DOI: https://doi.org/10.15588/1607-3274-2018-2-8

AN IMPROVED ENSEMBLE APPROACH FOR DOS ATTACKS DETECTION

R. M. Alguliyev, R. M. Aliguliyev, Y. N. Imamverdiyev, L. V. Sukhostat

Abstract


Context. The task of using the ensemble of classifiers to detect DoS attacks in large arrays of network traffic data is solved to withstand
attacks on the network.
Objective of this paper is to build an ensemble of classifiers that surpasses single classifiers in terms of accuracy.
Method. To achieve the formulated goal an algorithm, that indicates the probability of belonging to certain classes, which return a
vector of classification scores for each point, is proposed. The peculiarity of the proposed approach is that for each point from the dataset,
the predicted class label corresponds to the maximum value among all scores obtained by classification methods for a given point. As
classifiers, decision trees, k-nearest neighbors algorithm, support vector machines with various kernel functions, and naпve Bayes are
considered. A comparative analysis of the proposed approach with single classifiers is considered using the following metrics: accuracy,
precision, recall, and F-measure.
Results. The experiments have been performed in R 3.4.1 on the NSL-KDD dataset of network attacks, which was divided into three
classes (DoS, normal network behavior and other types of attack).
Conclusions. The conducted experiments have confirmed the efficiency of the proposed approach. The most accurate result showed
an ensemble of five classifiers. The development of techniques for attacks detection based on an ensemble of classifiers avoids the problems inherent in most approaches since it is capable of detecting both known and new attacks with high accuracy. It can be concluded that the proposed approach for network attacks detection is of practical significance. In order to further study the attacks detection in network
traffic, studies will be performed on real Big data sets.

Keywords


network security; network attacks; DoS; classification; ensemble of classifiers; Big data.

References


Aliguliyev R. M. Multidisciplinary problems of big data in

information security / R. M. Aliguliyev, Y. N. Imamverdiyev,

M. S. Hajirahimova // Proceedings of the II International scientific and practical conference Information Security and Computer Technologies. – 2017. – P. 10-11.

Nallaivarothayan H. An evaluation of different features and

learning models for anomalous event detection /

H. Nallaivarothayan, D. Ryan, S. Denman, S. Sridharan, C. Fookes // Proceedings of the International Conference on Digital Image Computing: Techniques and Applications. – 2013. – P. 1–8. DOI:

1109/dicta.2013.6691480

Xie M. Anomaly detection in wireless sensor networks: a survey / M. Xie, S. Han, B. Tian, S. Parvin // Journal of Network and Computer Applications. – 2011. – Vol. 34. – P. 1302–1325. DOI: 10.1016/j.jnca.2011.03.004

Davis J. J. Data preprocessing for anomaly based network intrusion detection: a review / J. J. Davis, A. J. Clark // Computers & Security. – 2011. – Vol. 30. – P. 353–375. DOI: 10.1016/j.cose.2011.05.008

Fiorea U. Network anomaly detection with the restricted

boltzmann machine / U. Fiorea, F. Palmierib, A. Castiglionec, A. D. Santis // Neurocomputing. – 2013. – Vol. 122. – P. 13–23.DOI: 10.1016/j.neucom.2012.11.050

Chandola V. Anomaly detection: a survey / V. Chandola,

A. Banerjee, V. Kumar // ACM Computing Surveys. – 2009. –

Vol. 41, № 3. – P. 1–58. DOI: 10.1145/1541880.1541882

Anceaume E. Anomaly characterization in large scale networks / E. Anceaume, Y. Busnel, E. L. Merrer, R. Ludinard, J. Marchand, B. Sericola // Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. – 2014. – P. 68–79. DOI: 10.1109/dsn.2014.23

Dua S. Data mining and machine learning in cybersecurity /

S. Dua, X. Du. – Boca Raton, FL: CRC Press, 2011. – 256 p.

DOI: 10.1201/b10867 9. Catania C. A. Automatic network intrusion detection: current techniques and open issues / C. A. Catania, C. G. Garino //Computers and Electrical Engineering. – 2012. – Vol. 38, № 5. – P. 1062–1072. DOI: 10.1016/j.compeleceng.2012.05.013 10. Ahmed M. A survey of network anomaly detection techniques / M. Ahmed, A. Mahmood, J. Hu // Journal of Network and Computer Applications. – 2016. – Vol. 60. – P. 19–31. DOI: 10.1016/

j.jnca.2015.11.016

Wu S. X. The use of computational intelligence in intrusion

detection systems: a review / S. X. Wu, W. Banzhaf // Applied

Soft Computing. – 2010. – Vol. 10, № 1. – P. 1–35. DOI: 10.1016/j.asoc.2009.06.019

Chandola V. Data mining for cyber security / V. Chandola,

E. Eilertson, L. Ertoz, G. Simon, V. Kumar. – New York: Springer, 2006. – 159 p. – (Data Warehousing and Data Mining Techniques for Computer Security.). DOI: 10.1007/978-0-387-47653-7

Lee W. A framework for constructing features and models for intrusion detection systems / W. Lee, S. J. Stolfo // ACM

Transactions on Information and System Security. – 2000. –

Vol. 3, № 4. – P. 227–261. DOI: 10.1145/382912.382914

Mahoney M. V. Learning nonstationary models of normal network traffic for detecting novel attacks / M. V. Mahoney, P. K. Chan / / Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. – 2002. – P. 376–386. DOI: 10.1145/775047.775102

Hodge V. A survey of outlier detection methodologies / V. Hodge, J. Austin // Artificial Intelligence Review. – 2004. – Vol. 22, № 2. – P. 85–126. DOI: 10.1023/b:aire.0000045502.10941.a9 16. Farid D. M. Adaptive intrusion detection based on boosting and naive bayesian classifier / D. M. Farid, M. Z. Rahman,

C. M. Rahman // International Journal of Computer Applications. – 2011. – Vol. 24, № 3. – P. 12–19. DOI: 10.5120/2932-3883


GOST Style Citations


1. Aliguliyev R. M. Multidisciplinary problems of big data in
information security / R. M. Aliguliyev, Y. N. Imamverdiyev,
M. S. Hajirahimova // Proceedings of the II International scientific
and practical conference Information Security and Computer
Technologies. – 2017. – P. 10-11.
2. Nallaivarothayan H. An evaluation of different features and
learning models for anomalous event detection /
H. Nallaivarothayan, D. Ryan, S. Denman, S. Sridharan, C. Fookes
// Proceedings of the International Conference on Digital Image
Computing: Techniques and Applications. – 2013. – P. 1–8. DOI:
10.1109/dicta.2013.6691480
3. Xie M. Anomaly detection in wireless sensor networks: a survey
/ M. Xie, S. Han, B. Tian, S. Parvin // Journal of Network and
Computer Applications. – 2011. – Vol. 34. – P. 1302–1325.
DOI: 10.1016/j.jnca.2011.03.004
4. Davis J. J. Data preprocessing for anomaly based network intrusion
detection: a review / J. J. Davis, A. J. Clark // Computers &
Security. – 2011. – Vol. 30. – P. 353–375. DOI: 10.1016/
j.cose.2011.05.008
5. Fiorea U. Network anomaly detection with the restricted
boltzmann machine / U. Fiorea, F. Palmierib, A. Castiglionec, A.
D. Santis // Neurocomputing. – 2013. – Vol. 122. – P. 13–23.
DOI: 10.1016/j.neucom.2012.11.050
6. Chandola V. Anomaly detection: a survey / V. Chandola,
A. Banerjee, V. Kumar // ACM Computing Surveys. – 2009. –
Vol. 41, № 3. – P. 1–58. DOI: 10.1145/1541880.1541882
7. Anceaume E. Anomaly characterization in large scale networks /
E. Anceaume, Y. Busnel, E. L. Merrer, R. Ludinard, J. Marchand,
B. Sericola // Proceedings of the 44th Annual IEEE/IFIP
International Conference on Dependable Systems and Networks. –
2014. – P. 68–79. DOI: 10.1109/dsn.2014.23
8. Dua S. Data mining and machine learning in cybersecurity /
S. Dua, X. Du. – Boca Raton, FL: CRC Press, 2011. – 256 p.
DOI: 10.1201/b10867
9. Catania C. A. Automatic network intrusion detection: current
techniques and open issues / C. A. Catania, C. G. Garino //
Computers and Electrical Engineering. – 2012. – Vol. 38, № 5. –
P. 1062–1072. DOI: 10.1016/j.compeleceng.2012.05.013
10. Ahmed M. A survey of network anomaly detection techniques /
M. Ahmed, A. Mahmood, J. Hu // Journal of Network and Computer
Applications. – 2016. – Vol. 60. – P. 19–31. DOI: 10.1016/
j.jnca.2015.11.016
11.Wu S. X. The use of computational intelligence in intrusion
detection systems: a review / S. X. Wu, W. Banzhaf // Applied
Soft Computing. – 2010. – Vol. 10, № 1. – P. 1–35. DOI: 10.1016/
j.asoc.2009.06.019
12. Chandola V. Data mining for cyber security / V. Chandola,
E. Eilertson, L. Ertoz, G. Simon, V. Kumar. – New York: Springer,
2006. – 159 p. – (Data Warehousing and Data Mining Techniques
for Computer Security.). DOI: 10.1007/978-0-387-47653-7
13. Lee W. A framework for constructing features and models for
intrusion detection systems / W. Lee, S. J. Stolfo // ACM
Transactions on Information and System Security. – 2000. –
Vol. 3, № 4. – P. 227–261. DOI: 10.1145/382912.382914
14.Mahoney M. V. Learning nonstationary models of normal network
traffic for detecting novel attacks / M. V. Mahoney, P. K. Chan /
/ Proceedings of the eighth ACM SIGKDD international
conference on Knowledge discovery and data mining. – 2002. –
P. 376–386. DOI: 10.1145/775047.775102
15. Hodge V. A survey of outlier detection methodologies / V. Hodge,
J. Austin // Artificial Intelligence Review. – 2004. – Vol. 22, № 2. –
P. 85–126. DOI: 10.1023/b:aire.0000045502.10941.a9
16. Farid D. M. Adaptive intrusion detection based on boosting and
naive bayesian classifier / D. M. Farid, M. Z. Rahman,
C. M. Rahman // International Journal of Computer Applications. –
2011. – Vol. 24, № 3. – P. 12–19. DOI: 10.5120/2932-3883






Copyright (c) 2018 R. M. Alguliyev, R. M. Aliguliyev, Y. N. Imamverdiyev, L. V. Sukhostat

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Address of the journal editorial office:
Editorial office of the journal «Radio Electronics, Computer Science, Control»,
Zaporizhzhya National Technical University, 
Zhukovskiy street, 64, Zaporizhzhya, 69063, Ukraine. 
Telephone: +38-061-769-82-96 – the Editing and Publishing Department.
E-mail: rvv@zntu.edu.ua

The reference to the journal is obligatory in the cases of complete or partial use of its materials.