Saldırı Tespit Sistemi için Değiştirilmiş Mürekkep Balığı Algoritması Tabanlı Kural Üretimi

Yıl 2021, Cilt: 26 Sayı: 1, 253 - 268, 30.04.2021

Adel Sabry Eesa Sheren Sadıq Masoud Hassan Zeynep Orman

https://doi.org/10.17482/uumfd.747078

Öz

Günümüzde, ağa bağlı makinelerin ve Internet teknolojilerinin hızla yaygınlaşmasıyla, saldırı tespit sistemleri giderek daha fazla talep görmektedir. Buna bağlı olarak, dış ve iç saldırganların çok sayıda yasadışı faaliyetinin tespit edilmesi gerekmektedir. Bu nedenle, veri ve bilgilerin korunması için bu tür yasadışı faaliyetlerin erken tespiti gerekli ve önemlidir. Bu makalede, veri madenciliğinde saldırı tespit problemiyle başa çıkmak amacıyla Mürekkepbalığı Optimizasyon Algoritmasının yeni bir kural oluşturma yöntemi olarak kullanımı araştırılmıştır. Önerilen yöntemin etkinliği, farklı değerlendirme yöntemlerine dayalı olarak KDD Cup 99 veri seti kullanılarak test edilmiştir. Ayrıca, elde edilen sonuçlar Karar Ağacı, Naïve Bayes, Destek Vektör Makinesi ve K-En Yakın Komşu gibi bazı klasik iyi bilinen algoritmalar ile alınan sonuçlarla karşılaştırılmıştır. Deneysel sonuçlarımız, önerilen yöntemin iyi bir sınıflandırma performansı sergilediğini ve diğer geleneksel algoritmaların performansıyla karşılaştırıldığında önemli ölçüde tercih edilebilir sonuçlar verdiğini göstermektedir. Önerilen yöntem, hassasiyet, geri çağırma ve eğri altındaki alan açısından sırasıyla %93.9, %92.2 ve %94.7 değerlerini elde etmiştir.

Anahtar Kelimeler

Saldırı Tespit Sistemi, Veri Madenciliği, Mürekkepbalığı Algoritması, Sınıflandırma, Kural Keşfi

RULE GENERATION BASED ON MODIFIED CUTTLEFISH ALGORITHM FOR INTRUSION DETECTION SYSTEM

Öz

Nowadays, with the rapid prevalence of networked machines and Internet technologies, intrusion detection systems are increasingly in demand. Consequently, numerous illicit activities by external and internal attackers need to be detected. Thus, earlier detection of such activities is necessary for protecting data and information. In this paper, we investigated the use of the Cuttlefish optimization algorithm as a new rule generation method for the classification task to deal with the intrusion detection problem. The effectiveness of the proposed method was tested using KDD Cup 99 dataset based on different evaluation methods. The obtained results were also compared with the results obtained by some classical well-known algorithms namely Decision Tree (DT), Naïve Bayes (NB), Support Vector Machine (SVM), and K-Nearest Neighborhood (K-NN). Our experimental results showed that the proposed method demonstrates a good classification performance and provides significantly preferable results when compared with the performance of other traditional algorithms. The proposed method produced 93.9%, 92.2%, and 94.7% in terms of precision, recall, and area under curve, respectively.

Anahtar Kelimeler

Intrusion Detection System, Data mining, Cuttlefish Algorithm, Classification, Rule Discovery

Kaynakça

• Aburomman, A.A. and Reaz, M.B.I. (2016) A novel SVM-kNN-PSO ensemble method for intrusion detection system, Applied Soft Computing Journal, 38, 360–372. doi:10.1016/j.asoc.2015.10.011
• Aghdam, M. H. and Kabiri, P. (2016) Feature Selection for Intrusion Detection System Using Ant Colony Optimization, International Journal of Network Security, 18(3), 420-432. https://pdfs.semanticscholar.org/022d/50ecb37eb6c78be9728ed7bc198a29cc6915.pdf
• Ali, G.A. and Jantan, A. (2011) A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm, International Conference on Software Engineering and Computer Systems, Springer, Berlin, Heidelberg, 777–792. doi:10.1007/978-3-642-22203-0_65
• Arshak, Y., and Eesa, A. (2018) A New Dimensional Reduction Based on Cuttlefish Algorithm for Human Cancer Gene Expression, International Conference on Advanced Science and Engineering, IEEE, Duhok, Iraq, 48-53. doi: 10.1109/ICOASE.2018.8548908
• Balasaraswathi, V.R., Sugumaran, M. and Hamid, Y. (2018) Chaotic Cuttle Fish Algorithm for Feature Selection of Intrusion Detection System. International Journal of Pure and Applied Mathematics, 119(10), 921–935. https://acadpubl.eu/jsi/2018-119-10/articles/10a/81.pdf
• Chung, Y.Y. and Wahid, N. (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO), Applied Soft Computing, 12(9), 3014–3022. doi:10.1016/J.ASOC.2012.04.020
• Duric, Z. (2014) WAPTT - Web Application Penetration Testing Tool, Advances in Electrical and Computer Engineering, 14(1), 93–102. doi:10.4316/AECE.2014.01015
• Eesa, A.S., Abdulazeez, A.M.A., and Orman, Z. (2017) A DIDS Based on The Combination of Cuttlefish Algorithm and Decision Tree, Science Journal of University of Zakho. doi:10.25271/2017.5.4.382
• Eesa, A.S., Brifcani, A.M.A and Orman, Z. (2014) A New Tool for Global Optimization Problems-Cuttlefish Algorithm, International Journal of Computer and Information Engineering, World Academy of Science, Engineering and Technology, 8(9), 1235–1239. https://waset.org/publications/9999515/a-new-tool-for-global-optimization-problems-cuttlefish-algorithm
• Eesa, A.S. and Orman, Z. (2020), A new clustering method based on the bio‐inspired cuttlefish optimization algorithm, Expert Systems, 37, 1-13. doi:10.1111/exsy.12478
• Eesa, A.S., Orman, Z. and Brifcani, A.M.A. (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems, Expert Systems with Applications, 42(5), 2670–2679. doi:10.1016/J.ESWA.2014.11.009
• Gauthama, R.M.R., Somu, N., Kirthivasan, K., Liscano, R. and Shankar S.V.S. (2017) An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine, Knowledge-Based Systems, 134, 1–12. doi:10.1016/j.knosys.2017.07.005
• Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P. and Witten, I.H. (2009). The WEKA data mining software: an update. ACM SIGKDD Explorations Newsletter, 11(1), 10. doi:10.1145/1656274.1656278
• Hamamoto, A.H., Carvalho, L.F., Sampaio, L.D.H., Abrão, T. and Proença, M.L. (2018) Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic, Expert Systems with Applications, 92, 390–402. doi:10.1016/J.ESWA.2017.09.013
• Issa, A.S. and Brifcani, A.M. (2011) Intrusion Detection and Attack Classifier Based on Three Techniques: A Comparative Study, Engineering and Technology Journal, 29(2), 386–412. https://www.iasj.net/iasj?func=article&aId=26174
• Jiao, Y. and Du, P. (2016) Performance measures in evaluating machine learning based bioinformatics predictors for classifications, Quantitative Biology, 4(4), 320–330. doi:10.1007/s40484-016-0081-2
• Jose, S., Malathi, D., Reddy, B. and Jayaseeli, D. (2018) A Survey on Anomaly Based Host Intrusion Detection System, Journal of Physics: Conference Series, 1000(1), 012049. doi:10.1088/1742-6596/1000/1/012049
• Kanaka, V.K. and Sitamahalakshmi, T. (2017) Implementation of Intrusion Detection System Using Artificial Bee Colony with Correlation-Based Feature Selection, Advances in Intelligent Systems and Computing, Springer, Singapor, 507, 107–115. doi:10.1007/978-981-10-2471-9_11
• Khraisat, A., Gondal, I. and Vamplew, P. (2018) An Anomaly Intrusion Detection System Using C5 Decision Tree Classifier, Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Cham, 149–155. doi:10.1007/978-3-030-04503-6_14
• Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman, J. (2019) Survey of intrusion detection systems: techniques, datasets and challenges, Cybersecurity, 2(1), 20. doi:10.1186/s42400-019-0038-7
• Kiziloluk, S. and Alatas, B. (2015) Automatic mining of numerical classification rules with parliamentary optimization algorithm, Advances in Electrical and Computer Engineering, 15(4), 17–24. doi:10.4316/AECE.2015.04003
• Koc, L., Mazzuchi, T.A. and Sarkani, S. (2012) A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier, Expert Systems with Applications, 39(18), 13492–13500. doi:10.1016/J.ESWA.2012.07.009
• Li, W., Yi, P., Wu, Y., Pan, L. and Li, J. (2014) A new intrusion detection system based on KNN classification algorithm in wireless sensor network, Journal of Electrical and Computer Engineering, 2014.doi:10.1155/2014/240217
• Li, Yang and Guo, L. (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection, Computers and Security, 26(7–8), 459–467. doi:10.1016/j.cose.2007.10.002
• Li, Yinhui, Xia, J., Zhang, S., Yan, J., Ai, X. and Dai, K. (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method, Expert Systems with Applications, 39(1), 424–430. doi:10.1016/j.eswa.2011.07.032
• Mukherjee, S. and Sharma, N. (2012) Intrusion Detection using Naive Bayes Classifier with Feature Reduction, Procedia Technology, 4, 119–128. doi:10.1016/J.PROTCY.2012.05.017
• Panigrahi, R. and Borah, S. (2018) Rank Allocation to J48 Group of Decision Tree Classifiers using Binary and Multiclass Intrusion Detection Datasets, Procedia Computer Science, 132, 323–332. doi:10.1016/j.procs.2018.05.186
• Patel, K. and Buddhadev, B. (2015) Predictive rule discovery for network intrusion detection, Advances in Intelligent Systems and Computing, 321, 287–298. doi:10.1007/978-3-319-11227-5_25
• Eesa, A.S., Brifcani, A.M.A and Orman, Z. (2013) Cuttlefish Algorithm – A Novel Bio-Inspired Optimization Algorithm, International Journal of Scientific & Engineering Research, 4(9), 1978-1986. https://www.ijser.org/onlineResearchPaperViewer.aspx?Cuttlefish-Algorithm-A-Novel-Bio-Inspired-Optimization-Algorithm.pdf
• Schuh, G., Reinhart, G., Prote, J.P., Sauermann, F., Horsthofer, J., Oppolzer, F. and Knoll, D. (2019) Data mining definitions and applications for the management of production complexity, Procedia CIRP, 81, 874–879. doi:10.1016/j.procir.2019.03.217
• Sumaiya, T.I. and Aswani, K.C. (2017) Intrusion detection model using fusion of chi-square feature selection and multi class SVM, Journal of King Saud University - Computer and Information Sciences, 29(4), 462–472. doi:10.1016/J.JKSUCI.2015.12.004
• Swarnkar, M. and Hubballi, N. (2016) OCPAD: One class Naive Bayes classifier for payload based anomaly detection, Expert Systems with Applications, 64, 330–339. doi:10.1016/j.eswa.2016.07.036
• Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A.A. (2009) A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 1–6. doi:10.1109/CISDA.2009.5356528
• Tharwat, A. (2018) Classification assessment methods, Applied Computing and Informatics. https://doi.org/10.1016/j.aci.2018.08.003
• UCI Machine Learning Repository (2015) KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
• Vancea, F. (2014) Intrusion Detection in NEAR System by Anti-denoising Traffic Data Series using Discrete Wavelet Transform, Advances in Electrical and Computer Engineering, 14(4), 43–48. doi:10.4316/AECE.2014.04007
• Varma, P.R.K., Kumari, V.V. and Kumar, S.S. (2016) Feature Selection Using Relative Fuzzy Entropy and Ant Colony Optimization Applied to Real-time Intrusion Detection System, Procedia Computer Science, 85, 503–510. doi:10.1016/J.PROCS.2016.05.203
• Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G. and Zhang, R. (2020) Model of the intrusion detection system based on the integration of spatial-temporal features, Computers and Security, 89, 101681. doi:10.1016/j.cose.2019.101681
• Zhao, M., Zhai, J. and He, Z. (2010) Intrusion detection system based on support vector machine active learning and data fusion, Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 272–279. doi:10.1007/978-3-642-16493-4_28