Towards Effective Network Intrusion Detection: From Concept to Creation on Azure Cloud

Smitha Rajagopal,Poornima Panduranga Kundapur,Hareesha K S

doi:10.1109/access.2021.3054688

Smitha Rajagopal, Poornima Panduranga Kundapur + Show 1 more

Open Access

https://doi.org/10.1109/access.2021.3054688

Copy DOI

Journal: IEEE Access	Publication Date: Jan 1, 2021
Citations: 100	License type: CC BY 4.0

Affiliation: Manipal Academy of Higher Education

Abstract

Network Intrusion Detection is one of the most researched topics in the field of computer security. Hacktivists use sophisticated tools to launch numerous attacks that hamper the confidentiality, integrity and availability of computer resources. There is an incessant need to safeguard these resources to avoid further damage. In the proposed study, we have presented a meta-classification approach using decision jungle to perform both binary and multiclass classification. We have established the robustness of our approach by configuring an optimal set of hyper-parameters coupled with relevant feature subsets using a production-ready environment namely Azure machine learning. We have validated the efficiency of the proposed design using three contemporary datasets namely UNSW NB-15, CICIDS 2017, and CICDDOS 2019. We could achieve an accuracy of 99.8% pertaining to UNSW NB-15 whereas the accuracy in the case of CICIDS 2017 and CICDDOS 2019 datasets has been 98% and 97% respectively. A distinctive ability of the proposed model lies in its finesse to detect thirty-three modern attack types considerably well. Unlike conventional stacking ensembles, the proposed solution relies on a train-test ratio of 40:60 to establish the legitimacy of predictions. We also conducted statistical significance tests to compare the performance of classifiers involved in the study. To extend the functionalities further, we have automated the proposed model that can be a reliable candidate for real-time network intrusion detection.

Highlights

Technological advancements occurring in the field of cybersecurity emphasize on the application of Artificial Intelligence (AI) techniques to improve the security landscape [1]
We have proposed a reliable intrusion detection framework that is based on stacking approach to identify thirty-three modern attack types
A comparative study [35] was conducted to assess the performance of SVM against different classifiers and the results indicated that the stacked implementation of SVM and random forest resulted in an accuracy of 97.5% whereas an accuracy of 91.81% was achieved by SVM individually upon validation using NSL-KDD dataset

Summary

INTRODUCTION

Technological advancements occurring in the field of cybersecurity emphasize on the application of Artificial Intelligence (AI) techniques to improve the security landscape [1] Over the years, both adversaries as well as the research community have been relying on AI approaches to offend and defend computer networks. Some authors have discussed the significance of machine learning algorithms for network intrusion detection by considering the cloud environment due to its scalability and elasticity [9]–[12]. An intrusion detection system (IDS) can be categorized as host-based or network-based as per their deployment strategies [13], [14]. We have compared the performance of both binary and multiclass classifiers using statistical significance tests

RELATED WORK

AN OVERVIEW OF THE DATASETS

STACKING ENSEMBLE FOR INTRUSION DETECTION

EXPERIMENTAL APPROACH

RESULTS AND DISCUSSION

VIII. CONCLUSION