A parallel algorithm for network traffic anomaly detection based on Isolation Forest

Tao, Xiaoling; Peng, Yang; Zhao, Feng; Zhao, Peichao; Wang, Yong

doi:10.1177/1550147718814471

Cited by 45 publications

(16 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results outperformed the normal LOF and ISOF results when performed separately. Xiaoling et al [ 36 ] proposed SPIF (Isolation Forest and Spark), which works well with parallelization. Further broadening the aspect into an ensemble learning, Elghazel et al [ 37 ] proposed a novel technique called Random Cluster Ensemble (RCE), which aimed to identify the out-of-bag feature significance from an ensemble of partitions.…”

Section: Literature Reviewmentioning

confidence: 99%

Towards an Optimized Ensemble Feature Selection for DDoS Detection Using Both Supervised and Unsupervised Method

Saha

Priyoti

Sharma

et al. 2022

Sensors

View full text Add to dashboard Cite

With recent advancements in artificial intelligence (AI) and next-generation communication technologies, the demand for Internet-based applications and intelligent digital services is increasing, leading to a significant rise in cyber-attacks such as Distributed Denial-of-Service (DDoS). AI-based DoS detection systems promise adequate identification accuracy with lower false alarms, significantly associated with the data quality used to train the model. Several works have been proposed earlier to select optimum feature subsets for better model generalization and faster learning. However, there is a lack of investigation in the existing literature to identify a common optimum feature set for three main AI methods: machine learning, deep learning, and unsupervised learning. The current works are compromised either with the variation of the feature selection (FS) method or limited to one type of AI model for performance evaluation. Therefore, in this study, we extensively investigated and evaluated the performance of 15 individual FS methods from three major categories: filter-based, wrapper-based, and embedded, and one ensemble feature selection (EnFS) technique. Furthermore, the individual feature subset’s quality is evaluated using supervised and unsupervised learning methods for extracting a common best-performing feature subset. According to our experiment, the EnFS method outperforms individual FS and provides a universal best feature set for all kinds of AI models.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Towards an Optimized Ensemble Feature Selection for DDoS Detection Using Both Supervised and Unsupervised Method

Saha

Priyoti

Sharma

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Authors [48] find isolation forest useful in finding anomalous data patterns in sensory data generated by IoT environment. Tao et al [49] proposed a method of anomaly detection based on isolation forest and Spark. Instead of using a single machine for anomaly detection, the authors took advantage of the multithread environment of Spark and executed isolation forest in parallel.…”

Section: A Deep Learning Based Idsmentioning

confidence: 99%

Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing

2020

View full text Add to dashboard Cite

Fog Computing has emerged as an extension to cloud computing by providing an efficient infrastructure to support IoT. Fog computing acting as a mediator provides local processing of the endusers' requests and reduced delays in communication between the end-users and the cloud via fog devices. Therefore, the authenticity of incoming network traffic on the fog devices is of immense importance. These devices are vulnerable to malicious attacks. All kinds of information, especially financial and health information travel through these devices. Attackers target these devices by sending malicious data packets. It is imperative to detect these intrusions to provide secure and reliable service to the user. So, an effective Intrusion Detection System (IDS) is essential for the secure functioning of fog without compromising efficiency. In this paper, we propose a method (Auto-IF) for intrusion detection based on deep learning approach using Autoencoder (AE) and Isolation Forest (IF) for the fog environment. This approach targets only binary classification of the incoming packets as fog devices are more concerned about differentiating attack from normal packets in real-time. We validate the proposed method on the benchmark NSL-KDD dataset. Our technique of intrusion detection achieves a high accuracy rate of 95.4% as compared to many other state-of-art intrusion detection methods.

show abstract

“…detection have utilized different tree-based ensemble approaches. The work (Tao, Peng, Zhao, Zhao, & Wang, 2018) made use of Isolation Forests (IFs) to develop an A-NIDS using Spark. In (Dhaliwal, Nahid, & Abbas, 2018), XGBoost was used to develop an IDS for binary classification of normal and attack samples.…”

Section: Literature Reviewmentioning

confidence: 99%

I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems

2020

View full text Add to dashboard Cite

Network-based Intrusion Detection Systems (NIDSs) identify malicious activities by analyzing network traffic. NIDSs are trained with the samples of benign and intrusive network traffic. Training samples belong to either majority or minority classes depending upon the number of available instances. Majority classes consist of abundant samples for the normal traffic as well as for recurrent intrusions. Whereas, minority classes include fewer samples for unknown events or infrequent intrusions. NIDSs trained on such imbalanced data tend to give biased predictions against minority attack classes, causing undetected or misclassified intrusions. Past research works handled this class imbalance problem using data-level approaches that either increase minority class samples or decrease majority class samples in the training data set. Although these data-level balancing approaches indirectly improve the performance of NIDSs, they do not address the underlying issue in NIDSs i.e. they are unable to identify attacks having limited training data only. This paper proposes an algorithm-level approach called Improved Siam-IDS (I-SiamIDS), which is a two-layer ensemble for handling class imbalance problem. I-SiamIDS identifies both majority and minority classes at the algorithm-level without using any data-level balancing techniques. The first layer of I-SiamIDS uses an ensemble of binary eXtreme Gradient Boosting (b-XGBoost), Siamese Neural Network (Siamese-NN) and Deep Neural Network (DNN) for hierarchical filtration of input samples to identify attacks. These attacks are then sent to the second layer of I-SiamIDS for classification into different attack classes using multi-class eXtreme Gradient Boosting classifier (m-XGBoost). As compared to its counterparts, I-SiamIDS showed significant improvement in terms of Accuracy, Recall, Precision, F1score and values of Area Under the Curve (AUC) for both NSL-KDD and CIDDS-001 datasets. To further strengthen the results, computational cost analysis was also performed to study the acceptability of the proposed I-SiamIDS.

show abstract

A parallel algorithm for network traffic anomaly detection based on Isolation Forest

Cited by 45 publications

References 29 publications

Towards an Optimized Ensemble Feature Selection for DDoS Detection Using Both Supervised and Unsupervised Method

Towards an Optimized Ensemble Feature Selection for DDoS Detection Using Both Supervised and Unsupervised Method

Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing

I-SiamIDS: an improved Siam-IDS for handling class imbalance in network-based intrusion detection systems

Contact Info

Product

Resources

About