks, 188:107840.
- A comprehensive intrusion detection framework using boosting algorithms. Computers and Electrical Engineering, 100:107869.
- Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
- Dual-ids: A bagging-based gradient boosting decision tree model for network anomaly intrusion detection system. Expert Systems with Applications, 213:119030.
- Hybrid intrusion detection system using artificial bee colony algorithm and multi-layer perceptron. International Journal of Computer Science and Information Security, 13(2):1.
- Detecting malicious urls using lexical analysis. In Network and System Security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, Proceedings 10, pages 467–482. Springer.
- Cyber kill chain analysis. Int’l J. Info. Sec. & Cybercrime, 3:37.
- Intrusion detection system based on hybrid hierarchical classifiers. Wireless Personal Communications, 121(1):659–686.
- A feature selection based on the farmland fertility algorithm for improved intrusion detection systems. Journal of Network and Systems Management, 30(3):40.
- Intrusion detection system using random forest on the nsl-kdd dataset. In Emerging Research in Computing, Information, Communication and Applications: ERCICA 2018, Volume 2, pages 519–531. Springer.
- Scikit-learn: Machine learning in python. the Journal of machine Learning research, 12:2825–2830.
- Intrusion detection system based on ga-fuzzy classifier for detecting malicious attacks. Concurrency and Computation: Practice and Experience, 33(3):e5242.
- A lightweight supervised intrusion detection mechanism for iot networks. Future Generation Computer Systems, 127:276–285.
- Anomaly-based intrusion detection system for iot networks through deep learning model. Computers and Electrical Engineering, 99:107810.
- A hybrid intrusion detection system (hids) based on prioritized k-nearest neighbors and optimized svm classifiers. Artificial Intelligence Review, 51:403–443.
- A class-specific intrusion detection model: Hierarchical multi-class ids model. SN Computer Science, 1:1–11.
- Hierarchical intrusion detection using machine learning and knowledge model. Symmetry, 12(2):203.
- Genetic algorithm based hyper-parameter tuning to improve the performance of machine learning models. SN Computer Science, 4(2):119.
- A survey of hierarchical classification across different application domains. Data Mining and Knowledge Discovery, 22:31–72.
- Bat: Deep learning methods on network intrusion detection using nsl-kdd dataset. IEEE Access, 8:29575–29585.
- A dependable hybrid machine learning model for network intrusion detection. Journal of Information Security and Applications, 72:103405.
- Machine learning-based lung and colon cancer detection using deep feature extraction and ensemble learning. Expert Systems with Applications, 205:117695.
- An efficient deep learning model to categorize brain tumor using reconstruction and fine-tuning. Expert Systems with Applications, page 120534.
- Hierarchical classification of data streams: a systematic literature review. Artificial Intelligence Review, pages 1–40.
- Hast-ids: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE access, 6:1792–1806.
- Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer networks, 174:107247.