An intrusion detection system using network traffic profiling and online sequential extreme learning machine

•Alpha profiling reduces the number of comparisons by 85.76%.•Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.•Beta profiling is used to reduce the size of training dataset by 7.83%.•Network traffic profiling and feature selection reduce space and time complexity.•Accur...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Expert systems with applications 2015-12, Vol.42 (22), p.8609-8624
Hauptverfasser: Singh, Raman, Kumar, Harish, Singla, R.K.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 8624
container_issue 22
container_start_page 8609
container_title Expert systems with applications
container_volume 42
creator Singh, Raman
Kumar, Harish
Singla, R.K.
description •Alpha profiling reduces the number of comparisons by 85.76%.•Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.•Beta profiling is used to reduce the size of training dataset by 7.83%.•Network traffic profiling and feature selection reduce space and time complexity.•Accuracy of 98.66% and false positive rate of 1.74% are achieved in 2.43 s. Anomaly based Intrusion Detection Systems (IDS) learn normal and anomalous behavior by analyzing network traffic in various benchmark datasets. Common challenges for IDSs are large amounts of data to process, low detection rates and high rates of false alarms. In this paper, a technique based on the Online Sequential Extreme Learning Machine (OS-ELM) is presented for intrusion detection. The proposed technique uses alpha profiling to reduce the time complexity while irrelevant features are discarded using an ensemble of Filtered, Correlation and Consistency based feature selection techniques. Instead of sampling, beta profiling is used to reduce the size of the training dataset. For performance evaluation of proposed technique the standard NSL-KDD 2009 (Network Security Laboratory-Knowledge Discovery and Data Mining) dataset is used. In this paper time and space complexity of the proposed technique is also discussed. The experimental results yielded an accuracy of 98.66% with a false positive rate of 1.74% and a detection time of 2.43 s for binary class NSL-KDD dataset. The proposed IDS achieve 97.67% of accuracy with 1.74% of false positive rate in 2.65 s of detection time for multi-class NSL-KDD dataset. The Kyoto University benchmark dataset is also used to test the proposed IDS. Accuracy of 96.37% with false positive rate of 5.76% is yielded by the proposed technique. The proposed technique outperforms other published techniques in terms of accuracy, false positive rate and detection time. Based on the experimental results achieved, we conclude that the proposed technique is an efficient method for network intrusion detection.
doi_str_mv 10.1016/j.eswa.2015.07.015
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1825457754</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0957417415004753</els_id><sourcerecordid>1825457754</sourcerecordid><originalsourceid>FETCH-LOGICAL-c469t-4adead628703873cde0fd2e1ccbfbffda08883bee99f5162255708c64a3578293</originalsourceid><addsrcrecordid>eNp9UMtOwzAQtBBIlMIPcPKRS4LtxHEicakqXlIlLnC2XHsNLolTbJfSv8dROXOa1e7MamYQuqakpIQ2t5sS4l6VjFBeElFmOEEz2oqqaERXnaIZ6bgoairqc3QR44YQKggRM9QvPHY-hV10o8cGEug0TfEQEww4r_079pD2Y_jEKShrncbbMFrXTxflDR59HgFH-NqBT071GH5SgAFwDyr4iTYo_ZE5l-jMqj7C1R_O0dvD_evyqVi9PD4vF6tC102XiloZUKZhrSBVjqANEGsYUK3Xdm2tUaRt22oN0HWW04YxzgVpdVOriouWddUc3Rz_ZqPZVExycFFD3ysP4y5K2jJecyF4nansSNVhjDGAldvgBhUOkhI5VSs3cqpWTtVKImSGLLo7iiCH-HYQZNQOvAbjQu5PmtH9J_8Fli6Fdg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1825457754</pqid></control><display><type>article</type><title>An intrusion detection system using network traffic profiling and online sequential extreme learning machine</title><source>Access via ScienceDirect (Elsevier)</source><creator>Singh, Raman ; Kumar, Harish ; Singla, R.K.</creator><creatorcontrib>Singh, Raman ; Kumar, Harish ; Singla, R.K.</creatorcontrib><description>•Alpha profiling reduces the number of comparisons by 85.76%.•Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.•Beta profiling is used to reduce the size of training dataset by 7.83%.•Network traffic profiling and feature selection reduce space and time complexity.•Accuracy of 98.66% and false positive rate of 1.74% are achieved in 2.43 s. Anomaly based Intrusion Detection Systems (IDS) learn normal and anomalous behavior by analyzing network traffic in various benchmark datasets. Common challenges for IDSs are large amounts of data to process, low detection rates and high rates of false alarms. In this paper, a technique based on the Online Sequential Extreme Learning Machine (OS-ELM) is presented for intrusion detection. The proposed technique uses alpha profiling to reduce the time complexity while irrelevant features are discarded using an ensemble of Filtered, Correlation and Consistency based feature selection techniques. Instead of sampling, beta profiling is used to reduce the size of the training dataset. For performance evaluation of proposed technique the standard NSL-KDD 2009 (Network Security Laboratory-Knowledge Discovery and Data Mining) dataset is used. In this paper time and space complexity of the proposed technique is also discussed. The experimental results yielded an accuracy of 98.66% with a false positive rate of 1.74% and a detection time of 2.43 s for binary class NSL-KDD dataset. The proposed IDS achieve 97.67% of accuracy with 1.74% of false positive rate in 2.65 s of detection time for multi-class NSL-KDD dataset. The Kyoto University benchmark dataset is also used to test the proposed IDS. Accuracy of 96.37% with false positive rate of 5.76% is yielded by the proposed technique. The proposed technique outperforms other published techniques in terms of accuracy, false positive rate and detection time. Based on the experimental results achieved, we conclude that the proposed technique is an efficient method for network intrusion detection.</description><identifier>ISSN: 0957-4174</identifier><identifier>EISSN: 1873-6793</identifier><identifier>DOI: 10.1016/j.eswa.2015.07.015</identifier><language>eng</language><publisher>Elsevier Ltd</publisher><subject>Computer information security ; Distance learning ; Feature selection technique ; Intrusion ; Intrusion detection system ; Network traffic dataset ; Network traffic profiling ; Networks ; Neural networks ; Online sequential extreme learning machine (OS-ELM) ; Profiling ; Traffic engineering ; Traffic flow</subject><ispartof>Expert systems with applications, 2015-12, Vol.42 (22), p.8609-8624</ispartof><rights>2015 Elsevier Ltd</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c469t-4adead628703873cde0fd2e1ccbfbffda08883bee99f5162255708c64a3578293</citedby><cites>FETCH-LOGICAL-c469t-4adead628703873cde0fd2e1ccbfbffda08883bee99f5162255708c64a3578293</cites><orcidid>0000-0002-6839-5454</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.eswa.2015.07.015$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Singh, Raman</creatorcontrib><creatorcontrib>Kumar, Harish</creatorcontrib><creatorcontrib>Singla, R.K.</creatorcontrib><title>An intrusion detection system using network traffic profiling and online sequential extreme learning machine</title><title>Expert systems with applications</title><description>•Alpha profiling reduces the number of comparisons by 85.76%.•Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.•Beta profiling is used to reduce the size of training dataset by 7.83%.•Network traffic profiling and feature selection reduce space and time complexity.•Accuracy of 98.66% and false positive rate of 1.74% are achieved in 2.43 s. Anomaly based Intrusion Detection Systems (IDS) learn normal and anomalous behavior by analyzing network traffic in various benchmark datasets. Common challenges for IDSs are large amounts of data to process, low detection rates and high rates of false alarms. In this paper, a technique based on the Online Sequential Extreme Learning Machine (OS-ELM) is presented for intrusion detection. The proposed technique uses alpha profiling to reduce the time complexity while irrelevant features are discarded using an ensemble of Filtered, Correlation and Consistency based feature selection techniques. Instead of sampling, beta profiling is used to reduce the size of the training dataset. For performance evaluation of proposed technique the standard NSL-KDD 2009 (Network Security Laboratory-Knowledge Discovery and Data Mining) dataset is used. In this paper time and space complexity of the proposed technique is also discussed. The experimental results yielded an accuracy of 98.66% with a false positive rate of 1.74% and a detection time of 2.43 s for binary class NSL-KDD dataset. The proposed IDS achieve 97.67% of accuracy with 1.74% of false positive rate in 2.65 s of detection time for multi-class NSL-KDD dataset. The Kyoto University benchmark dataset is also used to test the proposed IDS. Accuracy of 96.37% with false positive rate of 5.76% is yielded by the proposed technique. The proposed technique outperforms other published techniques in terms of accuracy, false positive rate and detection time. Based on the experimental results achieved, we conclude that the proposed technique is an efficient method for network intrusion detection.</description><subject>Computer information security</subject><subject>Distance learning</subject><subject>Feature selection technique</subject><subject>Intrusion</subject><subject>Intrusion detection system</subject><subject>Network traffic dataset</subject><subject>Network traffic profiling</subject><subject>Networks</subject><subject>Neural networks</subject><subject>Online sequential extreme learning machine (OS-ELM)</subject><subject>Profiling</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><issn>0957-4174</issn><issn>1873-6793</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNp9UMtOwzAQtBBIlMIPcPKRS4LtxHEicakqXlIlLnC2XHsNLolTbJfSv8dROXOa1e7MamYQuqakpIQ2t5sS4l6VjFBeElFmOEEz2oqqaERXnaIZ6bgoairqc3QR44YQKggRM9QvPHY-hV10o8cGEug0TfEQEww4r_079pD2Y_jEKShrncbbMFrXTxflDR59HgFH-NqBT071GH5SgAFwDyr4iTYo_ZE5l-jMqj7C1R_O0dvD_evyqVi9PD4vF6tC102XiloZUKZhrSBVjqANEGsYUK3Xdm2tUaRt22oN0HWW04YxzgVpdVOriouWddUc3Rz_ZqPZVExycFFD3ysP4y5K2jJecyF4nansSNVhjDGAldvgBhUOkhI5VSs3cqpWTtVKImSGLLo7iiCH-HYQZNQOvAbjQu5PmtH9J_8Fli6Fdg</recordid><startdate>20151201</startdate><enddate>20151201</enddate><creator>Singh, Raman</creator><creator>Kumar, Harish</creator><creator>Singla, R.K.</creator><general>Elsevier Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-6839-5454</orcidid></search><sort><creationdate>20151201</creationdate><title>An intrusion detection system using network traffic profiling and online sequential extreme learning machine</title><author>Singh, Raman ; Kumar, Harish ; Singla, R.K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c469t-4adead628703873cde0fd2e1ccbfbffda08883bee99f5162255708c64a3578293</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Computer information security</topic><topic>Distance learning</topic><topic>Feature selection technique</topic><topic>Intrusion</topic><topic>Intrusion detection system</topic><topic>Network traffic dataset</topic><topic>Network traffic profiling</topic><topic>Networks</topic><topic>Neural networks</topic><topic>Online sequential extreme learning machine (OS-ELM)</topic><topic>Profiling</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Singh, Raman</creatorcontrib><creatorcontrib>Kumar, Harish</creatorcontrib><creatorcontrib>Singla, R.K.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Expert systems with applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Singh, Raman</au><au>Kumar, Harish</au><au>Singla, R.K.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An intrusion detection system using network traffic profiling and online sequential extreme learning machine</atitle><jtitle>Expert systems with applications</jtitle><date>2015-12-01</date><risdate>2015</risdate><volume>42</volume><issue>22</issue><spage>8609</spage><epage>8624</epage><pages>8609-8624</pages><issn>0957-4174</issn><eissn>1873-6793</eissn><abstract>•Alpha profiling reduces the number of comparisons by 85.76%.•Optimal features (21 out of 41) are suggested. Features are reduced by 48.78%.•Beta profiling is used to reduce the size of training dataset by 7.83%.•Network traffic profiling and feature selection reduce space and time complexity.•Accuracy of 98.66% and false positive rate of 1.74% are achieved in 2.43 s. Anomaly based Intrusion Detection Systems (IDS) learn normal and anomalous behavior by analyzing network traffic in various benchmark datasets. Common challenges for IDSs are large amounts of data to process, low detection rates and high rates of false alarms. In this paper, a technique based on the Online Sequential Extreme Learning Machine (OS-ELM) is presented for intrusion detection. The proposed technique uses alpha profiling to reduce the time complexity while irrelevant features are discarded using an ensemble of Filtered, Correlation and Consistency based feature selection techniques. Instead of sampling, beta profiling is used to reduce the size of the training dataset. For performance evaluation of proposed technique the standard NSL-KDD 2009 (Network Security Laboratory-Knowledge Discovery and Data Mining) dataset is used. In this paper time and space complexity of the proposed technique is also discussed. The experimental results yielded an accuracy of 98.66% with a false positive rate of 1.74% and a detection time of 2.43 s for binary class NSL-KDD dataset. The proposed IDS achieve 97.67% of accuracy with 1.74% of false positive rate in 2.65 s of detection time for multi-class NSL-KDD dataset. The Kyoto University benchmark dataset is also used to test the proposed IDS. Accuracy of 96.37% with false positive rate of 5.76% is yielded by the proposed technique. The proposed technique outperforms other published techniques in terms of accuracy, false positive rate and detection time. Based on the experimental results achieved, we conclude that the proposed technique is an efficient method for network intrusion detection.</abstract><pub>Elsevier Ltd</pub><doi>10.1016/j.eswa.2015.07.015</doi><tpages>16</tpages><orcidid>https://orcid.org/0000-0002-6839-5454</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0957-4174
ispartof Expert systems with applications, 2015-12, Vol.42 (22), p.8609-8624
issn 0957-4174
1873-6793
language eng
recordid cdi_proquest_miscellaneous_1825457754
source Access via ScienceDirect (Elsevier)
subjects Computer information security
Distance learning
Feature selection technique
Intrusion
Intrusion detection system
Network traffic dataset
Network traffic profiling
Networks
Neural networks
Online sequential extreme learning machine (OS-ELM)
Profiling
Traffic engineering
Traffic flow
title An intrusion detection system using network traffic profiling and online sequential extreme learning machine
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T22%3A13%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20intrusion%20detection%20system%20using%20network%20traffic%20profiling%20and%20online%20sequential%20extreme%20learning%20machine&rft.jtitle=Expert%20systems%20with%20applications&rft.au=Singh,%20Raman&rft.date=2015-12-01&rft.volume=42&rft.issue=22&rft.spage=8609&rft.epage=8624&rft.pages=8609-8624&rft.issn=0957-4174&rft.eissn=1873-6793&rft_id=info:doi/10.1016/j.eswa.2015.07.015&rft_dat=%3Cproquest_cross%3E1825457754%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1825457754&rft_id=info:pmid/&rft_els_id=S0957417415004753&rfr_iscdi=true