https://doi.org/10.2298/FUEE2202269P

269

282

Anomaly-based intrusion detection systems identify abnormal computer network traffic based on deviations from the derived statistical model that describes the normal network behavior. The basic problem with anomaly detection is deciding what is considered normal. Supervised machine learning can be viewed as binary classification, since models are trained and tested on a data set containing a binary label to detect anomalies. Weighted k-Nearest Neighbor and Feedforward Neural Network are high-precision classifiers for decision-making. However, their decisions sometimes differ. In this paper, we present a WK-FNN hybrid model for the detection of the opposite decisions. It is shown that results can be improved with the xor bitwise operation. The sum of the binary “ones” is used to decide whether additional alerts are activated or not.

WK-FNN, anomaly detection, weighted k-nearest neighbor, feedforward neural network

D. Protic, "Neural cryptography," Military Technical Courier, vol. 64, no. 2, pp. 483–492, 2016.

J. Sen and S. Methab "Machine Learning Applications in Misuse and Anomaly Detection," 2009. Available https://arxiv.org/ftp/arxiv/papers/2009/2009.06709.pdf.

D. Dasgupta and H. Brian, "Mobile security agents for the network traffic analysis," In Proceedings of the DARPA Information Survivability Conference and Exposition II DISCEX01, 2001, vol. 2, pp. 332–340.

A. Kind, M. P. Stoecklin and X. Dimitropoulos, "Histogram-based traffic anomaly detection," IEEE Transactions on Network and Service Management, vol. 6, no. 2, pp. 110–121, June 2009.

P. Čisar and S. Marvić Čisar, "EWMA statistics and fuzzy logic in function of network anomaly detection," Facta Universitatis, Series: Electronics and Energetics, vol. 32, no. 2, pp. 249–265, June 2019.

M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network Anomaly Detection: Methods Systems and Tools," IEEE Communication Surveys & Tutorials, vol. 16, no. 1, pp. 303–336, First quarter 2014.

V. Hodge and J. Austin, "A survey on outlier detection methodologies,” Artificial Intelligence Review, vol. 22, no. 2, pp. 85–126, 2004.

T. Nguyen and G. Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning," IEEE Commun. Surveys Tutorials, vol. 10, no. 4, pp. 56–76, 2008.

S. Omar, A. Ngadi and H. H. Jebur, "Machine Learning Techniques for Anomaly Detection: An Overview," International Journal of Computer Applications, vol. 79, no. 2, pp. 33–41, October 2013.

C. Jie, L. Jiawei, W. Shulin and Y. Sheng, "Feature selection in machine learning: A new perspective," Neurocomputing, vol. 300, pp. 70–79, 26 July 2018.

D. Protic, "Review of KDD CUP ’99, NSL-KDD and Kyoto 2006+ Datasets," Military Technical Courier, vol. 66, no. 3, pp. 580–595, 2018.

B. Bohara, J. Bhuyan, F. Wu and J. Ding, "A Survey on the Use of Data Clustering for Intrusion Detection System in Cybersecurity," Int. J. Netw. Secur. Appl., vol. 12, no. 1, pp. 1–18, Jan 2020.

A. Thakkar and R. Lohiya, "A Review of the Advancement int the Intrusion Detection Datasets," International Conference on Computational Intelligence and Data Science (ICCIDS 2019), Procedia Computer Science, vol. 167, pp. 636–645, 2020.

A. Khraisat, I. Gondal, P. Vamplew and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, pp. 2–20, 2019.

S. Khalid, T. Khalil and S. Nasreen, "A survey of feature selection and feature extraction techniques in machine learning," In Proceedings of the 2014 Science and Information Conference, 2014, pp. 372–378.

O. Osanaiye, O. Ogundile, F. Aina andA. Periola, "Feature selection for intrusion detection system in a cluster-based heterogeneous wireless sensor network," Facta Universitatis, Series: Electronics and Energetics, vol. 32, no. 2, pp. 315–330, June 2019.

M. Bahrololum, E. Salahi and M. Khaleghi, "Machine Learning Techniques for Feature Reduction in Intrusion Detection Systems: A Comparison," In Proceedings of the 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology, pp. 1091-1095, 2009.

Y. -G. Cheong, K. Park, H. Kim, J. Kim and S. Hyun, "Machine Learning Based Intrusion Detection Systems for Class Imbalanced Datasets," Journal of the Korea Institute of Information Security and Cryptology, vol. 27, no. 6, 2017, pp. 1385–1395.

D. Protic and M. Stankovic, "Detection of Anomalies in the Computer Network Behaviour," European Journal of Engineering and Formal Sciences, vol. 4, no. 1, pp. 7–13, 2020.

Ming-Yang Su, "Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest neighbor classifier," Expert Systems with Applications, vol. 38, no. 4, pp. 3492–3498, April 2011.

J. Dhar, A. Shukla, M. Kumar and P. Gupta, "A Weighted Mutual k-Nearest Neighbour for Classification Mining," arXiv.org. Submitted on 14 May 2020. https://arxiv.org/abs/2005.08640 [cs.LG].

C. Callegari, S. Giordano and M. Pagano, "Neural network based anomaly detection," In Proceedings of the 2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2014, pp. 310–314.

F. Haddadi, S. Khanchi, M. Shetabi and V. Derhami, "Intrusion Detection and Attack Classification Using Feed-Forward Neural Network," In Proceedings of the 2010 Second International Conference on Computer and Network Technology, 2010, pp. 262–266.

B. Subba, S. Biswas and S. Karmakar, "A Neural Network based system for Intrusion Detection and attack classification," In Proceedings of the 2016 Twenty Second National Conference on Communication (NCC), 2016, pp. 1–6.

D. Protic and M. Stankovic, "А Hybrid Model for Anomaly-Based Intrusion Detection in Complex Computer Networks," In Proceedings of the 21st International Arab Conference on Information Technology, 6th of October 2020, Giza, Egypt, pp. 1–8.

S. K. Gutam and H. Om, "Computational neural network regression model for host based intrusion detection system," Perspectives in Science, vol. 8, pp. 93–95, September 2016.

M. Odiathevar, W. K. G. Seah and M. Frean, "A Hybrid Online Offline System for Network Anomaly Detection," In Proceedings of the 2019 28th International Conference on Computer Communications and Networks (ICCCN), 2019, pp. 1–9.

L. Li, Y. Yu, S. Bai, Y. Hou and X. Chen, "An Effective Two-Step Intrusion Detection Approach Based on Binary Classification and $k$ -NN," IEEE Access, vol. 6, pp. 12060–12073, 2018.

J. Griffin, "All about network alerts + Best tools," by SolarWinds on October 29, 2020. Available https://logicalread.com/network-alerts/.

F. Ullah and M. Ali Babar, "Architectural Tactics for Big Data Cybersecurity Analytic Systems: A Review," The Journal of Systems and Software, vol. 151, pp. 81–118, 2019.

S. Allier et al., "A framework to compare alert ranking algorithms," In Proceedings of the Reverse Engineering (WCRE), 19th Working Conference on. IEEE, 2012.

N. Zhao, P. Jin, L. Wang, X. Yang, R. Liu, W. Zhang, K. Sui and D. Pei, "Automatically and Adaptively Identifying Severe Alerts for Online Service Systems," In Proceedings of the INFOCOM, 2020.

W. Alhakami, "Alerts Clustering for Intrusion Detection Systems: Overview and Machine Learning Perspectives," International Journal of Advanced Computer Science and Applications, vol. 10, no. 5, pp. 573–582, 2019.

J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue and K. Nakao, "Statistical Analysis of Honeypot Data and Building of Kyoto 2006+ Dataset for NIDS Evaluation," In Proceedings of the 1st Work-shop on Building Anal. Datasets and Gathering Experience Returns for Security, Salzburg, April 10-13, 2011, pp. 29–36.

K. Demertzis, "The Bro Intrusion Detection System", Project: Machine Learning to Cyber Security, 2018, DOI: 10.31140/RG.2.2.35333.40168.

R. McCarthy, "Network analysis with the Bro security monitor," 2014, retrieved from https://www.admin-magazine.com/Archive/2014/24/Network-analysis-with-the-Bro-Network-Security-Monitor, 7 November 2021.

KDD CUP ‘99 dataset. [Internet] http://kdd.ics.uci.edu/dataset/kddcup’99/kddcup’99.html, 2018.

M. Ring, S. Wunderlich, D. Scheuring, D. Landes and A. Hotho, "A Survey of Network-based Intrusion Detection Data Sets, " arXiv:1903.02460v2 [cs.CR] 6 Jul 2019, pp. 1–17.

Y.e Maleh, "Security and Privacy Management, Techniques, and Protocols," IGI Global, USA, 2018, pp. 266–267.

D. Protic and M. Stankovic, "Anomaly-Based Intrusion Detection: Feature Selection and Normalization Instance to the Machine Learning Model Accuracy," European Journal of Engineering and Formal Sciences, vol. 1, no. 3, pp. 43–48, 2018.

M. Zhao and J. Chen, "Improvement in comparission of weighted k nearest neighbor classifiers for model selection," Journal of Software Engineering, vol. 10, pp. 109–118, 2016.

M. Faryaneh, "Weighted k-nearest neighbors (WKNN)," MATLAB Central File Exchange, https://www.mathworks.com/matlabcentral/fileexchange/74111-weighted-k-nearest-neighbors-wknn.

W. F. Schmidt, M. A. Kraaijveld and R. P. W. Duin, "Feed forward neural networks with random weights," The Netherlands, Delft University of Technology, Faculty of Applied Phisics,1992, 0-8186-2915-0/92, IEEE, pp. 1–4.

D. Protic, "Feedforward neural networks: The Levenberg-Marquardt optimization and the optimal brain surgeon pruning," Military Technical Courier, vol. 63, no. 3, pp. 11–28, 2015.

K. Levenberg, "A method for the solution of certain problems in least squares," Quarterly of Applied Mathematics, vol. 5, pp. 164–168, 1944.

D. Marquardt, "An algorithm for least-squares estimation of nonlinear parameters," SIAM Journal in Applied Mathematics, vol. 11, no. 2, pp. 431–441, 1963.

C. Ambedkar and V. K. Babu, "Detection of Probe Attacks Using Machine Learning Techniques," International Journal of Research Studies in Computer Science and Engineering, vol. 2, no. 3, pp. 25–29, 2015.

M. Kurhade and R. Wankhade, "An Overview on Decision Making Under Risk and Uncertainty," International Journal of Science and Research, vol. 5, no. 4, pp. 416–422, April 2016.

D. Pamucar, D. Bozanic and A. Randjelovic, "Multi-criteria decision-making: An example of sensitivity analysis," Serbian Journal of Management, vol. 12, no. 1, 2017.

A. Ramos, M. Lazar, R. F. Filho and J. j P. C. Rodrigues, "A security metric for evaluation of collaborative intrusion detection systems in wireless sensor networks," In Proceedings of the 2017 IEEE International Conference on Communications (ICC), 2017, pp. 1–6.

L. Zomlot, "Handling uncertainty in intrusion analysis,” Thesis for PhD, 2014. http://doi.org/10.13140/RG.2.1.4936.4326.

T. H. Ho, J. J. Hull and S. N. Sirihari, "Decision Combination in Multiple Classification Systems," IEEE Transaction on Pattern Analysis and Machine Intelligence, vol. 16, no.1, pp. 66–75, January 1994.