Self-healing hybrid intrusion detection system: an ensemble machine learning approach

The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal an...

Full description

Saved in:
Bibliographic Details
Published in:Discover Artificial Intelligence 2024-12, Vol.4 (1), p.28-20, Article 28
Main Authors: Kushal, Sauharda, Shanmugam, Bharanidharan, Sundaram, Jawahar, Thennadil, Suresh
Format: Article
Language:English
Subjects:
Algorithms
Anomaly detection system
Artificial Intelligence
Behavior
Computer Science
Convolutional neural network
Datasets
Deep learning
Engineering
Intrusion detection systems
Long short-term memory
Machine learning
Malware
Neural networks
Recurrent neural network
Self-healing
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal and attack categories. Next, an anomaly-based intrusion detection was built based on the LSTM (Long-Short Term Memory) algorithm to detect anomalies. These anomalies are then fed into the signature generator to extract attributes. These attributes get uploaded into the C5 training set, aiding the ensemble model in continual learning with expanding signatures of unknown attacks. By generating signatures of unknown attacks, the self-healing attribute of the ensemble model contributes to the early detection of attacks. For the C5 classifier, the proposed model is evaluated on the UNSW-NB15 dataset, while for the LSTM model, it is evaluated on the ADFA-LD dataset. Compared to conventional models, the experimental results show better detection rates for both known and unknown attacks. The C5 classifier achieved a True Positive Rate of 97% while maintaining a false positive rate of 8%. Also, the LSTM model achieved a detection rate of 90% while retaining a 17% False Alarm Rate. As the proposed model learns, its performance in real network traffic also improves and it also eliminates human intervention when updating training data.
ISSN:2731-0809
2731-0809
DOI:10.1007/s44163-024-00120-9