6533b858fe1ef96bd12b6d0b

RESEARCH PRODUCT

Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation

Jivitesh SharmaMorten GoodwinOle-christoffer GranmoCharul Giri

subject

Artificial intelligencelcsh:Computer engineering. Computer hardwareExtreme learning machineEnsemble methodsComputer scienceBinary numberlcsh:TK7885-7895Feature selection02 engineering and technologyIntrusion detection systemlcsh:QA75.5-76.95Machine learning0202 electrical engineering electronic engineering information engineeringVDP::Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550Multi layerExtreme learning machinebusiness.industryIntrusion detection system020206 networking & telecommunicationsPattern recognitionComputer Science ApplicationsBinary classificationFeature selectionSignal ProcessingSoftmax function020201 artificial intelligence & image processinglcsh:Electronic computers. Computer scienceArtificial intelligencebusinessClassifier (UML)

description

Abstract Recent advances in intrusion detection systems based on machine learning have indeed outperformed other techniques, but struggle with detecting multiple classes of attacks with high accuracy. We propose a method that works in three stages. First, the ExtraTrees classifier is used to select relevant features for each type of attack individually for each (ELM). Then, an ensemble of ELMs is used to detect each type of attack separately. Finally, the results of all ELMs are combined using a softmax layer to refine the results and increase the accuracy further. The intuition behind our system is that multi-class classification is quite difficult compared to binary classification. So, we divide the multi-class problem into multiple binary classifications. We test our method on the UNSW and KDDcup99 datasets. The results clearly show that our proposed method is able to outperform all the other methods, with a high margin. Our system is able to achieve 98.24% and 99.76% accuracy for multi-class classification on the UNSW and KDDcup99 datasets, respectively. Additionally, we use the weighted extreme learning machine to alleviate the problem of imbalance in classification of attacks, which further boosts performance. Lastly, we implement the ensemble of ELMs in parallel using GPUs to perform intrusion detection in real time.

https://doi.org/10.1186/s13635-019-0098-y