Document Type : Research Paper

Authors

Computer Science Dept., University of Technology-Iraq, Alsina’a street, 10066 Baghdad, Iraq.

Abstract

Computer worms perform harmful tasks in network systems due to their rapid spread, which leads to harmful consequences on system security. However, existing worm detection algorithms are still suffered a lot to achieve good performance. The reasons for that are: First, a large number of irrelevant data impacts classification accuracy (irrelevant feature gives estimator new ways to go wrong without any expected benefit also can cause overfitting, which will generally lead to decreased accuracy). Second, the individual classifiers used extensively in the systems do not effectively detect all types of worms. Third, many systems are built based on old datasets, making them less suitable for new types of worms.  The research aims to detect computer worms in the network based on data mining algorithms for their high ability to automatically and accurately detect new types of computer worms. The proposal uses misuse and anomaly detection techniques based on the UNSW_NB15 dataset to train and test the ensemble Ada Boosting algorithm using SVM and DT classifiers. To select the most important features, we propose to conduct the similar features selected by Correlation and Chi-Square feature selection (since correlation finds the relations between features and classes whereas Chi finds whether features and classes are independent or not). The contribution suggests using SVM in the boosting ensemble algorithm as base estimators instead of DT to efficiently detect various types of worms. The system achieved accuracy, reaching 100% with CFS+Chi2fs and 99.38, 99.89 with correlation and chi-square separately.

Highlights

  • Union of two feature selection methods strength the NIDS
  • Performance of the NIDS will increase by using ensemble learning
  • Bagging and boosting by SVM have much more power than DT
  • Worm detection is much more strongest by using NIDS with two levels

Keywords

Main Subjects

[1] Ochieng, Nelson, Waweru Mwangi, and Ismail Ateya. Optimizing computer worm detection using ensembles." Security and Communication Networks, (2019).‏
[2] Tasril, Virdyra, et al. Threats of computer system and its prevention. International Journal of Scientific Research in Science and Technology 3.6: 448-451, 2017.‏
[3] Soukaena Hassan Hashem, Inas Ali Abdulmunem, A proposal to detect computer worms (malicious codes) using data mining classification algorithms, Eng. Technol.  J., 31 (2013).
[4] Al-Memory, Safaa O., Hongli Zhang, and Ayad R. Abbas. IDS alarms reduction using data mining. 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence). IEEE, (2008).
[5] Hashim, Soukaena H. Intrusion detection system based on data mining techniques to reduce false alarm rate. Eng. Technol.  J., 36.2 Part B,( 2018).‏
[6] Hashim, Soukaena H. Proposed Hybrid Classifier to Improve Network Intrusion Detection System using Data Mining Techniques. Eng. Technol.  J.,38.1B: 6-14, 2020.‏
[7] Hashem, Soukaena Hassan. Efficiency of Svm and Pca to enhance intrusion detection system. Journal of Asian Scientific Research 3.4: 381, (2013).‏
[8] Hashem, Soukaena Hassan. Enhance network intrusion detection system by exploiting br algorithm as an optimal feature selection. Handbook of Research on Threat Detection and Countermeasures in Network Security. IGI Global, 17-32, (2015).‏
[9] Majeed, Saad K., Soukaena H. Hashem, and Ikhlas K. Gbashi. Propose hmnids hybrid multilevel network intrusion detection system. International Journal of Computer Science Issues (IJCSI) 10.5: 200, (2013).‏
[10]  Singh, Samrendra K., et al. Machine-learning based stacked ensemble model for accurate analysis of molecular dynamics simulations. The Journal of Physical Chemistry A 123.24: 5190-5198, (2019).‏
[11]  Gautam, Rohit Kumar Singh, and Er Amit Doegar. An ensemble approach for intrusion detection system using machine learning algorithms. 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence). IEEE, (2018).‏
[12] Zhou, Yuyang, et al. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks 174 : 107247, (2020).
[13] M Jing, Dishan, and Hai-Bao Chen. SVM based network intrusion detection for the UNSW-NB15 dataset. 2019 IEEE 13th International Conference on ASIC (ASICON). IEEE, (2019).‏
[14] Thanh, Hoang Ngoc, and Tran Van Lang. Evaluating Effectiveness of Ensemble Classifiers When Detecting Fuzzers Attacks on The Unsw-Nb15 Dataset. Journal of Computer Science and Cybernetics 36.2 : 173-185, (2020).
[15] Taser, Pelin Yildirim. Application of Bagging and Boosting Approaches Using Decision Tree-Based Algorithms in Diabetes Risk Prediction. Multidisciplinary Digital Publishing Institute Proceedings. 74 (2021).
[16] Hamori, Shigeyuki, et al. Ensemble learning or deep learning? Application to default risk analysis. Journal of Risk and Financial Management 11.1 (2018): 12.
[17]  Wosiak, Agnieszka, and Danuta Zakrzewska. Integrating correlation-based feature selection and clustering for improved cardiovascular disease diagnosis. Complexity (2018).
[18] Ali, Liaqat, et al. Reliable Parkinson’s disease detection by analyzing handwritten drawings: Construction of an unbiased cascaded learning system based on feature selection and adaptive boosting model. Ieee Access 7 : 116480-116489, (2019).
[19] Korada, Naveen Kumar, N. Sagar Pavan Kumar, and Y. V. N. H. Deekshitulu. Implementation of naïve Bayesian classifier and ada-boost algorithm using maize expert system. International Journal of Information Sciences and Techniques (IJIST) 2, (2012).
[20] Alkan, Ahmet, and Mücahid Günay. Identification of EMG signals using discriminant analysis and SVM classifier. Expert systems with Applications 39.1: 44-47, (2012).‏
[21] N. Moustafa and J. Slay, Unsw-nb15: A comprehensive dataset for network intrusion detection, in Paper presented at the Military Communications and Information Systems Conference, (2015).
[22] Hooshmand, Mohammad Kazim. Using Ensemble Learning Approach To Identify Rare Cyber-Attacks In Network Traffic Data. 2020 International Conference on Advanced Computer Science and Information Systems (ICACSIS). IEEE, (2020).‏