Network Intrusion Classification By Sparse Modeling And Combination Scheme

Along with the increasing number of computer network activities and flow of sensitive information online,many organizations have become prone to various types of cyberattacks.Therefore,defending networked systems from intrusion,disruption,and other anomalous activities has become very important for government,public,and private sector organizations.On some occasions,traditional encryption methods and intrusion prevention systems,including firewalls,access controls,and secure network protocols,introduce malicious traffic into network systems.The intrusion detection system(IDS)is a well-known component of network security systems that effectively ensures transactions over network systems by applying machine learning algorithms to detect new and unknown types of cyberattacks.Previous studies on IDS have been focusing on specific problems,such as overfitting,redundant features,and limited training samples in which feature selection(FS)remains an area that is largely unexplored.This dissertation aims to fill such gap by focusing on discriminative features selection,group feature selection,sparse representation,combination schemes,and network intrusion classification.The contributions of this dissertation can be summarized as follows:1.The existence of redundant and irrelevant features along with the limited number of training samples have introduced many challenges into the classification task,such as overfitting,increased high computational cost,lack of model interpretability,and noise sensitivity.To achieve a high accuracy for the IDS,this dissertation approaches the FS and classification problems by using the sparse logistic regression(SPLR)algorithm.This algorithm works by selecting a small subset of features from the original features pool by sparsity regularization for intrusion classification.A linear SPLR model that simultaneously selects the discriminative features from a repository of datasets and learns the coefficients of the linear classifier is also proposed.Compared with traditional FS approaches(e.g.,filter(ranking)and wrapper methods)that separate FS and classification problems,the proposed SPLR-based method combines FS and classification tasks into a unified framework.The experiment results demonstrate that the proposed method outperforms most of the well-known techniques employed for intrusion detection.2.Structural SPLR(SSPLR)is an extension of SPLR,which selects significant feature groups and individual features while reducing the disturbance from noisy and irrelevant features(groups)to improve the performance of classification.In the case of IDS classification,sparsity suggests that only the selected features and groups are useful for the classifiers to determine the intrusion in the network.This dissertation introduces an important feature group and individual FS as well as a novel intrusion classification for IDSs.SSPLR has been recently used to analyze and process data via structural sparse penalization((?)3,(?)2).In SSPLR,the association among features is recognized in the modeling,while prior information about the feature structure can be mapped into sparsity-inducing norms.The advantages of SSPLR method is validated on real network intrusion datasets.3.A hybrid mining algorithm for IDS is developed based on J48 and NaYve Bayes(NB),both of which are prominent,effective classifiers for classification tasks in data mining.The proposed algorithm classifies the incoming network traffic as either a normal or abnormal attack,and each feature vector in the algorithm comprises 41 feature values of network traffic data.This algorithm also addresses some difficulties typically faced by IDSs,such as discarding redundant features and reducing the number of contradictory records in an extensive training dataset.The performance of this algorithm is also tested against that of J48,NB,and Bayes Net based on detection accuracy,sensitivity,specificity,and F-measure.The proposed hybrid mining algorithm employing the sum-rule scheme achieves a detection accuracy of 91.36%,thereby suggesting that this algorithm produces considerably better results on real benchmark datasets compared with either J48 or NB.