Presenting a New Approach for Detecting Attacks on Voice over Internet Protocol Based on Ensemble Clustering
Subject Areas : Computer networks and security
Farid Bavifard
1
,
Mohammad Kheyrandish
2
,
Mohammad Mosleh
3
1 - Department of Computer Engineering- Dezful Branch, Islamic Azad University, Dezful, Iran
2 - Department of Computer Engineering- Dezful Branch, Islamic Azad University, Dezful, Iran
3 - Department of Computer Engineering- Dezful Branch, Islamic Azad University, Dezful, Iran
Keywords: ensemble clustering, feature selection, intrusion detection system, multi-layer perceptron, optimization algorithm, simulated annealing ,
Abstract :
Due to lower cost and greater flexibility, voice over internet protocol (VoIP) is widely used in telecommunications. A variety of VoIP terminals causes them to be vulnerable. A common way to secure VoIP includes intrusion detection based on machine learning. Due to the diversity of traffics and lack of class labels for training Intrusion detection systems (IDSs) in many situations, clustering approaches (unsupervised learning) have been focused on. But individual cluster systems can't cover the diversities of feature values well, and some traffic samples may be identified as outliers. As an ensemble approach, the proposed model for solving these problems focuses on using TwoStep clustering algorithm, and by improving it, tries to improve the clustering-based intrusion detection. Moreover, regarding the importance of the feature selection process, a combination of Simulated Annealing algorithm (SA) and Multi-Layer Perceptron (MLP) has been exploited for identifying superior features used for clustering VoIP packets, as Normal or involving DoS, R2L, U2R either Probe attacks. Based on evaluation results obtained on the dataset “Network Security Lab-Knwledge Discovery in Databases” (NSL-KDD) by MATLAB, the proposed feature selection reduced the training and testing times, averagely by 77% and 80%, respectively, by reducing the features to 10 and 8. Also, compared to previous works, the proposed IDS shows average improvements in Accuracy, Detection rate, and F-Measure at 3.34 %, 14.17 %, and 32.87 %, respectively.
[1] S. Armoogum, N. Mohamudally, "An extended genetic algorithm-based prevention system against DoS/DDoS flood attacks in VoIP systems", Progress of the Springer/ACIE, pp. 301-312, Singapore, Apr. 2021 (doi: 10.1007/978-981-33-4299-6_25).
[2] V. Kumar, O.P. Roy, "Reliability and security analysis of VoIP communication systems", InRising Threats in Expert Applications and Solutions, Proceeding of the Springer¬/FICR-TEAS, pp. 687-693, Singapore, 2021 (doi: 10.1007/978-981-15-6014-9_84).
[3] Q. Wang, Q. Qian, "Malicious code classification based on opcode sequences and textCNN network", Journal of Information Security and Applications, vol. 67, Article Number: 103151, June 2022 (doi: 10.1016/j.jisa.20¬22.103151).
[4] A. Salman, M.S. Khan, S. Idrees, F. Akram, M. Junaid, AL. Malik, "File integrity checkers: functionality, attacks, and protection", Proceeding of the IEEE/ICoDT2, pp. 1-6, Rawalpindi, Pakistan, May 2022 (doi: 10.1109/¬ICoD¬T255437.2022.9787428).
[5] F. Salo, M. Injadat, A. Moubayed, A.B. Nassif, A. Essex, " Clustering enabled classification using ensemble feature selection for intrusion detection", Proceeding of the IEEE/ICNC, pp. 276-281, Honolulu, HI, USA, Feb. 2019 (doi: 10.1109/ICCNC.2019.8685636).
[6] K.K. Wankhade, K.C. Jondhale, "An ensemble clustering method for intrusion detection", International Journal of Intelligent Engineering Informatics, vol. 7, no. 2-3, pp. 112-140, April. 2019 (doi: 10.1504/IJIEI.201¬9.099¬085).
[7] X. Wu, T. Ma, J. Cao, Y. Tian, A. Alabdulkarimm, "¬A comparative study of clustering ensemble algorithms", Computers and Electrical Engineering, vol. 68, pp. 603-615, May. 2018 (doi: 10.1016/j.compeleceng.201¬8.05.005).
[8] S. Khanmohammadi, N. Adibeig, S. Shanehbandy, "¬An improved overlapping k-means clustering method for medical applications", Expert Systems with Applications, vol. 67, pp. 12-18, Jan. 2017 (doi: 10.1016/j.e¬swa.2016.09.025).
[9] T. Chiu, D. Fang, G. Chen, Y. Wang, C. Jeris, "A robust and scalable clustering algorithm for mixed type attributes in large database environment", Proceeding of the seventh ACM SIGKDD, pp. 263-268, San Francisco California, Aug. 2001 (doi: 10.1145/502512.502549).
[10¬] J. Bacher, K. Wenzig, M. Vogler, "SPSS TwoStep Cluster- A first evaluation", Friedrich-Alexander University of Erlangen-Nuremberg, Chair of Sociology, vol. 2, pp. 1-23, Jan. 2004.
[11] V.R. Balasaraswathi, M. Sugumaran, Y. Hamid, "Feature selection techniques for intrusion detection using non-bio-inspired and bio-inspired optimization algorithms", Journal of Communications and Information Networks, vol. 2, no. 4, pp. 107-119, Dec. 2017 (doi: 10.1007/s41650-017-0033-7).
[12] M. Sharma, P. Kaur¬, "A comprehensive analysis of nature-inspired meta-heuristic techniques for feature selection problem", Archives of Computational Methods in Engineering, vol. 28, pp. 1103-1127, May 2021 (doi: 10.1007/s11831-020-09412-6).
[13] M. Abd Elaziz, A.H. Elsheikh, D. Oliva, L. Abualigah, S. Lu, A.A. Ewees¬, "Advanced metaheuristic techniques for mechanical design problems: Review", Archives of Computational Methods in Engineering, vol. 29, pp. 695–716, Jan. 2022 (doi: 10.1007/s11831-021-09589-4).
[14] P.J. Van Laarhoven, E.H. Aarts, "Simulated annealing", in simulated annealing: Theory and applications, Springer, Netherlands, vol. 37, pp. 7-15, 1987 (doi: 10.1007/978-94-015-7744-1_2).
[15] A. Mahendiran, R. Appusamy, "An intrusion detection system for network security situational awareness using conditional random fields", International Journal of Intelligent Engineering and Systems, vol. 11, no. 3, pp. 196-204, June 2018 (doi: 10.22266/ijies2018.0630.21).
[16] M. Mazini, B. Shirazi, I. Mahdavi¬, "¬Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms", Journal of King Saud University-Computer and Information Sciences, vol. 31, no. 4, pp. 541-553, Oct. 2019 (doi: 10.1016/j.jksuci.2018.03.011).
[17] Y. Li, Y. Xu, Z. Liu, H. Hou, Y. Zheng, Y. Xin, Y. Zhao, L. Cui , "¬Robust detection for network intrusion of industrial IoT based on multi-CNN fusion", Measurement, vol. 154, pp. 107450, Mar. 2020 (doi: 10.1016/j.¬mea surement.2019.107450).
[18] X. Li, P. Yi, W. Wei, Y. Jiang, L. Tian, "LNNLS-KH: A feature selection method for network intrusion detection", Security and Communication Networks, pp. 1-22, Jan. 2021 (doi: 10.1155/2021/8830431).
[19] D. Li, L. Deng, M. Lee, H. Wang¬, "¬IoT data feature extraction and intrusion detection system for smart cities based on deep migration learning", International Journal of Information Management, vol. 49, pp. 533-545, Dec. 2019 (doi: 10.1016/j.ijinfomgt.2019.04.006).
[20] H.H. Pajouh, G. Dastghaibyfard, S. Hashemi, "¬Two-tier network anomaly detection model: A machine learning approach", Journal of Intelligent Information Systems, vol. 48, pp. 61-74, Feb. 2017 (doi: 10.1007/s1¬0844-015-0388-x).
[21] W. Zhang, D. Han, K.C. Li, F.I. Massetto¬, "¬Wireless sensor network intrusion detection system based on MK-ELM", Soft Computing, pp. 12361-12374, Aug. 2020 (doi: 10.1007/s00500-020-04678-1).
[22] P. Bedi, N. Gupta, V. Jindal, "¬I-SiamIDS: An improved Siam-IDS for handling class imbalance in network-based intrusion detection systems", Applied Intelligence, vol. 51, pp. 1133-1151, Feb. 2021 (doi: 10.1007/s10¬489-020-01886-y).
[23] A. Chellam, L. Ramanathan, S. Ramani, "¬Intrusion detection in computer networks using lazy learning algorithm", Procedia Computer Science, vol. 132, pp. 928-936, Jan. 2018 (doi: 10.1016/j.procs.2018.05.108).
[24] A.C. Enache, V. Sgârciu¬, "¬Anomaly intrusions detection based on support vector machines with an improved bat algorithm", Proceeding of the IEEE/CSCS, pp. 317-321, Bucharest, Romania, May. 2015 (doi: 10.110¬9/CSC¬S.2015.12).
[25] D. Jianjian, T. Yang, Y. Feiyue¬, "¬A novel intrusion detection system based on IABRBFSVM for wireless sensor networks", Procedia Computer Science, vol. 131, pp. 1113-1121, Jan. 2018 (doi: 10.1016/j.procs.2¬018¬.04.275).
[26] E. Kabir, J. Hu, H. Wang, G. Zhuo, "¬A novel statistical technique for intrusion detection systems", Future Generation Computer Systems, vol. 79, pp. 303-318, Feb. 2018 (¬doi: 10.1016/j.future.2017.01.029).
[27] V. Jyothsna, K.M. Prasad, "¬Anomaly-based intrusion detection system", Computer and Network Security, vol. 2, pp. 35-51, June. 2019.
[28] W. Wang, J. Liu, G. Pitsilis, X. Zhang, "¬Abstracting massive data for lightweight intrusion detection in computer networks", Information Sciences, vol. 433, pp. 417-430, April 2018 (doi: 10.1016/j.ins.2016.¬10.023).
[29] A. Shenfield, D. Day, A. Ayesh¬, "¬Intelligent intrusion detection systems using artificial neural networks", IET Express, vol. 4, no. 2, pp. 95-99, June. 2018 (doi: 10.1016/j.icte.2018.04.003).
[30] A.L. Fred, A.k. Jain, "Combining multiple clusterings using evidence accumulation", IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 27, no. 6, pp. 835-850, July 2005 (doi: 10.1109/TPA¬MI.2¬005.113).
[31] D. Huang, J.H. Lai, C.D. Wang, "¬Robust ensemble clustering using probability trajectories", IEEE Trans. on Knowledge and Data Engineering, vol. 28, no. 5, pp. 1312-1326, Nov. 2015 (doi: 10.1109/TKDE.2015.¬250¬3753).
[32] D. Huang, C.D. Wang, H. Peng, J. Lai, C.K. Kwoh¬, "Enhanced ensemble clustering via fast propagation of cluster-wise similarities", IEEE Trans. on Systems, Man, and Cybernetics: Systems, vol. 51, no. 1, pp. 508-520, Nov. 2018 (doi: 10.1109/TSMC.2018.2876202).
[33] C. Shao, S. Ding¬, "¬Link-based cluster ensemble method for improved meta-clustering algorithm", Proceeding of the Springer/IIP, pp. 14-25, Hangzhou, China, July 2020 (doi: 10.1007/978-3-030-46931-3_2).
[34] N. Iam-On, T. Boongoen, S. Garrett, "LCE: a link-based cluster ensemble method for improved gene expression data analysis", Bioinformatics, vol. 26, no. 12, pp. 1513-1519. June. 2010 (¬doi: 10.1093/bioinfo¬rmat¬ics/btq226).
[35] E. Jaw, X. Wang, "Feature selection and ensemble-based intrusion detection system: An efficient and comprehensive approach", Symmetry, vol. 13, no. 10, pp. 1764, Oct. 2021 (doi: 10.3390/sym13101764).
[36] N. Iam-On, T. Boongoen, S. Garrett, C. Price, "A link-based approach to the cluster ensemble problem”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 33, no. 12, pp. 2396-2409, May. 2011 (doi: 10.1109/TPAMI.2011.84).
[37] N. Iam-On, T. Boongoen, S. Garrett, "Refining pairwise similarity matrix for cluster ensemble problem with cluster relations", Proceeding of the Springer/DS, pp. 222-233, Berlin, Heidelberg, Oct. 2008 (doi: 10.10¬07¬/9¬7¬8-3¬-54¬0-8¬84¬11-8_22).
[38] L. Dhanabal, S.P. Shantharajah, "¬A study on NSL-KDD dataset for intrusion detection system based on classification algorithms", International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp. 446-452, June 2015 (doi: 10.17148/IJARCCE.2015.4696).
[39¬] T. Saranya, S. Sridevi, C. Deisy, T.D. Chung, M.A. Khan, " Performance analysis of machine learning algorithms in intrusion detection system: A review", Procedia Computer Science, vol. 171, pp. 1251-1260, Jan. 2020 (doi: 10.1016/j.procs.2020.04.133).
[40] C. Yin, Y. Zhu, S. Liu, J. Fei, H. Zhang, "¬Enhancing network intrusion detection classifiers using supervised adversarial training", The Journal of Supercomputing, vol. 76, no. 9, pp. 6690-6719, Sept. 2020 (doi: 10.10¬07/s1¬1227-019-03092-1).