• PDF / 3,978,593 Bytes
• 28 Pages / 595.276 x 790.866 pts Page_size
• 18 Downloads / 285 Views

DOWNLOAD

REPORT

---

ORIGINAL RESEARCH

Anomaly‑based network intrusion detection with ensemble classifiers and meta‑heuristic scale (ECMHS) in traffic flow streams Durga Bhavani Dasari1 · Gayathri Edamadaka1 · Ch. Smitha Chowdary1 · M. Sobhana2 Received: 26 April 2020 / Accepted: 24 October 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020

Abstract The exponential growth in the internet services lead to enormous growth in the network traffic. As the services are increasing the numbers of network attacks are also gradually increasing. From the contemporary literature it is proved that machine learning techniques have gained importance in addressing security issues in networks and these techniques rely on features and its values to extract the knowledge. It is evidenced that phenomenal growth in the volume of transactions leads to deviation in feature values. Hence, it is necessary to consider the associability among the transactions and its feature values. In this paper, a Meta-heuristic association scale is proposed to derive a threshold value for the transaction and further, an ensemble classifier is used to analyse the transaction as normal or attack. Ensemble classifier used in the proposed system is based on drift detection which has the ability to analyze the requests at stream level. The proposed model derives the features from the stream level and uses drift detection to analyze the stream characteristics. The experimental study is carried out on the benchmark data to analyze the statistical parameters accuracy, false alarm rate, positive predictive values. Moreover, the ECMHS is compared with the other benchmark models depicted in contemporary literature. Keywords  Intrusion detection systems · Machine learning · Ensemble classifiers · Meta-heuristic approach · KS-test · Traffic flow analysis

1 Introduction The rapid development of network traffic and expanding dimensionality of networks in the internet lead to numerous improvements and huge number of difficulties as well. It includes the difficulties to detect behaviour level issues of network attack.The survival of wired and wireless networks is due to evaluation of Internet and Intranet which in turn lead to private and public network operations. The reason behind the wide success of Internet is due to the openness to new applications. This open ease of access for numerous services in the Internet generates sensitive discriminatory consequences. According to the reports of Computer Emergency * Durga Bhavani Dasari [email protected] 1



Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Guntur, Andhra Pradesh 522502, India



Department of Computer Science and Engineering, V R Siddhartha Engineering College, Vijayawada, Andhra Pradesh 522502, India

2

Response Team (CERT) most of the attacks in the Internet explore the loopholes which pave a path for the several other attacks. So, there is a great demand for a reliable mechanism to meet the present security demands. A wide range of contribution