A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System
Network intrusion detection systems (NIDS) to detect malicious attacks continue to meet challenges. NIDS are often developed offline while they face auto-generated port scan infiltration attempts, resulting in a significant time lag from adversarial adaption to NIDS response. To address these challe...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Lin, Zong-Zhi Pike, Thomas D Bailey, Mark M Bastian, Nathaniel D |
| description | Network intrusion detection systems (NIDS) to detect malicious attacks
continue to meet challenges. NIDS are often developed offline while they face
auto-generated port scan infiltration attempts, resulting in a significant time
lag from adversarial adaption to NIDS response. To address these challenges, we
use hypergraphs focused on internet protocol addresses and destination ports to
capture evolving patterns of port scan attacks. The derived set of
hypergraph-based metrics are then used to train an ensemble machine learning
(ML) based NIDS that allows for real-time adaption in monitoring and detecting
port scanning activities, other types of attacks, and adversarial intrusions at
high accuracy, precision and recall performances. This ML adapting NIDS was
developed through the combination of (1) intrusion examples, (2) NIDS update
rules, (3) attack threshold choices to trigger NIDS retraining requests, and
(4) a production environment with no prior knowledge of the nature of network
traffic. 40 scenarios were auto-generated to evaluate the ML ensemble NIDS
comprising three tree-based models. The resulting ML Ensemble NIDS was extended
and evaluated with the CIC-IDS2017 dataset. Results show that under the model
settings of an Update-ALL-NIDS rule (specifically retrain and update all the
three models upon the same NIDS retraining request) the proposed ML ensemble
NIDS evolved intelligently and produced the best results with nearly 100%
detection performance throughout the simulation. |
| doi_str_mv | 10.48550/arxiv.2211.03933 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2211_03933</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2211_03933</sourcerecordid><originalsourceid>FETCH-LOGICAL-a673-8636b2350304840726d09ac40d8a1f0c104bceb7609af1205e55fa49d62849bc3</originalsourceid><addsrcrecordid>eNotz7tOw0AUBNBtKFDgA6jYH7C5-_S6DCGQSIYUpLeu19eJRbyx1ubhv4eEVDOaYqTD2J2AVDtj4AHjT_uVSilECipX6ppt5nw19RR3Eft98ogD1fwV_b4NxAvCGNqw48swUFcdiL_R-H2MH3wdxvg5tMfAn2gkP57a-zSM1N2wqwYPA91ecsa2z8vtYpUUm5f1Yl4kaDOVOKtsJZUBBdppyKStIUevoXYoGvACdOWpyuzf2ggJhoxpUOe1lU7nlVczdv9_exaVfWw7jFN5kpVnmfoFeeJIQw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System</title><source>arXiv.org</source><creator>Lin, Zong-Zhi ; Pike, Thomas D ; Bailey, Mark M ; Bastian, Nathaniel D</creator><creatorcontrib>Lin, Zong-Zhi ; Pike, Thomas D ; Bailey, Mark M ; Bastian, Nathaniel D</creatorcontrib><description>Network intrusion detection systems (NIDS) to detect malicious attacks
continue to meet challenges. NIDS are often developed offline while they face
auto-generated port scan infiltration attempts, resulting in a significant time
lag from adversarial adaption to NIDS response. To address these challenges, we
use hypergraphs focused on internet protocol addresses and destination ports to
capture evolving patterns of port scan attacks. The derived set of
hypergraph-based metrics are then used to train an ensemble machine learning
(ML) based NIDS that allows for real-time adaption in monitoring and detecting
port scanning activities, other types of attacks, and adversarial intrusions at
high accuracy, precision and recall performances. This ML adapting NIDS was
developed through the combination of (1) intrusion examples, (2) NIDS update
rules, (3) attack threshold choices to trigger NIDS retraining requests, and
(4) a production environment with no prior knowledge of the nature of network
traffic. 40 scenarios were auto-generated to evaluate the ML ensemble NIDS
comprising three tree-based models. The resulting ML Ensemble NIDS was extended
and evaluated with the CIC-IDS2017 dataset. Results show that under the model
settings of an Update-ALL-NIDS rule (specifically retrain and update all the
three models upon the same NIDS retraining request) the proposed ML ensemble
NIDS evolved intelligently and produced the best results with nearly 100%
detection performance throughout the simulation.</description><identifier>DOI: 10.48550/arxiv.2211.03933</identifier><language>eng</language><subject>Computer Science - Artificial Intelligence ; Computer Science - Cryptography and Security ; Computer Science - Systems and Control ; Statistics - Machine Learning ; Statistics - Methodology</subject><creationdate>2022-11</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2211.03933$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2211.03933$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1109/TSMC.2024.3446635$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Lin, Zong-Zhi</creatorcontrib><creatorcontrib>Pike, Thomas D</creatorcontrib><creatorcontrib>Bailey, Mark M</creatorcontrib><creatorcontrib>Bastian, Nathaniel D</creatorcontrib><title>A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System</title><description>Network intrusion detection systems (NIDS) to detect malicious attacks
continue to meet challenges. NIDS are often developed offline while they face
auto-generated port scan infiltration attempts, resulting in a significant time
lag from adversarial adaption to NIDS response. To address these challenges, we
use hypergraphs focused on internet protocol addresses and destination ports to
capture evolving patterns of port scan attacks. The derived set of
hypergraph-based metrics are then used to train an ensemble machine learning
(ML) based NIDS that allows for real-time adaption in monitoring and detecting
port scanning activities, other types of attacks, and adversarial intrusions at
high accuracy, precision and recall performances. This ML adapting NIDS was
developed through the combination of (1) intrusion examples, (2) NIDS update
rules, (3) attack threshold choices to trigger NIDS retraining requests, and
(4) a production environment with no prior knowledge of the nature of network
traffic. 40 scenarios were auto-generated to evaluate the ML ensemble NIDS
comprising three tree-based models. The resulting ML Ensemble NIDS was extended
and evaluated with the CIC-IDS2017 dataset. Results show that under the model
settings of an Update-ALL-NIDS rule (specifically retrain and update all the
three models upon the same NIDS retraining request) the proposed ML ensemble
NIDS evolved intelligently and produced the best results with nearly 100%
detection performance throughout the simulation.</description><subject>Computer Science - Artificial Intelligence</subject><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Systems and Control</subject><subject>Statistics - Machine Learning</subject><subject>Statistics - Methodology</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz7tOw0AUBNBtKFDgA6jYH7C5-_S6DCGQSIYUpLeu19eJRbyx1ubhv4eEVDOaYqTD2J2AVDtj4AHjT_uVSilECipX6ppt5nw19RR3Eft98ogD1fwV_b4NxAvCGNqw48swUFcdiL_R-H2MH3wdxvg5tMfAn2gkP57a-zSM1N2wqwYPA91ecsa2z8vtYpUUm5f1Yl4kaDOVOKtsJZUBBdppyKStIUevoXYoGvACdOWpyuzf2ggJhoxpUOe1lU7nlVczdv9_exaVfWw7jFN5kpVnmfoFeeJIQw</recordid><startdate>20221107</startdate><enddate>20221107</enddate><creator>Lin, Zong-Zhi</creator><creator>Pike, Thomas D</creator><creator>Bailey, Mark M</creator><creator>Bastian, Nathaniel D</creator><scope>AKY</scope><scope>EPD</scope><scope>GOX</scope></search><sort><creationdate>20221107</creationdate><title>A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System</title><author>Lin, Zong-Zhi ; Pike, Thomas D ; Bailey, Mark M ; Bastian, Nathaniel D</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a673-8636b2350304840726d09ac40d8a1f0c104bceb7609af1205e55fa49d62849bc3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Computer Science - Artificial Intelligence</topic><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Systems and Control</topic><topic>Statistics - Machine Learning</topic><topic>Statistics - Methodology</topic><toplevel>online_resources</toplevel><creatorcontrib>Lin, Zong-Zhi</creatorcontrib><creatorcontrib>Pike, Thomas D</creatorcontrib><creatorcontrib>Bailey, Mark M</creatorcontrib><creatorcontrib>Bastian, Nathaniel D</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv Statistics</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lin, Zong-Zhi</au><au>Pike, Thomas D</au><au>Bailey, Mark M</au><au>Bastian, Nathaniel D</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System</atitle><date>2022-11-07</date><risdate>2022</risdate><abstract>Network intrusion detection systems (NIDS) to detect malicious attacks
continue to meet challenges. NIDS are often developed offline while they face
auto-generated port scan infiltration attempts, resulting in a significant time
lag from adversarial adaption to NIDS response. To address these challenges, we
use hypergraphs focused on internet protocol addresses and destination ports to
capture evolving patterns of port scan attacks. The derived set of
hypergraph-based metrics are then used to train an ensemble machine learning
(ML) based NIDS that allows for real-time adaption in monitoring and detecting
port scanning activities, other types of attacks, and adversarial intrusions at
high accuracy, precision and recall performances. This ML adapting NIDS was
developed through the combination of (1) intrusion examples, (2) NIDS update
rules, (3) attack threshold choices to trigger NIDS retraining requests, and
(4) a production environment with no prior knowledge of the nature of network
traffic. 40 scenarios were auto-generated to evaluate the ML ensemble NIDS
comprising three tree-based models. The resulting ML Ensemble NIDS was extended
and evaluated with the CIC-IDS2017 dataset. Results show that under the model
settings of an Update-ALL-NIDS rule (specifically retrain and update all the
three models upon the same NIDS retraining request) the proposed ML ensemble
NIDS evolved intelligently and produced the best results with nearly 100%
detection performance throughout the simulation.</abstract><doi>10.48550/arxiv.2211.03933</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2211.03933 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2211_03933 |
| source | arXiv.org |
| subjects | Computer Science - Artificial Intelligence Computer Science - Cryptography and Security Computer Science - Systems and Control Statistics - Machine Learning Statistics - Methodology |
| title | A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-25T21%3A08%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Hypergraph-Based%20Machine%20Learning%20Ensemble%20Network%20Intrusion%20Detection%20System&rft.au=Lin,%20Zong-Zhi&rft.date=2022-11-07&rft_id=info:doi/10.48550/arxiv.2211.03933&rft_dat=%3Carxiv_GOX%3E2211_03933%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |