A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine

Hao Zhang; Yongdan Li; Zhihan Lv; Arun Kumar Sangaiah; Tao Huang

doi:10.1109/JAS.2020.1003099

Volume 7 Issue 3

Apr. 2020

IEEE/CAA Journal of Automatica Sinica

JCR Impact Factor: 15.3, Top 1 (SCI Q1)

CiteScore: 23.5, Top 2% (Q1)
Google Scholar h5-index: 77， TOP 5

Turn off MathJax

Article Contents

Article Navigation > IEEE/CAA Journal of Automatica Sinica > 2020 > 7(3): 790-799

Hao Zhang, Yongdan Li, Zhihan Lv, Arun Kumar Sangaiah and Tao Huang, "A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine," IEEE/CAA J. Autom. Sinica, vol. 7, no. 3, pp. 790-799, May 2020. doi: 10.1109/JAS.2020.1003099

Citation:

Hao Zhang, Yongdan Li, Zhihan Lv, Arun Kumar Sangaiah and Tao Huang, "A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine," IEEE/CAA J. Autom. Sinica, vol. 7, no. 3, pp. 790-799, May 2020. doi: 10.1109/JAS.2020.1003099

Citation:

Hao Zhang, Yongdan Li, Zhihan Lv, Arun Kumar Sangaiah and Tao Huang, "A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine," IEEE/CAA J. Autom. Sinica, vol. 7, no. 3, pp. 790-799, May 2020. doi: 10.1109/JAS.2020.1003099

PDF( 1089 KB)

A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine

doi: 10.1109/JAS.2020.1003099

Funds: This work was supported by the National Key Research and Development Program of China (2017YFB1401300, 2017YFB1401304), the National Natural Science Foundation of China (61702211, L1724007, 61902203), Hubei Provincial Science and Technology Program of China (2017AKA191), the Self-Determined Research Funds of Central China Normal University (CCNU) from the Colleges’ Basic Research (CCNU17QD00 04, CCNU17GF0002), the Natural Science Foundation of Shandong Province (ZR2017QF015), and the Key Research and Development Plan–Major Scientific and Technological Innovation Projects of Shandong Province (2019JZZY020101)

More Information

Author Bio:
Hao Zhang (M’19) received the M.S. and Ph.D. degrees from Wuhan University (WHU), in 2011, and 2014, repectively. He is currently an Associcte Professor at the National Engineering Laboratory for Educational Big Data, Central China Normal University. His research interests include education big data security and privacy, education big data ciphertext retrieval, and learning big data mining

Yongdan Li received the M.S. degrees from the National Engineering Research Center for E-Learning, Central China Normal University. He is currently an Engineer at Lanzhou Central Sub-branch of the People’s Bank of China. His research interests include data mining and machine learning

Zhihan Lv (M’16–SM’19) is an Associate Professor at Qingdao University. He received the Ph.D. degree from University of Paris VII and Ocean University of China in 2012. He worked in CNRS (France) as Research Engineer, Umea University and KTH Royal Institute of Technology (Sweden) as Postdoc Research Fellow, Fundacion FIVAN (Spain) as Experienced Researcher. He was a Marie Curie Fellow in European Union’s Seventh Framework Programme LANPERCEPT. His research interests include multimedia, big data, and geographic information system

Arun Kumar Sangaiah (M’10) received the master of engineering degree from Anna University and Ph.D. degree from VIT University, India. He is currently as a Professor at the School of Computing Science and Engineering, Vellore Institute of Technology University, India. His research interests include machine learning, Internet of Things, and sustainable computing

Tao Huang is currently a Professor at the National Engineering Laboratory for Educational Big Data, Central China Normal University. His research interests include intelligent diagnostic analysis, education data mining, teaching resources, and wisdom learning services
Corresponding author: Z. H. Lv is with the School of Data Science and Software Engineering, Qingdao University, Qingdao 266071, China (e-mail: lvzhihan@gmail.com); Arun Kumar Sangaiah is with the School of Computing Science and Engineering, Vellore Institute of Technology University, Tamil Nadu 632014, India (e-mail: arunkumarsangaiah@gmail.com)
Received Date: 2018-10-24
Revised Date: 2018-12-11
Accepted Date: 2019-01-07

Available Online: 2020-03-17

Abstract

Abstract

In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine (DBN-SVM). Sliding window (SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is implemented. Based on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method’s real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.
- Deep belief network (DBN),
- flow calculation,
- frequent pattern,
- intrusion detection,
- sliding window,
- support vector machine (SVM)

FullText(HTML)

References(31)

References

[1]	P. Y. Zhang, S. Shu, and M. C. Zhou, “An online fault detection model and strategies based on SVM-grid in clouds,” IEEE/CAA J. Autom. Sinica, vol. 5, no. 2, pp. 445–456, Mar. 2018. doi: 10.1109/JAS.2017.7510817
[2]	D. E. Denning, “An intrusion-detection model,” in Proc. IEEE Symposium on Security and Privacy, Oakland, USA, 1986, pp. 118–131.
[3]	D. E. Denning and P. G. Neumann, “Requirements and model for IDES: a real-time intrusion detection system,” SRI Int., 1985.
[4]	B. Li, J. Z. Wang, P. Zhao, Z. J. Yan, and M. Yang, “Research of recognition system of web intrusion detection based on storm,” in Proc. 5th Int. Conf. Network, Communication and Computing, Kyoto, Japan, Dec. 2016, pp. 98–102.
[5]	L. Zhu and C. S. Zhu, “Data stream sliding window clustering algorithm applied in IDS,” Comput. Eng. Appl., vol. 50, no. 1, pp. 87–90, Jan. 2014.
[6]	C. C. Ge, “The research and application of data stream mining in intrusion detection,” M.S. thesis, Guangdong University of Technology, Guangzhou, China, 2013.
[7]	N. C. N. Chu, A. Williams, R. Alhajj, and K. Barker, “Data stream mining architecture for network intrusion detection,” in Proc. IEEE Int. Conf. Information Reuse and Integration, Las Vegas, USA, 2004, pp. 363–368.
[8]	Y. Yu, S. Q. Guo, and H. Huang, “Anomaly intrusion detection based on data stream,” Comput. Sci., vol. 34, no. 5, pp. 66–71, 114, May 2007.
[9]	D. K. Sadhasivan and K Balasubramanian, “A fusion of multiagent functionalities for effective intrusion detection system,” Secur. Commun. Netw., pp. 6216078, Jan. 2017.
[10]	S. Shamshirband, N. B. Anuar, M. L. M. Kiah, and A. Patel, “An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique,” Eng. Appl. Artif. Intell., vol. 26, no. 9, pp. 2105–2127, Oct. 2013. doi: 10.1016/j.engappai.2013.04.010
[11]	A. Chauhan, G. Mishra, and G. Kumar, “Survey on data mining techniques in intrusion detection,” Int. J. Sci. Eng. Res., vol. 2, no. 7, pp. 1–4, Jul. 2011.
[12]	J. J. Davis and A. J. Clark, “Data preprocessing for anomaly based network intrusion detection: a review,” Comput. Secur., vol. 30, no. 6–7, pp. 353–375, Sep.–Oct. 2011. doi: 10.1016/j.cose.2011.05.008
[13]	S. A. Joshi and V. S. Pimprale, “Network intrusion detection system (NIDS) based on data mining,” Int. J. Eng. Sci. Innov. Technol., vol. 2, no. 1, pp. 95–98, Jan. 2013.
[14]	G. V. Nadiammai and M. Hemalatha, “Effective approach toward intrusion detection system using data mining techniques,” Egypt. Inform. J., vol. 15, no. 1, pp. 37–50, Mar. 2014. doi: 10.1016/j.eij.2013.10.003
[15]	M. Panda, A. Abraham, and M. R. Patra, “A hybrid intelligent approach for network intrusion detection,” Procedia Eng., vol. 30, pp. 1–9, 2012.
[16]	A. Biswas, M. Sharma, T. Poddder, and N. Kar, “An approach towards multilevel and multiagent based intrusion detection system,” in Proc. IEEE Int. Conf. Advanced Communications, Control and Computing Technologies, Ramanathapuram, India, 2014, pp. 1787–1790.
[17]	W. Wang, T. Guyet, R. Quiniou, M. O. Cordier, F. Masseglia, and X. L. Zhang, “Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks,” Knowl.-Based Syst., vol. 70, pp. 103–117, Nov. 2014. doi: 10.1016/j.knosys.2014.06.018
[18]	Y. X. Chen and L. Tu, “Density-based clustering for real-time stream data,” in Proc. 13th ACM SIGKDD Int. Conf. Knowledge Discovery and Data Mining, San Jose, USA, 2007, pp.133–142.
[19]	M. M. Rathore, A. Paul, A. Ahmad, S. Rho, M. Imran, and M. Guizani, “Hadoop based real-time intrusion detection for high-speed networks,” in Proc. Global Communications Conf., Washington, USA, 2017, pp.1–6.
[20]	Y. Li, B. X. Fang, L. Guo, and Z. H. Tian, “Supervised intrusion detection based on active learning and TCM-KNN algorithm,” Chin. J. Comput., vol. 30, no. 8, pp. 1464–1473, Aug. 2007.
[21]	S. A. Abdulla, S. Ramadass, A. Altaher, and A. Al Nassiri, “Setting a worm attack warning by using machine learning to classify NetFlow data,” Int. J. Comput. Appl., vol. 36, no. 2, pp. 49–56, Dec. 2011.
[22]	D. S. Terzi, R. Terzi, and S. Sagiroglu, “Big data analytics for network anomaly detection from netflow data,” in Proc. Int. Conf. Computer Science and Engineering, Antalya, Turkey, 2017, pp.592–597.
[23]	A. R. Syarif and W. Gata, “Intrusion detection system using hybrid binary PSO and K-nearest neighborhood algorithm,” in Proc. 11th Int. Conf. Information & Communication Technology and System, London, UK, 2017, pp.181–186.
[24]	C. Wagner, J. François, R. State, and T. Engel, “Machine learning approach for IP-flow record anomaly detection,” in Proc. 10th Int. Networking Conf., Valencia, Spain, 2011.
[25]	L. Khan, M. Awad, and B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” VLDB J., vol. 16, no. 4, pp. 507–521, Oct. 2007. doi: 10.1007/s00778-006-0002-5
[26]	E. W. T. Ferreira, G. A. Carrijo, R. de Oliveira, and N. V. de Souza Araujo, “Intrusion detection system with wavelet and neural artifical network approach for networks computers,” IEEE Latin America. Trans., vol. 9, no. 5, pp. 832–837, Sep. 2011. doi: 10.1109/TLA.2011.6030997
[27]	S. S. Sivatha Sindhu, S. Geetha, and A. Kannan, “Decision tree based light weight intrusion detection using a wrapper approach,” Expert Syst. Appl., vol. 39, no. 1, pp. 129–141, Jan. 2012. doi: 10.1016/j.eswa.2011.06.013
[28]	P. Louvieris, N. Clewley, and X. H. Liu, “Effects-based feature identification for network intrusion detection,” Neurocomputing, vol. 121, pp. 265–273, Dec. 2013. doi: 10.1016/j.neucom.2013.04.038
[29]	A. Karami and M. Guerrero-Zapata, “A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks,” Neurocomputing, vol. 149, pp. 1253–1269, Feb. 2015. doi: 10.1016/j.neucom.2014.08.070
[30]	I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a hew intrusion detection dataset and intrusion traffic characterization,” in Proc. 4th Int. Conf. Information System Secwrity and Privacy (ICISSP), Portugal, pp. 108–116, Jan. 2018.
[31]	N. Gao, L. Gao, and Y. Y. He, “Deep belief nets model oriented to intrusion detection system,” Syst. Eng. Electron., vol. 38, no. 9, pp. 2201–2207, Sep. 2016.

Supplements(0)

Cited By

Proportional views

Proportional views

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

Figures(10) / Tables(3)

Get Citation

PDF

XML

Article Metrics

Article views (1329) PDF downloads(87)

Highlights

This method is based on NetFlow design and can capture the data flow in the network with high detection efficiency.
The method mines frequent patterns in data based on nested sliding windows (NSW) and a genetic algorithm. It then compares these patterns with a safe frequent pattern set and an attack frequent pattern set, determining whether they represent normal data, known attacks or unknown attacks, to detect network intrusion behaviors efficiently in real time.
For attack-type data, a classification algorithm based on the deep belief network and support vector machine (DBN-SVM) is applied to accurately classify the attack type. The combination of DBN and SVM effectively improved the classification accuracy.
Compared with the existing detection methods, the intrusion detection method proposed in this paper is found to have higher accuracy and detection efficiency. Therefore, it is suitable for the current high-capacity and high-speed network environment.

A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine

doi: 10.1109/JAS.2020.1003099

Abstract

References

Proportional views

Catalog

通讯作者: 陈斌, bchen63@163.com

Article Metrics

Highlights

Export File

Citation

Format

Content