A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model

Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are requ...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	SN computer science 2020-07, Vol.1 (4), p.202, Article 202
Hauptverfasser:	Sarıkaya, Alper, Kılıç, Banu Günel
Format:	Artikel
Sprache:	eng
Schlagworte:	Accuracy Classification Classifiers Computer Imaging Computer Science Computer Systems Organization and Communication Networks Data Structures and Information Theory Datasets Decision trees Density of states Feature selection Genetic algorithms Information Systems and Communication Service Intrusion detection systems Machine learning Methods Original Research Pattern Recognition and Graphics Regression analysis Software Engineering/Programming and Operating Systems Vision
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue	4
container_start_page	202
container_title	SN computer science
container_volume	1
creator	Sarıkaya, Alper Kılıç, Banu Günel
description	Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are required to prevent the cyberattacks. Previously, many intrusion detection mechanisms are proposed, but many of them are suffered to detect some attack classes. In this paper, an up-to-date and realistic dataset called UNSW-NB15 was used for training of an intrusion detection system. The dataset contains network data under nine different attack scenarios as well as normal operation. Firstly, wrapper feature selection was applied to the dataset, which reduced the number of features to 19 features from 43. Secondly, a decision tree classifier was trained with reduced dataset. The confusion matrix was tabulated and classes with low detection rates were identified. Finally, to achieve better detection rates for Dos, Exploit and Fuzzers classes which were low detected classes, a hierarchical multi-class classifier was proposed. As the basis of the model, random forest classifier was selected, where each classifier at a different stage of the hierarchy has a specific attack detection purpose. The proposed system achieved better overall classification accuracy of 80.78% than the baseline random forest classifier. The detection rates for DoS, Exploit and Fuzzers attacks were also increased.
doi_str_mv	10.1007/s42979-020-00213-z
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2933264383</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2933264383</sourcerecordid><originalsourceid>FETCH-LOGICAL-c278z-16d5bccbbc5da9dbc09e627dbb033c6a10742dee4ccfe8df32f9beb6059dc8433</originalsourceid><addsrcrecordid>eNp9kLFOwzAURS0EElXpDzBFYjY824kTs1Ut0EoFhoLEZsXPDqQKSbGTgX49SYPExvTucM590iXkksE1A0hvQsxVqihwoACcCXo4IRMuJaOZgvT0mDlVKnk7J7MQdtBTCcSxTCbkaR4tqjwEut07LIsSo3Xd-i6UTR0tXeuwHdJjY111G61K53OPHyXmVfTYVW1JcZCj9XI7MhfkrMir4Ga_d0pe7-9eFiu6eX5YL-YbijzNDpRJmxhEYzCxubIGQTnJU2sMCIEyZ5DG3DoXIxYus4XghTLOSEiUxSwWYkquxt69b746F1q9azpf9y81V0JwGYtsoPhIoW9C8K7Qe19-5v5bM9DDdHqcTvfT6eN0-tBLYpRCD9fvzv9V_2P9AH9ncjc</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2933264383</pqid></control><display><type>article</type><title>A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model</title><source>SpringerLink Journals</source><source>ProQuest Central UK/Ireland</source><source>ProQuest Central</source><creator>Sarıkaya, Alper ; Kılıç, Banu Günel</creator><creatorcontrib>Sarıkaya, Alper ; Kılıç, Banu Günel</creatorcontrib><description>Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are required to prevent the cyberattacks. Previously, many intrusion detection mechanisms are proposed, but many of them are suffered to detect some attack classes. In this paper, an up-to-date and realistic dataset called UNSW-NB15 was used for training of an intrusion detection system. The dataset contains network data under nine different attack scenarios as well as normal operation. Firstly, wrapper feature selection was applied to the dataset, which reduced the number of features to 19 features from 43. Secondly, a decision tree classifier was trained with reduced dataset. The confusion matrix was tabulated and classes with low detection rates were identified. Finally, to achieve better detection rates for Dos, Exploit and Fuzzers classes which were low detected classes, a hierarchical multi-class classifier was proposed. As the basis of the model, random forest classifier was selected, where each classifier at a different stage of the hierarchy has a specific attack detection purpose. The proposed system achieved better overall classification accuracy of 80.78% than the baseline random forest classifier. The detection rates for DoS, Exploit and Fuzzers attacks were also increased.</description><identifier>ISSN: 2662-995X</identifier><identifier>EISSN: 2661-8907</identifier><identifier>DOI: 10.1007/s42979-020-00213-z</identifier><language>eng</language><publisher>Singapore: Springer Singapore</publisher><subject>Accuracy ; Classification ; Classifiers ; Computer Imaging ; Computer Science ; Computer Systems Organization and Communication Networks ; Data Structures and Information Theory ; Datasets ; Decision trees ; Density of states ; Feature selection ; Genetic algorithms ; Information Systems and Communication Service ; Intrusion detection systems ; Machine learning ; Methods ; Original Research ; Pattern Recognition and Graphics ; Regression analysis ; Software Engineering/Programming and Operating Systems ; Vision</subject><ispartof>SN computer science, 2020-07, Vol.1 (4), p.202, Article 202</ispartof><rights>Springer Nature Singapore Pte Ltd 2020</rights><rights>Springer Nature Singapore Pte Ltd 2020.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c278z-16d5bccbbc5da9dbc09e627dbb033c6a10742dee4ccfe8df32f9beb6059dc8433</citedby><cites>FETCH-LOGICAL-c278z-16d5bccbbc5da9dbc09e627dbb033c6a10742dee4ccfe8df32f9beb6059dc8433</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s42979-020-00213-z$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/2933264383?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,780,784,21388,27924,27925,33744,41488,42557,43805,51319,64385,64389,72469</link.rule.ids></links><search><creatorcontrib>Sarıkaya, Alper</creatorcontrib><creatorcontrib>Kılıç, Banu Günel</creatorcontrib><title>A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model</title><title>SN computer science</title><addtitle>SN COMPUT. SCI</addtitle><description>Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are required to prevent the cyberattacks. Previously, many intrusion detection mechanisms are proposed, but many of them are suffered to detect some attack classes. In this paper, an up-to-date and realistic dataset called UNSW-NB15 was used for training of an intrusion detection system. The dataset contains network data under nine different attack scenarios as well as normal operation. Firstly, wrapper feature selection was applied to the dataset, which reduced the number of features to 19 features from 43. Secondly, a decision tree classifier was trained with reduced dataset. The confusion matrix was tabulated and classes with low detection rates were identified. Finally, to achieve better detection rates for Dos, Exploit and Fuzzers classes which were low detected classes, a hierarchical multi-class classifier was proposed. As the basis of the model, random forest classifier was selected, where each classifier at a different stage of the hierarchy has a specific attack detection purpose. The proposed system achieved better overall classification accuracy of 80.78% than the baseline random forest classifier. The detection rates for DoS, Exploit and Fuzzers attacks were also increased.</description><subject>Accuracy</subject><subject>Classification</subject><subject>Classifiers</subject><subject>Computer Imaging</subject><subject>Computer Science</subject><subject>Computer Systems Organization and Communication Networks</subject><subject>Data Structures and Information Theory</subject><subject>Datasets</subject><subject>Decision trees</subject><subject>Density of states</subject><subject>Feature selection</subject><subject>Genetic algorithms</subject><subject>Information Systems and Communication Service</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Methods</subject><subject>Original Research</subject><subject>Pattern Recognition and Graphics</subject><subject>Regression analysis</subject><subject>Software Engineering/Programming and Operating Systems</subject><subject>Vision</subject><issn>2662-995X</issn><issn>2661-8907</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9kLFOwzAURS0EElXpDzBFYjY824kTs1Ut0EoFhoLEZsXPDqQKSbGTgX49SYPExvTucM590iXkksE1A0hvQsxVqihwoACcCXo4IRMuJaOZgvT0mDlVKnk7J7MQdtBTCcSxTCbkaR4tqjwEut07LIsSo3Xd-i6UTR0tXeuwHdJjY111G61K53OPHyXmVfTYVW1JcZCj9XI7MhfkrMir4Ga_d0pe7-9eFiu6eX5YL-YbijzNDpRJmxhEYzCxubIGQTnJU2sMCIEyZ5DG3DoXIxYus4XghTLOSEiUxSwWYkquxt69b746F1q9azpf9y81V0JwGYtsoPhIoW9C8K7Qe19-5v5bM9DDdHqcTvfT6eN0-tBLYpRCD9fvzv9V_2P9AH9ncjc</recordid><startdate>20200701</startdate><enddate>20200701</enddate><creator>Sarıkaya, Alper</creator><creator>Kılıç, Banu Günel</creator><general>Springer Singapore</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>8FE</scope><scope>8FG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope></search><sort><creationdate>20200701</creationdate><title>A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model</title><author>Sarıkaya, Alper ; Kılıç, Banu Günel</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c278z-16d5bccbbc5da9dbc09e627dbb033c6a10742dee4ccfe8df32f9beb6059dc8433</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Accuracy</topic><topic>Classification</topic><topic>Classifiers</topic><topic>Computer Imaging</topic><topic>Computer Science</topic><topic>Computer Systems Organization and Communication Networks</topic><topic>Data Structures and Information Theory</topic><topic>Datasets</topic><topic>Decision trees</topic><topic>Density of states</topic><topic>Feature selection</topic><topic>Genetic algorithms</topic><topic>Information Systems and Communication Service</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Methods</topic><topic>Original Research</topic><topic>Pattern Recognition and Graphics</topic><topic>Regression analysis</topic><topic>Software Engineering/Programming and Operating Systems</topic><topic>Vision</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sarıkaya, Alper</creatorcontrib><creatorcontrib>Kılıç, Banu Günel</creatorcontrib><collection>CrossRef</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><jtitle>SN computer science</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sarıkaya, Alper</au><au>Kılıç, Banu Günel</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model</atitle><jtitle>SN computer science</jtitle><stitle>SN COMPUT. SCI</stitle><date>2020-07-01</date><risdate>2020</risdate><volume>1</volume><issue>4</issue><spage>202</spage><pages>202-</pages><artnum>202</artnum><issn>2662-995X</issn><eissn>2661-8907</eissn><abstract>Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are required to prevent the cyberattacks. Previously, many intrusion detection mechanisms are proposed, but many of them are suffered to detect some attack classes. In this paper, an up-to-date and realistic dataset called UNSW-NB15 was used for training of an intrusion detection system. The dataset contains network data under nine different attack scenarios as well as normal operation. Firstly, wrapper feature selection was applied to the dataset, which reduced the number of features to 19 features from 43. Secondly, a decision tree classifier was trained with reduced dataset. The confusion matrix was tabulated and classes with low detection rates were identified. Finally, to achieve better detection rates for Dos, Exploit and Fuzzers classes which were low detected classes, a hierarchical multi-class classifier was proposed. As the basis of the model, random forest classifier was selected, where each classifier at a different stage of the hierarchy has a specific attack detection purpose. The proposed system achieved better overall classification accuracy of 80.78% than the baseline random forest classifier. The detection rates for DoS, Exploit and Fuzzers attacks were also increased.</abstract><cop>Singapore</cop><pub>Springer Singapore</pub><doi>10.1007/s42979-020-00213-z</doi><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2662-995X
ispartof	SN computer science, 2020-07, Vol.1 (4), p.202, Article 202
issn	2662-995X 2661-8907
language	eng
recordid	cdi_proquest_journals_2933264383
source	SpringerLink Journals; ProQuest Central UK/Ireland; ProQuest Central
subjects	Accuracy Classification Classifiers Computer Imaging Computer Science Computer Systems Organization and Communication Networks Data Structures and Information Theory Datasets Decision trees Density of states Feature selection Genetic algorithms Information Systems and Communication Service Intrusion detection systems Machine learning Methods Original Research Pattern Recognition and Graphics Regression analysis Software Engineering/Programming and Operating Systems Vision
title	A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T10%3A11%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Class-Specific%20Intrusion%20Detection%20Model:%20Hierarchical%20Multi-class%20IDS%20Model&rft.jtitle=SN%20computer%20science&rft.au=Sar%C4%B1kaya,%20Alper&rft.date=2020-07-01&rft.volume=1&rft.issue=4&rft.spage=202&rft.pages=202-&rft.artnum=202&rft.issn=2662-995X&rft.eissn=2661-8907&rft_id=info:doi/10.1007/s42979-020-00213-z&rft_dat=%3Cproquest_cross%3E2933264383%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2933264383&rft_id=info:pmid/&rfr_iscdi=true