Toward an online network intrusion detection system based on ensemble learning

Ying Feng Hsu, Zhen Yu He, Yuya Tarutani, Morito Matsuoka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With information technology growing and rapidly increasing, ubiquitous networking technology generates a massive amount of data and is integrated into our daily life. Network intrusion detection systems (NIDS) are essential for organizations to ensure the safety and security of their communication and information. In general, there are two types of NIDS: signature-based (SNIDS) and anomaly-based (ANDIS). Most modern NIDS solutions are signature-based techniques, which require a routine signature update and cannot detect unknown types of attacks. However, ANDIS has been extensively studied and is considered a better alternative to NIDS. In this paper, we present a stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models. To show the overall applicability of our approach, we demonstrate our work through two well-known NIDS benchmark datasets: NSL-KDD and UNSW-NB15 and a real campus network log, which includes about 300 million daily records. We compare our method to three different machine learning classical models and two other reported study results. Our test result implies that our proposed method can also limit both false positive and false negative predictions.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services
EditorsElisa Bertino, Carl K. Chang, Peter Chen, Ernesto Damiani, Michael Goul, Katsunori Oyama
PublisherIEEE Computer Society
Pages174-178
Number of pages5
ISBN (Electronic)9781728127057
DOIs
Publication statusPublished - Jul 2019
Event12th IEEE International Conference on Cloud Computing, CLOUD 2019 - Milan, Italy
Duration: Jul 8 2019Jul 13 2019

Publication series

NameIEEE International Conference on Cloud Computing, CLOUD
Volume2019-July
ISSN (Print)2159-6182
ISSN (Electronic)2159-6190

Conference

Conference12th IEEE International Conference on Cloud Computing, CLOUD 2019
CountryItaly
CityMilan
Period7/8/197/13/19

Fingerprint

Intrusion detection
Information technology
Support vector machines
Learning systems
Communication

Keywords

  • Autoencoder
  • Deep learning
  • Ensemble learning
  • Network intrusion detection system
  • NIDS
  • Random forest
  • Support vector machine

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Cite this

Hsu, Y. F., He, Z. Y., Tarutani, Y., & Matsuoka, M. (2019). Toward an online network intrusion detection system based on ensemble learning. In E. Bertino, C. K. Chang, P. Chen, E. Damiani, M. Goul, & K. Oyama (Eds.), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services (pp. 174-178). [8814499] (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2019.00037

Toward an online network intrusion detection system based on ensemble learning. / Hsu, Ying Feng; He, Zhen Yu; Tarutani, Yuya; Matsuoka, Morito.

Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. ed. / Elisa Bertino; Carl K. Chang; Peter Chen; Ernesto Damiani; Michael Goul; Katsunori Oyama. IEEE Computer Society, 2019. p. 174-178 8814499 (IEEE International Conference on Cloud Computing, CLOUD; Vol. 2019-July).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hsu, YF, He, ZY, Tarutani, Y & Matsuoka, M 2019, Toward an online network intrusion detection system based on ensemble learning. in E Bertino, CK Chang, P Chen, E Damiani, M Goul & K Oyama (eds), Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services., 8814499, IEEE International Conference on Cloud Computing, CLOUD, vol. 2019-July, IEEE Computer Society, pp. 174-178, 12th IEEE International Conference on Cloud Computing, CLOUD 2019, Milan, Italy, 7/8/19. https://doi.org/10.1109/CLOUD.2019.00037
Hsu YF, He ZY, Tarutani Y, Matsuoka M. Toward an online network intrusion detection system based on ensemble learning. In Bertino E, Chang CK, Chen P, Damiani E, Goul M, Oyama K, editors, Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. IEEE Computer Society. 2019. p. 174-178. 8814499. (IEEE International Conference on Cloud Computing, CLOUD). https://doi.org/10.1109/CLOUD.2019.00037
Hsu, Ying Feng ; He, Zhen Yu ; Tarutani, Yuya ; Matsuoka, Morito. / Toward an online network intrusion detection system based on ensemble learning. Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services. editor / Elisa Bertino ; Carl K. Chang ; Peter Chen ; Ernesto Damiani ; Michael Goul ; Katsunori Oyama. IEEE Computer Society, 2019. pp. 174-178 (IEEE International Conference on Cloud Computing, CLOUD).
@inproceedings{c46f2c27e76c4b0ea5c3f610dc2c0fea,
title = "Toward an online network intrusion detection system based on ensemble learning",
abstract = "With information technology growing and rapidly increasing, ubiquitous networking technology generates a massive amount of data and is integrated into our daily life. Network intrusion detection systems (NIDS) are essential for organizations to ensure the safety and security of their communication and information. In general, there are two types of NIDS: signature-based (SNIDS) and anomaly-based (ANDIS). Most modern NIDS solutions are signature-based techniques, which require a routine signature update and cannot detect unknown types of attacks. However, ANDIS has been extensively studied and is considered a better alternative to NIDS. In this paper, we present a stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models. To show the overall applicability of our approach, we demonstrate our work through two well-known NIDS benchmark datasets: NSL-KDD and UNSW-NB15 and a real campus network log, which includes about 300 million daily records. We compare our method to three different machine learning classical models and two other reported study results. Our test result implies that our proposed method can also limit both false positive and false negative predictions.",
keywords = "Autoencoder, Deep learning, Ensemble learning, Network intrusion detection system, NIDS, Random forest, Support vector machine",
author = "Hsu, {Ying Feng} and He, {Zhen Yu} and Yuya Tarutani and Morito Matsuoka",
year = "2019",
month = "7",
doi = "10.1109/CLOUD.2019.00037",
language = "English",
series = "IEEE International Conference on Cloud Computing, CLOUD",
publisher = "IEEE Computer Society",
pages = "174--178",
editor = "Elisa Bertino and Chang, {Carl K.} and Peter Chen and Ernesto Damiani and Michael Goul and Katsunori Oyama",
booktitle = "Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services",
address = "United States",

}

TY - GEN

T1 - Toward an online network intrusion detection system based on ensemble learning

AU - Hsu, Ying Feng

AU - He, Zhen Yu

AU - Tarutani, Yuya

AU - Matsuoka, Morito

PY - 2019/7

Y1 - 2019/7

N2 - With information technology growing and rapidly increasing, ubiquitous networking technology generates a massive amount of data and is integrated into our daily life. Network intrusion detection systems (NIDS) are essential for organizations to ensure the safety and security of their communication and information. In general, there are two types of NIDS: signature-based (SNIDS) and anomaly-based (ANDIS). Most modern NIDS solutions are signature-based techniques, which require a routine signature update and cannot detect unknown types of attacks. However, ANDIS has been extensively studied and is considered a better alternative to NIDS. In this paper, we present a stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models. To show the overall applicability of our approach, we demonstrate our work through two well-known NIDS benchmark datasets: NSL-KDD and UNSW-NB15 and a real campus network log, which includes about 300 million daily records. We compare our method to three different machine learning classical models and two other reported study results. Our test result implies that our proposed method can also limit both false positive and false negative predictions.

AB - With information technology growing and rapidly increasing, ubiquitous networking technology generates a massive amount of data and is integrated into our daily life. Network intrusion detection systems (NIDS) are essential for organizations to ensure the safety and security of their communication and information. In general, there are two types of NIDS: signature-based (SNIDS) and anomaly-based (ANDIS). Most modern NIDS solutions are signature-based techniques, which require a routine signature update and cannot detect unknown types of attacks. However, ANDIS has been extensively studied and is considered a better alternative to NIDS. In this paper, we present a stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models. To show the overall applicability of our approach, we demonstrate our work through two well-known NIDS benchmark datasets: NSL-KDD and UNSW-NB15 and a real campus network log, which includes about 300 million daily records. We compare our method to three different machine learning classical models and two other reported study results. Our test result implies that our proposed method can also limit both false positive and false negative predictions.

KW - Autoencoder

KW - Deep learning

KW - Ensemble learning

KW - Network intrusion detection system

KW - NIDS

KW - Random forest

KW - Support vector machine

UR - http://www.scopus.com/inward/record.url?scp=85072348444&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072348444&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2019.00037

DO - 10.1109/CLOUD.2019.00037

M3 - Conference contribution

AN - SCOPUS:85072348444

T3 - IEEE International Conference on Cloud Computing, CLOUD

SP - 174

EP - 178

BT - Proceedings - 2019 IEEE International Conference on Cloud Computing, CLOUD 2019 - Part of the 2019 IEEE World Congress on Services

A2 - Bertino, Elisa

A2 - Chang, Carl K.

A2 - Chen, Peter

A2 - Damiani, Ernesto

A2 - Goul, Michael

A2 - Oyama, Katsunori

PB - IEEE Computer Society

ER -