Abstract
Intrusion detection system (IDS) refers to a software system that alerts the network or computer activities and identifies the occurrence of any mischievous operations. New issues such as malware and worms are added as the internet is bursting into civilization. Henceforth, the users will utilize various techniques such as password cracking, where unencrypted text detection is used to cause system vulnerabilities. Therefore, the users require some protection mechanism to protect their device against the intruders. The main purpose of this research work is to include a comparative analysis on intrusion detection by using different machine learning and deep learning techniques. Various machine learning techniques have been used to develop IDS, and they are Back Propagation Neural Network (BPN), Feed Forward Neural Network (FNN), Recurrent Neural Network (RNN) and Multilayer Perceptron (MLP) based on real time neural network datasets such as IDS datasets and UNSW datasets. The proposed system can be analyzed in terms of error rate and accuracy values.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Machine learning algorithms are often classified as supervised or unsupervised. Supervised algorithms rely on a software scientist or data analyst with machine learning expertise to improve each input and expected output, further providing assessment on prediction accuracy along with the training algorithm time. Data scientists regulate which variables or characteristics of the model should be analyzed and used for predictions development. Once the training has been done, the algorithm must adapt what has been taught to new data. There is no need to practice non-supervised algorithms with optimal performance. Rather by using an insistent technique named deep learning to analyse the details to get the final outcomes [1,2,3]. Uncontrolled learning algorithms are reversed for more complicated processing function than supervised learning process, along with recognition of images, speech-to-text and generation of languages. Those are the neural networks operate by integrating coaching data across multiple samples and automatically recognizing often subtle correlations amongst several variables. The algorithm was once trained using its confederation bank to illustrate new data. Only such an algorithm became viable in the age of big data, because they depend upon large quantities of data for coaching.
Algorithms for machine learning are identified as supervised or unsupervised results. Semi-supervised machine learning algorithms can be decreased over the supervised and unsupervised learning process by the use of both the labelled and unlabelled data for training process. Usually, there will be a small amount of labelled data and an oversized amount of unlabelled data. The systems that can be used in this method are able to appreciably improve learning accuracy [4, 5].
The feedback is required for the agent to look out which action is best; this is often remarked because the reinforcement signals. Machine learning attempts to work on the vast quantities of information. Although it typically provides quick and reliable results to allow spot lucrative possibilities or dangerous threats, where it often needs overtime and money to properly coach it. The combination of machine learning with AI and intellectual technologies will analyze the large amounts of data in a simpler way.
2 Methodology
The IDS is often distinguished on the premise of where the detection will be performed and also the way or by which technique is being detected. The IDS is classified into two segments, one being network intrusion detection system, and thus, another is host intrusion detection system. The first system mentioned helps within the analysis the arriving networking traffic and although the HIDS functioning is dependent on operating system operation. The key conditions of information mining on IDS, which were primitively discussed, were called clustering and classification. As there is no initial label on clustering problem data collection, the item generated for the clustering algorithm has been allocated with identical data records to the same class.
The packet's action was called a traditional class or peculiar class to keep up with existing data's features and characteristics. This works on burrowing from data previously clustered in classification. This means the content is labelled. Classification can well be a technique for processing knowledge that is used to analyze a collection of information. Classification plays an important role in classifying information within this field of continuous streaming data [6, 7]. Many algorithms like decision tree, rule-based induction, Bayesian network, genetic algorithm, etc., are accustomed to classify the data. In existing framework implement, machine learning techniques like Random forest, Naive Bayes, Support Vector machine algorithms are implemented to detect the intrusion from network datasets. Existing framework could also be provide high warning and low accuracy [8,9,10].
3 Novel Intelligent Based Ids
Deep learning has become a popular topic in the world of machine learning. It is sub-field of machine learning in artificial neural networks. Using deep learning approach within the applying area, we are able to process on great amount of things required to be trained. Process is placed on numerous data points. Deep learning learns different features from the information. If the pile of knowledge is on the market, it can reduce the system performance. For achieving better accuracy in terms of performance, deep learning is considered as compatible learning mechanism. Learning varies in three major categories, i.e. supervised, semi-supervised and unsupervised. Here, the intrusion detection is implemented with relevance to the deep learning approach. Intrusion is the term, which might offend the security of automatic processing system or network. Another technique is intrusion detection, which remains tactic to investigate intrusion. Intrusion detection technique is assessed based on two methods, i.e. anomaly detection or misuse detection. Security has become a very important issue for computer systems with the rapid expansion of the computer networks over the past decade [11,12,13,14].
Specific machine learning based approaches for intrusion detection systems are being introduced in recent years. This research provides an introduction to intrusion detection through networks. A Multilayer Perceptron (MLP) is used to track interference assisted by an off-line approach to analytics. The classifying records are of two general classes—normal and assault—this analysis requires unraveling a multi-class problem because the neural network is still detecting the threat. MLP is often usually a stacked feed forward network equipped with static back propagation (BP). Such networks carried out positive analysis of static patterns through countless deployments.
3.1 Pre-Processing
Pre-processing data is a key step in the [data extraction] process. The expression “garbage in, garbage out” especially applies to machine learning and data processing projects. Methods of data collection are usually poorly regulated, dominant to out-of-range values, impossible combinations of data, missing values, etc. Resolve data for which these problems have not been carefully tested, it may yield unclear results for the process. Therefore, first and foremost, the representation and consistency of information are before an experiment is performed. When there is much irrelevant information present, then the discovery of knowledge is focused during the training process. Preparation and filtering of data steps can take considerable time interval. During this module, eliminate the irrelevant and missing values in uploaded datasets.
3.2 Classification
As the proliferation of network activity growth and confidential information on network infrastructure increases, more and more companies become vulnerable to a wider kind of attack. It is essential to protect network systems from interference, interruption and other suspicious behaviours from undesirable attackers. The network should be protected from intruders, disruption and other suspicious behaviours is important. A Multilayer perceptron (MLP) can be a type of feed forward artificial neural network. An MLP subsists on a network of at least three layers of nodes. In addition to the input nodes, any node may be a neuron that uses a nonlinear activation function. MLP's method of studying used for training data sets, which is called as the back propagation method. The multiple layers and the nonlinear activation differentiate between Multilayer Perceptron and linear perceptron. It can discern data, which cannot be separated linearly. Multilayer perceptron is consistently referred to as neural networks called “vanilla,” particularly once they always had a secret layer. A perceptron may be a linear classifier; that this is an input classification algorithm by splitting a line from two groups. In python, select the option classify and select the feature options to execute the class attribute provided by Multilayer perceptron. Data usually is a property of vector x, multiply by a wand of weights added to a bias (Fig. 1).
Proposed intelligent based IDs engine
4 Experimental Work
The proposed research work uses the KDD Cup Dataset, which is used to test intrusion detection problems. The dataset may be a series of assumed crude TCP dump data on a LAN over a span of 9 weeks training data was collected from seven weeks of network traffic to around 5 million connections records and about 2 million connection records were given fortnight of testing data. And also upload the UNSW datasets. During this phase, we will upload the network datasets within the sort of CSV file. The accuracy, false positive ratio and training time of samples are compared with traditional algorithms. [http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html] [15] (Fig. 2; Table 1).
Accuracy of various algorithms
Proposed algorithm has better accuracy rates compared to existing ones due to the use of Multilayer perceptron technique that will be helpful in training of input of attack signature which will be fed as input to the architecture (Fig. 3).
False positive ratio
The proposed method achieves less false positive ratio by properly identifying the correct attack based signatures based on the proper classification algorithms deployed to analyse the input collected form the network. The proposed method is able to achieve better FPR even within the presence of malicious nodes in the network (Fig. 4).
True positive rate
The percentage of identifying correct attacks based on the training and testing samples based on the algorithm used is a key factor. Here in our proposed technique, the use of MLP enhances key parameter TPR to decide which one are malicious or benign.
Our tests use the KDD Cup Dataset that is used to test intrusion detection problems. The dataset may be a series of assumed crude TCP dump data on a LAN over a span of 9 weeks training data was collected from seven weeks of network traffic to around 5 million connections records and about 2 million connection records were given fortnight of testing data. And also, upload the UNSW datasets. During this module, we will upload the network datasets within the sort of CSV file (Fig. 5).
Training time of samples
5 Conclusion
Detection of intrusion plays a very important role within network security, since the applications and their behaviour change every day. In recent years, network intrusion detection has been thoroughly researched, and a number of techniques are introduced including machine learning and deep learning techniques. As a result, there increased the requirement for accurate classification of the network flows. Here, we've got proposed deep learning model using Multilayer perceptron with feature selection for the accurate classification of intrusion detection. During this project, we demonstrated the development of a lightweight neural network capable of detecting intrusion from the network in real time. We also provided more insight into the methodologies used by various classification schemes in the process. We addressed possible analysis and optimization techniques that can be extended to other supervised methods of machine learning. We also outlined a quick method of identifying key attributes that supported the connection weights within the neural network and compared the deep learning algorithm (MLP) with BPN, FNN and RNN algorithm. Comparison done based error metrics (False positive rate, True Positive Rate, Training Time) and Accuracy metrics. From the above comparison, MLP is often provided less error metrics and highest accuracy 98.9% than the prevailing machine learning algorithms.
References
R.C. Staudemeyer, Applying long short-term memory recurrent neural networks to intrusion detection. S. Afr. Comput. J. 56(1), 136–154 (2015)
Y. Xin, L. Kong, Z. Liu, Y. Chen,Y. Li, H. Zhu, C. Wang, Machine learning and deep learning methods for cybersecurity. IEEE Access (2018)
N. Hubballi, Pairgram: modeling frequency information of look ahead pairs for system call based anomaly detection, in Communication Systems and Networks(COMSNETS), 2012 Fourth International Conference (IEEE, 2012), pp. 1–10
S. Venkatraman, M. Alazab, Use of data visualisation for zero-day malware detection. Secur. Commun. Netw. 1728303, 13 (2018). https://doi.org/10.1155/2018/1728303
H. Kayacik, A.N. Zincir-Heywood, M.I. Heywood, Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets, in Proceedings of the Third Annual Conference On Privacy, Security and Trust 2005, PST 2005 (DBLP, 2005)
Z. Jiong, M. Zulkernine, A. Haque, Random forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cyber. Part C (Appl. Rev.) 38(5), 649–659 (2008)
M. Alazab, S. Huda, J. Abawajy, R. Islam, J. Yearwood, S. Venkatraman, R. Broadhurst, A hybrid wrapper-filter approach for malware detection. J. Netw. 9(11), 2878–2891 (2014)
T. Kim, B. Kang, M. Rho, S. Sezer, E.G. Im, A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773–788 (2019)
R. Thanuja, A. Umamakeswari, Black hole detection using evolutionary algorithm for IDS/IPS in MANETs. Clust. Comput. 22(2), 3131–3143 (2019)
R. Thanuja, A. Umamakeswari, Unethical network attack detection and prevention using fuzzy based decision system in mobile Ad-hoc networks. J. Electr. Eng. Technol. 13(5), 2086–2098 (2018)
A. Saracino, D. Sgandurra, G. Dini, F. Martinelli, Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secure Comput. 15(1), 83–97 (2018)
S. Naseer, Y. Saleem, S. Khalid, M.K. Bashir, J. Han, M.M. Iqbal, K. Han, Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48231–48246 (2018)
S. Smys, B. Abul, W. Haoxiang, Hybrid intrusion detection system for internet of things (IoT). J. ISMAC 2(04), 190–199 (2020)
V. Suma, W. Haoxiang, Optimal key handover management for enhancing security in mobile network. J. Trends Comput. Sci. Smart Technol. (TCSST) 2(4), 181–187 (2020)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Dilipkumar, S., Durairaj, M. (2022). Detection of Attacks Using Multilayer Perceptron Algorithm. In: Ranganathan, G., Fernando, X., Shi, F. (eds) Inventive Communication and Computational Technologies. Lecture Notes in Networks and Systems, vol 311. Springer, Singapore. https://doi.org/10.1007/978-981-16-5529-6_71
Download citation
DOI: https://doi.org/10.1007/978-981-16-5529-6_71
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-5528-9
Online ISBN: 978-981-16-5529-6
eBook Packages: EngineeringEngineering (R0)