ارائه رویکردی جدید برای تشخیص حملات علیه صدا از طریق پروتکل اینترنت مبتنی بر خوشهبندی تجمیعی
محورهای موضوعی : شبکه های کامپیوتری و امنیتفرید باوی فرد 1 , محمد خیراندیش 2 , محمد مصلح 3
1 - گروه مهندسی کامپیوتر- واحد دزفول، دانشگاه آزاد اسلامی، دزفول، ایران
2 - گروه مهندسی کامپیوتر- واحد دزفول، دانشگاه آزاد اسلامی، دزفول، ایران
3 - گروه مهندسی کامپیوتر- واحد دزفول، دانشگاه آزاد اسلامی، دزفول، ایران
کلید واژه: الگوريتم بهینهسازی, انتخاب ویژگي, پرسپترون چندلایه, خوشهبندی تجمیعی, سیستم تشخیص نفوذ, شبیهسازی تبرید ,
چکیده مقاله :
با توجه به هزینه کمتر و انعطافپذیری بیشتر، انتقال صدا از طریق پروتکل اینترنت (VoIP) به طور گستردهای در ارتباطات راه دور استفاده میشود. تنوع پایانههای VoIP باعث آسیبپذیری آنها میشود. یک راه متداول برای ایمنسازی VoIP، شامل تشخیص نفوذ مبتنی بر یادگیری ماشین است. با توجه به تنوع ترافیک و عدم وجود برچسب کلاس برای آموزش سیستمهای تشخیص نفوذ (IDS) در بسیاری از مواقع، بر رویکردهای خوشهبندی (یادگیری بدون ناظر) متمرکز شدهاند. اما سیستمهای خوشهبندی منفرد نمیتوانند تنوع مقادیر ویژگیها را بهخوبی پوشش دهند و برخی از نمونههای ترافیک ممکن است بهعنوان نقاط پرت شناسایی شوند. مدل پیشنهادی، بهعنوان یک رویکرد تجمیعی برای حل این مسائل، روی استفاده از الگوریتم خوشهبندی دومرحلهای متمرکز شده و سعی میکند با ایجاد بهبودی در آن، فرآیند تشخیص نفوذ مبتنی بر خوشهبندی را بهبود دهد. علاوه بر این، با توجه به اهمیت فرآیند انتخاب ویژگی، ترکیبی از الگوریتم شبیهسازی تبرید (SA) و شبکه عصبی پرسپترون چندلایه (MLP)، برای شناسایی ویژگیهای برتر مورد استفاده در خوشهبندی بستههای VoIP، در قالب بستههای عادی یا حمله انکار سرویس (DoS)، حمله کاربر به ریشه (U2R)، حمله کاربر از راه دور (R2L) و حمله پویشگر مورد بهرهبرداری قرار گرفته است. بر اساس نتایج ارزیابی بر روی مجموعه داده "آزمایشگاه امنیت شبکه– کشف دانش در پایگاههای دادهای" (NSL-KDD)، توسط نرمافزار متلب، انتخاب ویژگی پیشنهادی با کاهش ویژگیها به 10 و 8، زمان آموزش و آزمایش را بهترتیب 77 درصد و 80 درصد کاهش میدهد. همچنین در مقایسه با تعدادی از مطالعات قبلی، IDS پیشنهادی بهبود متوسطی معادل 34/3 درصد، 17/14 درصد و 87/32 درصد را بهترتیب در دقت، نرخ تشخیص و معیار F نشان میدهد.
Due to lower cost and greater flexibility, voice over internet protocol (VoIP) is widely used in telecommunications. A variety of VoIP terminals causes them to be vulnerable. A common way to secure VoIP includes intrusion detection based on machine learning. Due to the diversity of traffics and lack of class labels for training Intrusion detection systems (IDSs) in many situations, clustering approaches (unsupervised learning) have been focused on. But individual cluster systems can't cover the diversities of feature values well, and some traffic samples may be identified as outliers. As an ensemble approach, the proposed model for solving these problems focuses on using TwoStep clustering algorithm, and by improving it, tries to improve the clustering-based intrusion detection. Moreover, regarding the importance of the feature selection process, a combination of Simulated Annealing algorithm (SA) and Multi-Layer Perceptron (MLP) has been exploited for identifying superior features used for clustering VoIP packets, as Normal or involving DoS, R2L, U2R either Probe attacks. Based on evaluation results obtained on the dataset “Network Security Lab-Knwledge Discovery in Databases” (NSL-KDD) by MATLAB, the proposed feature selection reduced the training and testing times, averagely by 77% and 80%, respectively, by reducing the features to 10 and 8. Also, compared to previous works, the proposed IDS shows average improvements in Accuracy, Detection rate, and F-Measure at 3.34 %, 14.17 %, and 32.87 %, respectively.
[1] S. Armoogum, N. Mohamudally, "An extended genetic algorithm-based prevention system against DoS/DDoS flood attacks in VoIP systems", Progress of the Springer/ACIE, pp. 301-312, Singapore, Apr. 2021 (doi: 10.1007/978-981-33-4299-6_25).
[2] V. Kumar, O.P. Roy, "Reliability and security analysis of VoIP communication systems", InRising Threats in Expert Applications and Solutions, Proceeding of the Springer¬/FICR-TEAS, pp. 687-693, Singapore, 2021 (doi: 10.1007/978-981-15-6014-9_84).
[3] Q. Wang, Q. Qian, "Malicious code classification based on opcode sequences and textCNN network", Journal of Information Security and Applications, vol. 67, Article Number: 103151, June 2022 (doi: 10.1016/j.jisa.20¬22.103151).
[4] A. Salman, M.S. Khan, S. Idrees, F. Akram, M. Junaid, AL. Malik, "File integrity checkers: functionality, attacks, and protection", Proceeding of the IEEE/ICoDT2, pp. 1-6, Rawalpindi, Pakistan, May 2022 (doi: 10.1109/¬ICoD¬T255437.2022.9787428).
[5] F. Salo, M. Injadat, A. Moubayed, A.B. Nassif, A. Essex, " Clustering enabled classification using ensemble feature selection for intrusion detection", Proceeding of the IEEE/ICNC, pp. 276-281, Honolulu, HI, USA, Feb. 2019 (doi: 10.1109/ICCNC.2019.8685636).
[6] K.K. Wankhade, K.C. Jondhale, "An ensemble clustering method for intrusion detection", International Journal of Intelligent Engineering Informatics, vol. 7, no. 2-3, pp. 112-140, April. 2019 (doi: 10.1504/IJIEI.201¬9.099¬085).
[7] X. Wu, T. Ma, J. Cao, Y. Tian, A. Alabdulkarimm, "¬A comparative study of clustering ensemble algorithms", Computers and Electrical Engineering, vol. 68, pp. 603-615, May. 2018 (doi: 10.1016/j.compeleceng.201¬8.05.005).
[8] S. Khanmohammadi, N. Adibeig, S. Shanehbandy, "¬An improved overlapping k-means clustering method for medical applications", Expert Systems with Applications, vol. 67, pp. 12-18, Jan. 2017 (doi: 10.1016/j.e¬swa.2016.09.025).
[9] T. Chiu, D. Fang, G. Chen, Y. Wang, C. Jeris, "A robust and scalable clustering algorithm for mixed type attributes in large database environment", Proceeding of the seventh ACM SIGKDD, pp. 263-268, San Francisco California, Aug. 2001 (doi: 10.1145/502512.502549).
[10¬] J. Bacher, K. Wenzig, M. Vogler, "SPSS TwoStep Cluster- A first evaluation", Friedrich-Alexander University of Erlangen-Nuremberg, Chair of Sociology, vol. 2, pp. 1-23, Jan. 2004.
[11] V.R. Balasaraswathi, M. Sugumaran, Y. Hamid, "Feature selection techniques for intrusion detection using non-bio-inspired and bio-inspired optimization algorithms", Journal of Communications and Information Networks, vol. 2, no. 4, pp. 107-119, Dec. 2017 (doi: 10.1007/s41650-017-0033-7).
[12] M. Sharma, P. Kaur¬, "A comprehensive analysis of nature-inspired meta-heuristic techniques for feature selection problem", Archives of Computational Methods in Engineering, vol. 28, pp. 1103-1127, May 2021 (doi: 10.1007/s11831-020-09412-6).
[13] M. Abd Elaziz, A.H. Elsheikh, D. Oliva, L. Abualigah, S. Lu, A.A. Ewees¬, "Advanced metaheuristic techniques for mechanical design problems: Review", Archives of Computational Methods in Engineering, vol. 29, pp. 695–716, Jan. 2022 (doi: 10.1007/s11831-021-09589-4).
[14] P.J. Van Laarhoven, E.H. Aarts, "Simulated annealing", in simulated annealing: Theory and applications, Springer, Netherlands, vol. 37, pp. 7-15, 1987 (doi: 10.1007/978-94-015-7744-1_2).
[15] A. Mahendiran, R. Appusamy, "An intrusion detection system for network security situational awareness using conditional random fields", International Journal of Intelligent Engineering and Systems, vol. 11, no. 3, pp. 196-204, June 2018 (doi: 10.22266/ijies2018.0630.21).
[16] M. Mazini, B. Shirazi, I. Mahdavi¬, "¬Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms", Journal of King Saud University-Computer and Information Sciences, vol. 31, no. 4, pp. 541-553, Oct. 2019 (doi: 10.1016/j.jksuci.2018.03.011).
[17] Y. Li, Y. Xu, Z. Liu, H. Hou, Y. Zheng, Y. Xin, Y. Zhao, L. Cui , "¬Robust detection for network intrusion of industrial IoT based on multi-CNN fusion", Measurement, vol. 154, pp. 107450, Mar. 2020 (doi: 10.1016/j.¬mea surement.2019.107450).
[18] X. Li, P. Yi, W. Wei, Y. Jiang, L. Tian, "LNNLS-KH: A feature selection method for network intrusion detection", Security and Communication Networks, pp. 1-22, Jan. 2021 (doi: 10.1155/2021/8830431).
[19] D. Li, L. Deng, M. Lee, H. Wang¬, "¬IoT data feature extraction and intrusion detection system for smart cities based on deep migration learning", International Journal of Information Management, vol. 49, pp. 533-545, Dec. 2019 (doi: 10.1016/j.ijinfomgt.2019.04.006).
[20] H.H. Pajouh, G. Dastghaibyfard, S. Hashemi, "¬Two-tier network anomaly detection model: A machine learning approach", Journal of Intelligent Information Systems, vol. 48, pp. 61-74, Feb. 2017 (doi: 10.1007/s1¬0844-015-0388-x).
[21] W. Zhang, D. Han, K.C. Li, F.I. Massetto¬, "¬Wireless sensor network intrusion detection system based on MK-ELM", Soft Computing, pp. 12361-12374, Aug. 2020 (doi: 10.1007/s00500-020-04678-1).
[22] P. Bedi, N. Gupta, V. Jindal, "¬I-SiamIDS: An improved Siam-IDS for handling class imbalance in network-based intrusion detection systems", Applied Intelligence, vol. 51, pp. 1133-1151, Feb. 2021 (doi: 10.1007/s10¬489-020-01886-y).
[23] A. Chellam, L. Ramanathan, S. Ramani, "¬Intrusion detection in computer networks using lazy learning algorithm", Procedia Computer Science, vol. 132, pp. 928-936, Jan. 2018 (doi: 10.1016/j.procs.2018.05.108).
[24] A.C. Enache, V. Sgârciu¬, "¬Anomaly intrusions detection based on support vector machines with an improved bat algorithm", Proceeding of the IEEE/CSCS, pp. 317-321, Bucharest, Romania, May. 2015 (doi: 10.110¬9/CSC¬S.2015.12).
[25] D. Jianjian, T. Yang, Y. Feiyue¬, "¬A novel intrusion detection system based on IABRBFSVM for wireless sensor networks", Procedia Computer Science, vol. 131, pp. 1113-1121, Jan. 2018 (doi: 10.1016/j.procs.2¬018¬.04.275).
[26] E. Kabir, J. Hu, H. Wang, G. Zhuo, "¬A novel statistical technique for intrusion detection systems", Future Generation Computer Systems, vol. 79, pp. 303-318, Feb. 2018 (¬doi: 10.1016/j.future.2017.01.029).
[27] V. Jyothsna, K.M. Prasad, "¬Anomaly-based intrusion detection system", Computer and Network Security, vol. 2, pp. 35-51, June. 2019.
[28] W. Wang, J. Liu, G. Pitsilis, X. Zhang, "¬Abstracting massive data for lightweight intrusion detection in computer networks", Information Sciences, vol. 433, pp. 417-430, April 2018 (doi: 10.1016/j.ins.2016.¬10.023).
[29] A. Shenfield, D. Day, A. Ayesh¬, "¬Intelligent intrusion detection systems using artificial neural networks", IET Express, vol. 4, no. 2, pp. 95-99, June. 2018 (doi: 10.1016/j.icte.2018.04.003).
[30] A.L. Fred, A.k. Jain, "Combining multiple clusterings using evidence accumulation", IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 27, no. 6, pp. 835-850, July 2005 (doi: 10.1109/TPA¬MI.2¬005.113).
[31] D. Huang, J.H. Lai, C.D. Wang, "¬Robust ensemble clustering using probability trajectories", IEEE Trans. on Knowledge and Data Engineering, vol. 28, no. 5, pp. 1312-1326, Nov. 2015 (doi: 10.1109/TKDE.2015.¬250¬3753).
[32] D. Huang, C.D. Wang, H. Peng, J. Lai, C.K. Kwoh¬, "Enhanced ensemble clustering via fast propagation of cluster-wise similarities", IEEE Trans. on Systems, Man, and Cybernetics: Systems, vol. 51, no. 1, pp. 508-520, Nov. 2018 (doi: 10.1109/TSMC.2018.2876202).
[33] C. Shao, S. Ding¬, "¬Link-based cluster ensemble method for improved meta-clustering algorithm", Proceeding of the Springer/IIP, pp. 14-25, Hangzhou, China, July 2020 (doi: 10.1007/978-3-030-46931-3_2).
[34] N. Iam-On, T. Boongoen, S. Garrett, "LCE: a link-based cluster ensemble method for improved gene expression data analysis", Bioinformatics, vol. 26, no. 12, pp. 1513-1519. June. 2010 (¬doi: 10.1093/bioinfo¬rmat¬ics/btq226).
[35] E. Jaw, X. Wang, "Feature selection and ensemble-based intrusion detection system: An efficient and comprehensive approach", Symmetry, vol. 13, no. 10, pp. 1764, Oct. 2021 (doi: 10.3390/sym13101764).
[36] N. Iam-On, T. Boongoen, S. Garrett, C. Price, "A link-based approach to the cluster ensemble problem”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 33, no. 12, pp. 2396-2409, May. 2011 (doi: 10.1109/TPAMI.2011.84).
[37] N. Iam-On, T. Boongoen, S. Garrett, "Refining pairwise similarity matrix for cluster ensemble problem with cluster relations", Proceeding of the Springer/DS, pp. 222-233, Berlin, Heidelberg, Oct. 2008 (doi: 10.10¬07¬/9¬7¬8-3¬-54¬0-8¬84¬11-8_22).
[38] L. Dhanabal, S.P. Shantharajah, "¬A study on NSL-KDD dataset for intrusion detection system based on classification algorithms", International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-452, June 2015 (doi: 10.17148/IJARCCE.2015.4696).
[39¬] T. Saranya, S. Sridevi, C. Deisy, T.D. Chung, M.A. Khan, " Performance analysis of machine learning algorithms in intrusion detection system: A review", Procedia Computer Science, vol. 171, pp. 1251-1260, Jan. 2020 (doi: 10.1016/j.procs.2020.04.133).
[40] C. Yin, Y. Zhu, S. Liu, J. Fei, H. Zhang, "¬Enhancing network intrusion detection classifiers using supervised adversarial training", The Journal of Supercomputing, vol. 76, no. 9, pp. 6690-6719, Sept. 2020 (doi: 10.10¬07/s1¬1227-019-03092-1).