TY - JOUR
T1 - Developing an intrusion detection framework for high-speed big data networks
T2 - A comprehensive approach
AU - Siddique, Kamran
AU - Akhtar, Zahid
AU - Khan, Muhammad Ashfaq
AU - Jung, Yong Hwan
AU - Kim, Yangwoo
N1 - Publisher Copyright:
© 2018 KSII.
PY - 2018/8/31
Y1 - 2018/8/31
N2 - In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.
AB - In network intrusion detection research, two characteristics are generally considered vital to building efficient intrusion detection systems (IDSs): an optimal feature selection technique and robust classification schemes. However, the emergence of sophisticated network attacks and the advent of big data concepts in intrusion detection domains require two more significant aspects to be addressed: employing an appropriate big data computing framework and utilizing a contemporary dataset to deal with ongoing advancements. As such, we present a comprehensive approach to building an efficient IDS with the aim of strengthening academic anomaly detection research in real-world operational environments. The proposed system has the following four characteristics: (i) it performs optimal feature selection using information gain and branch-and-bound algorithms; (ii) it employs machine learning techniques for classification, namely, Logistic Regression, Naïve Bayes, and Random Forest; (iii) it introduces bulk synchronous parallel processing to handle the computational requirements of large-scale networks; and (iv) it utilizes a real-time contemporary dataset generated by the Information Security Centre of Excellence at the University of Brunswick (ISCX-UNB) to validate its efficacy. Experimental analysis shows the effectiveness of the proposed framework, which is able to achieve high accuracy, low computational cost, and reduced false alarms.
KW - Anomaly detection
KW - Big data
KW - BSP
KW - Bulk synchronoparallel
KW - Darpa
KW - ISCX-UNB dataset
KW - KDD cup 99
KW - Machine learning
KW - Network intrusion detection systems
UR - http://www.scopus.com/inward/record.url?scp=85053628526&partnerID=8YFLogxK
U2 - 10.3837/tiis.2018.08.026
DO - 10.3837/tiis.2018.08.026
M3 - Article
AN - SCOPUS:85053628526
SN - 1976-7277
VL - 12
SP - 4021
EP - 4037
JO - KSII Transactions on Internet and Information Systems
JF - KSII Transactions on Internet and Information Systems
IS - 8
ER -