الگوریتم بهبود یافته ترکیبی برای تشخیص نفوذ به شبکه های کامپیوتری
محورهای موضوعی : فناوری های نوین در سیستم های توزیع شده و محاسبات الگوریتمیصفاناز حیدری 1 , فیروزه رضوی 2 *
1 - گروه کامپیوتر، واحد میاندوآب، دانشگاه آزاد اسلامی، میاندوآب، ایران
2 - گروه مدیریت فناوری اطلاعات، دانشگاه رجاء، قزوین، ایران
کلید واژه: سیستم تشخیص نفوذ, تشخیص حملات, سیستم های ترکیبی , تقویت گرادیان شدید, تکنیک های خوشه بندی, یادگیری ماشین,
چکیده مقاله :
شناسایی شبکه های مخرب برای دهه ها موضوع مطالعه بوده است و از آنجایی که حجم ترافیک شبکه روز به روز درحال افزایش است، نیاز به یک سیستم تشخیص نفوذ موفق که بتواند در زمان حمله ها فرآیند شناسایی را آسان تر، تصمیم گیری را دقیقتر و درزمان واقعی تر و پردازش را سریعتر انجام دهد احساس می شود. هدف از این پژوهش تشخیص نفوذ به شبکه های کامپیوتری با تلفیق الگوریتم های خوشه بندی K-means و XG-boost می باشد. روش پیشنهادی در دو مرحله انجام می گردد در مرحله اول با نرمالیزه کردن و دیجیتالی کردن مجموعه داده ها و همچنین حذف مقادیر پرت براساس دو روش PCA و کاهش ابعاد ویژگی پیش پردازش انجام می شود سپس با استفاده از یادگیرنده های الگوریتم K-means جهت یافتن تعداد خوشههای بهینه اقدام می کنیم و در نهایت با استفاده از روش Elbow برای یافتن تعداد خوشه های بهینه اقدام می شود. در مرحله دوم شامل طبقه بندی ترافیک شبکه مخرب و عادی از یکدیگر با ترکیب دو الگوریتم K-means و XGBoost بر روی پلتفرم های محاسباتی انجام می گردد. آزمایش ها در این مقاله با استفاده از مجموعه داده NSLKDD و پیاده سازی آن در پلتفرم شبیه ساز Knime صورت پذیرفت. نتایج ارزیابی نهایی نشان دهنده برتری نرخ تشخیص خطا و دقت و درستی الگوریتم پیشنهادی، نسبت به سایر روش های مشابه قبلی می باشد.
Identifying malicious networks has been a subject of study for decades, and since the volume of network traffic is increasing day by day, there is a need for a successful intrusion-detection system that can make the identification process easier during attacks. The aim behind this research was to take decisions more accurately via real time and faster processing. The purpose of this research was to detect intrusion into computer networks by combining K-means and XG-boost clustering algorithms. The proposed method was performed in two stages. In the first stage, the pre-processing was done by normalizing and digitizing the data set, as well as removing outliers based on two PCA methods and reducing the dimensions of the feature, then using the learner. The researchers used the k-means algorithm to find the optimal number of clusters, finally the Elbow method was utilized to find the optimum number of clusters. The second stage consisted of classifying malicious and normal network traffic from each other by combining K-means and XG-Boost algorithms on computing platforms. The experiments in this article were done using the NSLKDD data set and its implementation in the knime emulator platform; the final evaluation results revealed the superiority of the error detection rate, and the accuracy and correctness of the proposed algorithm compared over other similar methods.
[1] Khan, S., E. Sivaraman, and P.B. Honnavalli. Performance evaluation of advanced machine learning algorithms for network intrusion detection system. in Proceedings of International Conference on IoT Inclusive Life (ICIIL 2019), NITTTR Chandigarh, India. 2020. Springer. DOI: 10.1007/978-981-15-3020-3_6
[2] Zhao, X., Application of data mining technology in software intrusion detection and information processing. Wireless Communications and Mobile Computing, 2022. 2022 DOI:10.1155/2022/3829160.
[3] Zhu, Y., et al., Application of data mining technology in detecting network intrusion and security maintenance. Journal of Intelligent Systems, 2021. 30(1): p. 664-676. DOI:10.1155/2022/3829160
[4] Shahjee, D. and N. Ware, Integrated network and security operation center: A systematic analysis. IEEE Access, 2022. 10: p. 27881-27898.DOI: 10.1109/ACCESS.2022.3157738
[5] Yang, L. and A. Shami, IoT data analytics in dynamic environments: From an automated machine learning perspective. Engineering Applications of Artificial Intelligence, 2022. 116: p. 105366. https://doi.org/10.1016/j.engappai.2022.105366
[6] Khalil, R.A., et al., Deep learning in the industrial internet of things: Potentials, challenges, and emerging applications. IEEE Internet of Things Journal, 2021. 8(14): p. 11016-11040. DOI: 10.1109/JIOT.2021.3051414
[7] Yang, L. and A. Shami. A transfer learning and optimized CNN based intrusion detection system for Internet of Vehicles. in ICC 2022-IEEE International Conference on Communications. 2022. IEEE. DOI: https://doi.org/10.1109/ICC45855.2022.9838780
[8] Sangkatsanee, P., N. Wattanapongsakorn, and C. Charnsripinyo, Practical real-time intrusion detection using machine learning approaches. Computer Communications, 2011. 34(18): p. 2227-2235. DOI: 10.1016/j.comcom.2011.07.001
[9] Axelsson, S., The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 2000. 3(3): p. 186-205 DOI: 10.1145/319709.319710
[10] de Sá, A.G., A.C. Pereira, and G.L. Pappa, A customized classification algorithm for credit card fraud detection. Engineering Applications of Artificial Intelligence, 2018. 72: p. 21-29. https://doi.org/10.1016/j.engappai.2018.03.011
[11] Lee, W., S.J. Stolfo, and K.W. Mok. A data mining framework for building intrusion detection models. in Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No. 99CB36344). 1999. IEEE.DOI: 10.1109/SECPRI.1999.766909
[12]. J. Kazemitabar, R. Taheri, Gh. Kheradmandian. A Novel Technique for Improvement of Intrusion Detection via Combining Random Forrest and Genetic Algorithm,1398.3:p.287-296[in persian]
[13]. Namjouye Rad, A.A. and M. Dadgarpour, Detection of network penetration by data mining and using machine learning via SVM algorithm. Karafan Quarterly Scientific Journal, 2021. 17(4): p. 13-34.DOI: ,
[14]. Mohsen Rezaei1 (M.S.) - Nazanin Zahra Jafari1 (M.S.) - Hossein Ghaffarian2 Comparison of Data Mining Algorithms' Efficiency in Thyroid Disease Diagnosisp.., 2019, p.345-358. [in persian]
[15]. Sharifi, S. and Gheisari, S., design of anomaly-based detection system using support vector machine and grasshopper optimization algorithm in IOT. JOURNAL OF SOUTHERN COMMUNICATION ENGINEERING ISLAMIC AZAD UNIVERSITY BUSHEHR BRANCH. 2023.p.42-58[in persian]
[16]. Thaseen, I.S. and C.A. Kumar, Intrusion detection model using fusion of chi-square feature selection and multi class SVM. Journal of King Saud University-Computer and Information Sciences, 2017. 29(4): p. 462-472. https://doi.org/10.1016/j.jksuci.2015.12.004
[17]. Lin, W.-C., S.-W. Ke, and C.-F. Tsai, CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-based systems, 2015. 78: p. 13-21. https://doi.org/10.1016/j.knosys.2015.01.009
[18]. Ponmalar, A. and V. Dhanakoti, An intrusion detection approach using ensemble support vector machine based chaos game optimization algorithm in big data platform. Applied Soft Computing, 2022. 116: p. 108295 https://doi.org/10.1016/j.asoc.2021.108295.
[19]. Pattawaro, A. and C. Polprasert. Anomaly-based network intrusion detection system through feature selection and hybrid machine learning technique. in 2018 16th International Conference on ICT and Knowledge Engineering (ICT&KE). 2018. IEEE. DOI: 10.1016/j.jocs.2017.04.009
[20]. Lv, H., X. Ji, and Y. Ding. A Mixed Intrusion Detection System utilizing K-means and Extreme Gradient Boosting. in Journal of Physics: Conference Series. 2023. IOP Publishing. DOI 10.1088/1742-6596/2517/1/012016
[21]. Lv, H., X. Ji, and Y. Ding. A Mixed Intrusion Detection System utilizing K-means and Extreme GradientBoosting. in Journal of Physics: Conference Series. 2023. IOP Publishing. DOI 10.1088/1742-6596/2517/1/012016