Genetic programming support vector machine model for a wireless intrusion detection system

Objectives. The rapid penetration of wireless communication technologies into the activities of both humans and Internet of Things (IoT) devices along with their widespread use by information consumers represents an epochal phenomenon. However, this is accompanied by the growing intensity of successful information attacks, involving the use of bot attacks via IoT, which, along with network attacks, has reached a critical level. Under such circumstances, there is an increasing need for new technological approaches to developing intrusion detection systems based on the latest achievements of artificial intelligence. The most important requirement for such a system consists in its operation on various unbalanced sets of attack data, which use different intrusion techniques. The synthesis of such an intrusion detection system is a difficult task due to the lack of universal methods for detecting technologically different attacks; moreover, the consistent application of known methods is unacceptably long. The aim of the present work is to eliminate such a scientific gap.
Methods. Using the achievements of artificial intelligence in the fight against attacks, the authors proposed a method based on a combination of the genetic programming support vector machine (GPSVM) model using an unbalanced CICIDS2017 dataset.
Results. The presented technological intrusion detection system architecture offers the possibility to train a dataset for detecting attacks on CICIDS2017 and extracting detection objects. The architecture provides for the separation of the dataset into verifiable and not verifiable elements, with the latter being added to the training set by feedback. By training the model and improving GPSVM training set, better accuracy is ensured. The operability of the new flowchart of the GPSVM model is demonstrated in terms of the entry of input data and output of data after processing using the training set of the GPSVM model. Numerical analysis based on the results of model experiments on selected quality indicators showed an increase in the accuracy of the results as compared to the known SVM method.
Conclusions. Computer experiments have confirmed the methodological correctness of choosing a combination of the GPSVM model using an unbalanced CICIDS2017 dataset to increase the effectiveness of intrusion detection. A procedure for forming a training dataset based on feedback is proposed. The procedure involving the separation of datasets is shown to create conditions for improving the training of the model. The combination of the GPSVM model with an unbalanced CICIDS2017 dataset to collect a sample increases theaccuracy of intrusion detection to provide improved intrusion detection performance as compared to the SVM method.

1. Koch R., Golling M., Rodosek G.D. Towards comparability of intrusion detection systems: New data sets. In: TERENA Networking Conference (TNC). 2014. V. 7.

2. Nehinbe J.O. A critical evaluation of datasets for investigating IDSs and IPSs researches. In: 2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). IEEE; 2011. P. 92–97. https://doi.org/10.1109/CIS.2011.6169141

3. Shiravi A., Shiravi H., Tavallaee M., Ghorban A.A. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security. 2012;31(3):357–374. https://doi.org/10.1016/j.cose.2011.12.012

4. Ghorbani A.A., Lu W., Tavallaee M. Detection approaches. In: Network Intrusion Detection and Prevention. Boston, MA: Springer; 2010. P. 27–53. https://doi.org/10.1007/978-0-387-88771-5_2

5. Scott P.D., Wilkins E. Evaluating data mining procedures: techniques for generating artificial data sets. Inf. Softw. Technol. 1999;41(9):579–587. https://doi.org/10.1016/S0950-5849(99)00021-X

6. Heidemann J., Papdopoulos C. Uses and challenges for network datasets. In: 2009 Cybersecurity Applications & Technology Conference for Homeland Security. IEEE; 2009. P. 73–82. https://doi.org/10.1109/CATCH.2009.29

7. Gharib A., Sharafaldin I., Lashkari A.H., Ghorbani A.A. An evaluation framework for intrusion detection dataset. In: 2016 International Conference on Information Science and Security (ICISS). IEEE; 2016. P. 1–6. https://doi.org/10.1109/ICISSEC.2016.7885840

8. Sharafaldin I., Gharib A., Lashkari A.H., Ghorbani A.A. Towards a reliable intrusion detection benchmark dataset. Software Networking. 2018;2017(1):177–200. https://doi.org/10.13052/jsn2445-9739.2017.009

9. Ho Y.B., Yap W.S., Khor K.C. The effect of sampling methods on the CICIDS2017 network intrusion data set. In: Kim H., Kim K.J. (Eds.). IT Convergence and Security. Lecture Notes in Electrical Engineering. Singapore: Springer; 2021. V. 782. P. 33–41. https://doi.org/10.1007/978-981-16-4118-3_4

10. Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). 2018. P. 108–116. https://doi.org/10.5220/0006639801080116

11. Bashir T., Agbata B.C., Ogala E., Obeng-Denteh W. The fuzzy experiment approach for detection and prevention of masquerading attacks in online domain. East African Sch. J. Eng. Comput. Sci. 2020;3(10):205–215. https://doi.org/10.36349/easjecs.2020.v03i10.001

12. Fang Y., Zhang C., Huang C., Liu L., Yang Y. Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism. IEEE Access. 2019;7:56329–56340. https://doi.org/10.1109/ACCESS.2019.2913705

13. Zhu E., Ju Y., Chen Z., Liu F., Fang X. DTOF-ANN: An artificial neural network masquerading detection model based on decision tree and optimal features. Appl. Soft Comput. 2020;95:106505. https://doi.org/10.1016/j.asoc.2020.106505

14. Lashkari A.H., Draper-Gil G., Mamun M.S.I., Ghorbani A.A. Characterization of tor traffic using timebased features. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP). 2017, February. P. 253–262. https://doi.org/10.5220/0006105602530262

15. Nazarov A.N., Sychev A.K., Voronkov I.M. The role of datasets when building next generation intrusion detection systems. In: 2019 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). IEEE; 2019. https://doi.org/10.1109/WECONF.2019.8840124

16. Pantiukhin D., Nazarov A., Voronkov I.M. Intelligent methods for intrusion detection in local area networks. In: Pozin B., Cavalli A.R., Petrenko A. (Eds.). Actual Problems of System and Software Engineering. Proceedings of the 6th International Conference (APSSE 2019). Moscow; 2019. P. 138–149. URL: http://ceur-ws.org/Vol-2514/paper84.pdf

17. Dhoot A., Zong B., Saeed M.S., Singh K. Security analysis of private intellectual property. In: 2021 International Conference on Engineering Management of Communication and Technology (EMCTECH). IEEE; 2021. https://doi.org/10.1109/EMCTECH53459.2021.9619179