Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection

Fadi Salo; Mohammad Noor Injadat; Abdallah Moubayed; Ali Bou Nassif; Aleksander Essex

doi:10.1109/ICCNC.2019.8685636

Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection

Fadi Salo
, Mohammad Noor Injadat
, Abdallah Moubayed
, Ali Bou Nassif
, Aleksander Essex

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

44 Scopus citations

Abstract

Machine learning has been leveraged to increase the effectiveness of intrusion detection systems (IDSs). The focus of this approach, however, has largely be on detecting known attack patterns based on outdated datasets. In this paper, we propose an ensemble feature selection method along with an anomaly detection method that combines unsupervised and supervised machine learning techniques to classify network traffic to identify previously unseen attack patterns. To that end, three different feature selection techniques are used as part of an ensemble model that selects 8 common features. Moreover, k-Means clustering is used to first partition the training instances into k clusters using the Manhattan distance. A classification model is then built based on the resulting clusters, which represent a density region of normal or anomaly instances. This in turn helps determine the effectiveness of the clustering in detecting unknown attack patterns within the data. The performance of our classifier is evaluated using the Kyoto dataset, which was collected between 2006 and 2015. To our knowledge, no previous work proposed such a framework that combines unsupervised and supervised machine learning approaches using this dataset. Experimental results show the effectiveness of the proposed framework in detecting previously unseen attack patterns compared to the traditional classification approach.

Original language	English
Title of host publication	2019 International Conference on Computing, Networking and Communications, ICNC 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	276-281
Number of pages	6
ISBN (Electronic)	9781538692233
DOIs	https://doi.org/10.1109/ICCNC.2019.8685636
State	Published - 8 Apr 2019
Externally published	Yes
Event	2019 International Conference on Computing, Networking and Communications, ICNC 2019 - Honolulu, United States Duration: 18 Feb 2019 → 21 Feb 2019

Publication series

Name	2019 International Conference on Computing, Networking and Communications, ICNC 2019

Conference

Conference	2019 International Conference on Computing, Networking and Communications, ICNC 2019
Country/Territory	United States
City	Honolulu
Period	18/02/19 → 21/02/19

Bibliographical note

Publisher Copyright:
© 2019 IEEE.

Keywords

Classification
Ensemble feature selection
Kyoto dataset
Network anomaly detection
k-means clustering

ASJC Scopus subject areas

Computer Networks and Communications
Software
Hardware and Architecture

Access to Document

10.1109/ICCNC.2019.8685636

Cite this

Salo, F., Injadat, M. N., Moubayed, A., Nassif, A. B., & Essex, A. (2019). Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection. In 2019 International Conference on Computing, Networking and Communications, ICNC 2019 (pp. 276-281). Article 8685636 (2019 International Conference on Computing, Networking and Communications, ICNC 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCNC.2019.8685636

Salo, Fadi ; Injadat, Mohammad Noor ; Moubayed, Abdallah et al. / Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection. 2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 276-281 (2019 International Conference on Computing, Networking and Communications, ICNC 2019).

@inproceedings{82c87e9290474765ac56a33cdf3c965d,

title = "Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection",

abstract = "Machine learning has been leveraged to increase the effectiveness of intrusion detection systems (IDSs). The focus of this approach, however, has largely be on detecting known attack patterns based on outdated datasets. In this paper, we propose an ensemble feature selection method along with an anomaly detection method that combines unsupervised and supervised machine learning techniques to classify network traffic to identify previously unseen attack patterns. To that end, three different feature selection techniques are used as part of an ensemble model that selects 8 common features. Moreover, k-Means clustering is used to first partition the training instances into k clusters using the Manhattan distance. A classification model is then built based on the resulting clusters, which represent a density region of normal or anomaly instances. This in turn helps determine the effectiveness of the clustering in detecting unknown attack patterns within the data. The performance of our classifier is evaluated using the Kyoto dataset, which was collected between 2006 and 2015. To our knowledge, no previous work proposed such a framework that combines unsupervised and supervised machine learning approaches using this dataset. Experimental results show the effectiveness of the proposed framework in detecting previously unseen attack patterns compared to the traditional classification approach.",

keywords = "Classification, Ensemble feature selection, Kyoto dataset, Network anomaly detection, k-means clustering",

author = "Fadi Salo and Injadat, \{Mohammad Noor\} and Abdallah Moubayed and Nassif, \{Ali Bou\} and Aleksander Essex",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 2019 International Conference on Computing, Networking and Communications, ICNC 2019 ; Conference date: 18-02-2019 Through 21-02-2019",

year = "2019",

month = apr,

day = "8",

doi = "10.1109/ICCNC.2019.8685636",

language = "English",

series = "2019 International Conference on Computing, Networking and Communications, ICNC 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "276--281",

booktitle = "2019 International Conference on Computing, Networking and Communications, ICNC 2019",

address = "United States",

}

Salo, F, Injadat, MN, Moubayed, A, Nassif, AB & Essex, A 2019, Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection. in 2019 International Conference on Computing, Networking and Communications, ICNC 2019., 8685636, 2019 International Conference on Computing, Networking and Communications, ICNC 2019, Institute of Electrical and Electronics Engineers Inc., pp. 276-281, 2019 International Conference on Computing, Networking and Communications, ICNC 2019, Honolulu, United States, 18/02/19. https://doi.org/10.1109/ICCNC.2019.8685636

Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection. / Salo, Fadi; Injadat, Mohammad Noor; Moubayed, Abdallah et al.
2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 276-281 8685636 (2019 International Conference on Computing, Networking and Communications, ICNC 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection

AU - Salo, Fadi

AU - Injadat, Mohammad Noor

AU - Moubayed, Abdallah

AU - Nassif, Ali Bou

AU - Essex, Aleksander

PY - 2019/4/8

Y1 - 2019/4/8

N2 - Machine learning has been leveraged to increase the effectiveness of intrusion detection systems (IDSs). The focus of this approach, however, has largely be on detecting known attack patterns based on outdated datasets. In this paper, we propose an ensemble feature selection method along with an anomaly detection method that combines unsupervised and supervised machine learning techniques to classify network traffic to identify previously unseen attack patterns. To that end, three different feature selection techniques are used as part of an ensemble model that selects 8 common features. Moreover, k-Means clustering is used to first partition the training instances into k clusters using the Manhattan distance. A classification model is then built based on the resulting clusters, which represent a density region of normal or anomaly instances. This in turn helps determine the effectiveness of the clustering in detecting unknown attack patterns within the data. The performance of our classifier is evaluated using the Kyoto dataset, which was collected between 2006 and 2015. To our knowledge, no previous work proposed such a framework that combines unsupervised and supervised machine learning approaches using this dataset. Experimental results show the effectiveness of the proposed framework in detecting previously unseen attack patterns compared to the traditional classification approach.

AB - Machine learning has been leveraged to increase the effectiveness of intrusion detection systems (IDSs). The focus of this approach, however, has largely be on detecting known attack patterns based on outdated datasets. In this paper, we propose an ensemble feature selection method along with an anomaly detection method that combines unsupervised and supervised machine learning techniques to classify network traffic to identify previously unseen attack patterns. To that end, three different feature selection techniques are used as part of an ensemble model that selects 8 common features. Moreover, k-Means clustering is used to first partition the training instances into k clusters using the Manhattan distance. A classification model is then built based on the resulting clusters, which represent a density region of normal or anomaly instances. This in turn helps determine the effectiveness of the clustering in detecting unknown attack patterns within the data. The performance of our classifier is evaluated using the Kyoto dataset, which was collected between 2006 and 2015. To our knowledge, no previous work proposed such a framework that combines unsupervised and supervised machine learning approaches using this dataset. Experimental results show the effectiveness of the proposed framework in detecting previously unseen attack patterns compared to the traditional classification approach.

KW - Classification

KW - Ensemble feature selection

KW - Kyoto dataset

KW - Network anomaly detection

KW - k-means clustering

UR - https://www.scopus.com/pages/publications/85064995388

U2 - 10.1109/ICCNC.2019.8685636

DO - 10.1109/ICCNC.2019.8685636

M3 - Conference contribution

AN - SCOPUS:85064995388

T3 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019

SP - 276

EP - 281

BT - 2019 International Conference on Computing, Networking and Communications, ICNC 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019

Y2 - 18 February 2019 through 21 February 2019

ER -

Salo F, Injadat MN, Moubayed A, Nassif AB, Essex A. Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection. In 2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 276-281. 8685636. (2019 International Conference on Computing, Networking and Communications, ICNC 2019). doi: 10.1109/ICCNC.2019.8685636

Clustering Enabled Classification using Ensemble Feature Selection for Intrusion Detection

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this