Application of a Novel Multiple Kernel Learning Framework for Improving the Robustness of Network Intrusion Detection Open Access
Downloadable ContentDownload PDF
Current day Network Intrusion Detection Systems have several shortcomings such as high rates of false positive alerts, low detection rates of rare but dangerous attacks and the need for constant human intervention and tuning. Daily reports of incidents appear in public media including major ex-filtrations of data for the purposes of stealing identities, credit card numbers, and intellectual property as well as to take control of network resources. Methods used by attackers constantly change in order to defeat techniques employed by information technology (IT) teams intended to discover or block intrusions. "Zero Day" (i.e. previously unseen) attacks whose "signatures" are not yet in IT databases are continually being uncovered. Machine learning approaches have been widely used to increase the effectiveness of intrusion detection platforms. While some machine learning techniques are effective at detecting certain types of attacks, there are no known methods that can be applied universally and achieve consistent results for multiple attack types. Detection of cyber-based attacks on computer networks continues to be a relevant and challenging area of research.The focus of this research is on the development of a framework that combines the outputs of multiple learners in order to improve the efficacy of network intrusion detection. The approaches built into this framework are tested on a benchmark dataset that contains instances of normal network traffic and multiple classes of network attacks. The extreme learning machine (ELM) was chosen as the core algorithm due to recent research that suggests that ELMs are straightforward to implement, computationally efficient and have excellent learning performance characteristics on par with the Support Vector Machine (SVM), one of the most widely used and best performing machine learning platforms (Liu, X., Gao, C., & Li, P., 2012). A novel and flexible machine learning framework was constructed to test several new ensemble learning approaches including Online Multiple Kernel Classification ELM (OMKC-ELM), Multiple Boosting ELM (MB-ELM) and Multiple Adaptive Reduced Kernel ELM (MARK-ELM). These methods were tested on several machine learning datasets as well as the Knowledge Discovery and Data Mining Contest 1999 (KDD Cup 99) intrusion detection dataset. The results indicate that the proposed approaches used in framework perform well for the majority of UCI benchmark datasets and are scalable for processing larger datasets. In these experiments it was demonstrated that the ensemble methods MARK-ELM and OMKC-ELM achieve superior detection rates and lower false alarm rates than many other existing paradigms for classifying network intrusion detection data. The results of this research is of interest to Network Operators and cyber security researchers who are always seeking more robust approaches to Network Intrusion Detection and Prevention that have good detection capability along with low false positive rates and do not require a great deal of tuning or human intervention. The findings presented here may lead to methods to improve and augment existing Network Intrusion Detection, Prevention and Forensic Analysis systems. Finding innovative and advanced approaches for detection of cyber-based attacks on computer networks continues to be a relevant and challenging area of research.