Enhanced Network Security: An Imbalanced Traffic Intrusion Detection Approach with Machine Learning and Deep Learning

 

Enhanced Network Security: An Imbalanced Traffic Intrusion Detection Approach with Machine Learning and Deep Learning

P. M. Manochitra Assistant Professor

Computer Science and Engineering Shree Venkatershwaraa Hi-Tech Engineering College

Gobi,Erode manochitra64@gmail.com

Jaishri J Student

Computer Science and Engineering Shree Venkatershwaraa Hi-Tech Engineering College

Gobi,Erode jai411153@gmail.com

Kamali V Student

Computer Science and Engineering Shree Venkatershwaraa Hi-Tech Engineering College

Gobi,Erode kamalijeni18@gmail.com

ABSTRACT

Sindhu N Student

Computer Science and Engineering Shree Venkatershwaraa Hi-Tech Engineering College

Gobi,Erode sindhunagaraj389@gmail.com

transferred between linked systems. Given the

The dynamic issues in cyber security are examined via the lens of intrusion detection, using the ADT-SVM (Adaptive Decision Tree-Support Vector Machine) method. In the context of a fast evolving cyber threat scenario assisted by the Internet, the research investigates the use of Machine Learning (ML) approaches, highlighting the importance of data. The researchers index, study, and analyse publications presenting various ML algorithms, with an emphasis on temporal or thermal correlations, while also highlighting widely used network datasets and the issues connected with ML in cyber security. Using the KDD dataset as a benchmark, the project uses the ADT-SVM method to divide data properties into four categories: Basic, Content, Traffic, and Host. Evaluation measures, such as Detection Rate (DR) and False Alarm Rate (FAR), are then used to evaluate the performance of an Intrusion Detection System

keywords: Network Security, Cyber Threats, Anomalies, Machine Learning.

1. INTRODUCTION

   The mitigation and identification of cyber threats have become critical in the ever changing field of network security. Innovative strategies are often required since traditional tactics are unable to keep up with the sophistication of contemporary attackers. Because it can identify patterns and abnormalities in large datasets, machine learning (ML) has become a powerful tool for strengthening network defenses. In order to improve the proactive detection of possible attacks, this introduction investigates the integration of machine learning techniques in the context of network security. Through the utilization of sophisticated algorithms, machine learning (ML) presents the prospect of more flexible, effective, and expandable solutions, ushering in a new phase of increased cyber-attack resistance.

   1. NETWORK SECURITY

      Network security is an essential component of digital environments, protecting the availability, confidentiality, and integrity of data

      widespread reliance on interconnected networks in today’s world, it is more important than ever to protect these infrastructures from a wide range of potential dangers. Network security is a complex field that includes the use of intrusion detection systems, encryption protocols, firewalls, and other strong defenses. Malicious actors’ techniques also evolve with technology, therefore network security strategies must stay innovative and constantly changing. This introduction explores the core significance of network security and clarifies its function as the first line of defense against a wide range of cyber threats that aim to take advantage of weaknesses in the complex web of interconnected digital ecosystems.

      Figure 1 Network Security

   2. CYBER THREATS

      Cyber dangers are a real concern to the integrity and security of information systems in our digitally connected and interconnected society. Cyber threats comprise a broad range of malevolent actions planned by

      individuals, collectives, or states with the aim of jeopardizing privacy, causing disruptions, and taking advantage of weaknesses in computer networks. Cyber dangers are constantly changing in terms of sophistication and scope, ranging from advanced hacking methods to social engineering strategies. Our digital infrastructure is interconnected, which increases the potential effect of these risks and makes them a widespread worry for governments, businesses, and individuals. This introduction examines the complexity of cyber threats and highlights the need for all- encompassing cyber security solutions to reduce risks and protect the integrity of our data-driven and more interconnected society.

      Figure 2 Cyber Threat

   3. ANOMALIES

      Anomalies are variations or abnormalities from the expected or usual patterns in a variety of disciplines, including data analysis, system monitoring, and network security. These variations may point to underlying problems, possible hazards, or areas in which more research may be needed. Anomalies can indicate anything from mistakes in data collection to new and previously unknown patterns, making them important signals that require attention. Finding and interpreting abnormalities is critical in a variety of domains, from spotting possible security breaches in network data to detecting irregularities in financial transactions. The relevance of anomalies as departures from the norm is examined in this introduction, with a focus on how they can reveal hidden patterns, possible dangers, and areas that need more research in a variety of analytical and surveillance domains.

2. LITERATURE REVIEW

   In this study, Abebe Diro [1] et al. have proposed The vast array of smart gadgets that make up the Internet of Things (IoT) are able to gather, store, process, and communicate data. The Internet of Things’ adoption has created a wealth of potential for innovation in businesses, homes, the environment, and industries. However, worries about widespread adoption and applications have been raised by the IoT’s inherent

   weaknesses. In contrast to conventional IT systems, the Internet of Things (IoT) ecosystem presents security challenges because of the distributed nature of smart devices, resource limitations, and heterogeneity. As a result, host-based preventive techniques like antivirus and anti-malware software cannot be used. Due to these difficulties and the nature of Internet of Things applications, monitoring systems like anomaly detection are required at the device and network levels, extending beyond organizational boundaries. This implies that, compared to other security measures, anomaly detection systems are in a strong position to secure Internet of Things devices. Our goal in this study is to present a thorough analysis of previous efforts in creating machine learning-based anomaly detection systems for IoT system security. Furthermore, we show that blockchain-based anomaly detection systems are able to jointly develop efficient machine learning models for anomaly detection.

   In this work, Kewen Li [2] et al. have proposed A popular ensemble learning framework, the Adaptive Boosting (Ada Boost) algorithm produces strong classification results on a variety of datasets. Unfortunately, because the Ada Boost technique is primarily meant to process misclassified samples rather than samples of minority classes, it can be difficult to apply it directly to imbalanced data. This paper proposes an improved Ada Boost algorithm (Ada Boost-A) based on AUC, which improves the error calculation performance of the Ada Boost algorithm by comprehensively considering the effects of misclassification probability and AUC. The purpose of introducing the indicator Area Under Curve (AUC) is to better process imbalanced data. In order to mitigate the generation of redundant or useless weak classifiers by the traditional Ada Boost algorithm, this paper presents PSOPD-Ada Boost-A, an ensemble algorithm that can optimize the coefficients of Ada Boost weak classifiers and re-initialize parameters to prevent falling into local optimum.

   In this paper, Mengyao Zhu [3] et al. have proposed These days, ensemble learning is a widely used technique in machine learning-based intrusion detection systems to increase detection accuracy. Sadly, the accumulation and reuse of past information, as well as the susceptibility of the detection model to various forms of attacks, have not been taken into account in the studies that have already been done, which results in low detection accuracy. This research suggests a model based on sustainable ensemble learning to address the problem. During the model training phase, we construct multi-class regression models that enable ensemble learning to adapt to various threats by using the probability output and classification confidence of each individual classifier as the training data. Additionally, an iterative updating strategy is described for the updating step, wherein the parameters and decision outcomes of the historical model are included into the new ensemble model’s training process to achieve incremental learning. The findings of the experiment demonstrate that the suggested model performs noticeably better in terms of detection accuracy, false alarm, stability, and robustness

   than the current solutions. As network-based computer services and applications progress, there is a growing number of security threats on the Internet.

   In this paper, Jinjie Liu [4] et al. have proposed Significant increases in wireless network traffic result from the integration of mobile technologies and Internet of Things (IoT) enabled devices into our daily lives, which has led to the generation of a vast scale of high dimensional network log data. This has created difficulties for Wi-Fi network security systems, which must now evaluate extremely complicated huge data in order to detect intrusions. Intrusion Detection Systems (IDS) with machine learning capabilities are a frequent feature of many Wi-Fi network systems. These IDS typically use supervised techniques that primarily rely on human experts’ observations throughout the training data classification process’ labeling, feature extraction, and feature selection stages. In this study, we propose an unsupervised approach with automatic feature extraction and selection process to replace human intervention and manual labelling process for analysing a large scale high dimensional data to improve the prediction accuracy of classification to detect the three most common types of network attacks: injection, flooding, and impersonate attacks in an IDS with a large scale of high dimensional data. This is done using the recently collected Aegean Wi-Fi Intrusion Dataset (AWID), which contains real traces of different types of network attacks.

   In this research, Leila Mohammad pour [5] et al. have proposed Internet applications have developed and become increasingly popular during the last few years. This has made the need for secure Internet networks even more imperative. Network security depends on intrusion detection systems (IDSs), which use artificial intelligence (AI) techniques. Deep learning (DL) techniques are being successfully used in IDSs as a subfield of AI. Convolutional neural networks (CNNs) are a popular type of deep learning neural network structure that are used to handle complex data. CNN is widely utilized in intrusion detection systems (IDSs) and circumvents the usual drawbacks of traditional machine learning techniques. IDSs use a variety of CNN-based techniques to address security risks and privacy concerns. Nevertheless, to the best of our knowledge, no thorough surveys of IDS programs have made use of CNN. In order to improve our comprehension of the several applications of the CNN in identifying network intrusions, abnormalities, and other forms of attacks, the main focus of this study is on CNN-based intrusion detection systems. This work summarizes the main features and contributions of the examined CNN-IDS techniques by creatively organizing them into different categories.

3. EXISTING SYSTEM

   It was chosen to provide an interconnection strategy that permits information sharing and communication relationships without the need for human intervention. The Internet of Things architecture has made it possible for different devices to be connected for a crucial amount of time without the need for human intervention. There are less pre-arranged

   ideas to obtain information, and the amount of information has decreased, which was not the case before. As an illustration, consider enhanced attack and various edges. However, a few theories, such as artificial mindfulness, artificial intelligence, and significant learning, have a lot to say about their potential as well as the verified benefits of preparing heterogeneous information of different estimations and different specialists expected to treat it. Based on the findings, the proposed research project has employed significant learning hypothesis to select a security understanding for the connection of lightweight information; TCP/IP has also been used to regulate information transmission and practice social calculations. In order to come up with a respectable game plan, it is first necessary to consider a model that can identify anomalies in the Internet of Things and take into account recent Internet developments.

4. PROPOSED SYSTEM

The suggested system incorporates sophisticated intrusion detection algorithms into the changing cyber security landscape. The system provides a comprehensive approach to detecting potential security threats by combining a Probability Model for baseline behaviour analysis, a Link-Anomaly Score computation for identifying suspicious network connections, Change Point Analysis and Dynamic Time Warping for detecting shifts in statistical properties and temporal patterns, and the Adaptive Decision Tree-Support Vector Machine (ADT-SVM) algorithm for accurate classification. Using these components, the proposed system intends to improve the adaptability and efficacy of intrusion detection, hence offering a strong defensive mechanism against emerging cyber threats. The ADT- SVM technique has the capacity to learn and categorize a variety of data properties, and the implementation process involves using the KDD dataset as a benchmark to assess the system’s performance. plays a critical part in the proposed system, resulting in a more robust and responsive cyber security architecture.

1. MODULE DESCRIPTION
   1. Probability Model

      This lesson focuses on the creation and use of a probability model for interpreting network data. The probability model most likely evaluates the possibility of specific events or patterns in the data, offering a basic knowledge of the baseline behaviour. By creating a probability distribution, anomalies may be found by deviating from predicted patterns, allowing the system to detect possibly malicious activity.

   2. Calculating the Link-Anomaly Score

      In this module, the system computes link anomaly scores to measure the irregularity of network links or connections. The calculation entails examining several properties related with network connections, such as traffic patterns, communication frequencies, and data transfer volumes.

      Algori thm	Accu racy	Precis ion	Recall	Inte FL scor e
      RF	0.8	0.7	0.97	0.81
      LR	0.84	0.76	0.92	0.83
      ADT- SVM	0.85	0.75	0.96	0.84

       

      A higher link-anomaly score may suggest suspicious or anomalous behaviour, alerting the intrusion detection system to possible security concerns within the network.

   3. Change Point Analysis and DTO

      This subject covers change point analysis and Dynamic Time Warping (DTO) methodologies. Change point analysis seeks to uncover changes or variations in the statistical features of data, which may indicate possible security events. DTO, on the other hand, includes assessing sequence similarity across time to help in the discovery of temporal patterns. Integrating these strategies improves the system’s capacity to adapt to changing cyber threats and detect abnormal activity.

   4. ADT-SVM Detection Method

The ADT-SVM Detection Method module applies the Adaptive Decision Tree-Support Vector Machine (ADT-SVM) algorithm to intrusion detection. This technique combines the flexibility of decision trees with the classification capability of support vector machines. The ADT-SVM model is trained using labeled data to discriminate between normal and abnormal network behaviour. Once trained, it is used to classify incoming data properties into preset categories such as Basic, Content, Traffic, and Host, making it easier to identify possible security concerns on the network. The module will most likely include fine-tuning and improving the ADT-SVM settings to achieve optimal detection performance.

1. RESULT ANALYSIS

   Strong results are obtained from the suggested intrusion detection system’s result analysis. The application of three different machine learning modelsRandom Forest, ADT-SVM, and Linear Regressionshows strong predictive powers. Linear regression, Random Forest, and ADT-SVM have accuracy values of 84%, 80%, and 85%, respectively, highlighting how well the system detects and categorizes network intrusions. The ADT-SVM component’s exceptionally high accuracy score attests to its remarkable ability to identify and mitigate harmful actions within computer networks. The study of the results highlights the strategic importance and dependability of the suggested

   system, confirming its potential as an effective instrument for bolstering cyber security in the face of dynamic threats to network integrity.

   Table 1. Table Comparison

   Figure 3. Comparison Graph

2. CONCLUSION

To summarize, the presented cyber security framework, which includes modules such as the Probability Model, Link-Anomaly Score computation, Change Point Analysis with Dynamic Time Warping, and the Adaptive Decision Tree- Support Vector Machine (ADT-SVM) algorithm, forms a comprehensive and adaptive intrusion detection system. This system successfully identifies possible security vulnerabilities by tackling the changing difficulties of the cyber threat landscape using probabilistic analysis, anomaly scoring, and machine learning. The incorporation of modern methodologies, as well as the use of the ADT-SVM algorithm, let the system adapt to and learn from developing cyber threats. The suggested paradigm not only provides a multifaceted approach to intrusion detection, but it also underlines the significance of continuous adaptation in response to growing cyber security threats.

REFERENCES

1. Intrusion detection systems in the Internet of Things: A thorough research, S. Hajiheidari, K. Wakil, M. Badri, and N. J. Navimipour, Comput. Netw., vol. 160, pp. 165191, Sep. 2019.
2. “Ransomware detection and mitigation using software-defined networking: The case of WannaCry,” by M. Akbanov, V. G. Vassilakis, and

   M. D. Logothetis, published in Computer Science and Electrical Engineering, vol. 76, pp. 111121, June 2019.

3. “A semi-boosted nested model with sensitivity- based weighted binarization for multi-domain network intrusion detection,” by J. W. Mikhail, J. M. Fossaceca, and R. Iammartino Published May 27, 2019, in ACM Trans. Intell. Syst. Technol., vol. 10, no. 3.
4. “Improved PSO Gadabouts ensemble algorithm for imbalanced data,” by K. Li, G. Zhou, J. Zhai, F.

   Li, and M. Shoo Sensors, March 2019, vol. 19, no. 6,

   p. 1476 In Proc. IEEE

5. Smart World, Ubiquitous Intell. Comput., Adv. Trusted Comput., Scalable Comput. Commun., Cloud Big Data Comput., Internet People Smart City Innov.(SmartWorld/SCALCOM/UIC/ATC/CBDCo m/IOP/SCI), Aug. 2019, pp. 14001405, J. Liu and

   S. S. Chung, “Automatic feature extraction and selection for machine learning based intrusion detection,”

6. Anomaly network-based intrusion detection system employing a dependable hybrid artificial bee colony and AdaBoost algorithms, by M. Mazini, B. Shirazi, and I. Mahdavi, published in J. King Saud Univ.-Comput. Inf. Sci., vol. 31, no. 4, pp. 541553,

   Oct. 2019.

7. The evolution of Ethernet Passive Optical Network (EPON) and future trends, Obite, E. T. Jaja,

   G. Ijeomah, and K. I. Jahun, Optik, vol. 167, pp. 103120, Aug. 2018.

8. D. Yoo, P. D., Kim, K., H. C. Tanuwidjaja, E. Aminanto, R. Choi, and Weighted feature selection for Wi-Fi impersonator detection, deep abstraction, March 2018, 621636 in IEEE Trans. Inf. Forensics Security, vol. 13, no. 3.
9. “Classification by pairwise coupling of imprecise probabilities,” B. Quost and S. Destercke, Pattern Recognition, vol. 77, pp. 412425, May 2020.
10. I-SIamids: an enhanced siam-IDS for managing class imbalance in network-based intrusion detection systems, P. Bedi, N. Gupta, and V. Jindal, Appl. Intell. (2020)

[10]. T Senthil Prakash, V CP, RB Dhumale, A Kiran., “Auto-metric graph neural network for paddy leaf disease classification” – Archives of Phytopathology and Plant Protection, 2023.

[11] T Senthil Prakash, G Kannan, S Prabhakaran., “Deep convolutional spiking neural network fostered automatic detection and classification of breast cancer from mammography images”,2023.

1. TS Prakash, SP Patnayakuni, S Shibu., “Municipal Solid Waste Prediction using Tree Hierarchical Deep Convolutional Neural Network Optimized with Balancing Composite Motion Optimization Algorithm” – Journal of Experimental & Theoretical Artificial , 2023
2. TS Prakash, AS Kumar, CRB Durai, S Ashok., “Enhanced Elman spike Neural network optimized with flamingo search optimization algorithm espoused lung cancer classification from CT images”

– Biomedical Signal Processing and Control, 2023. [14]R. Senthilkumar, B. G. Geetha, (2020), Asymmetric Key Blum-Goldwasser Cryptography for Cloud Services Communication Security, Journal of Internet Technology, vol. 21, no. 4 , pp. 929-939. [15]Senthilkumar, R., et al. “Pearson Hashing B-Tree With Self Adaptive Random Key Elgamal Cryptography For Secured Data Storage And Communication In Cloud.” Webology 18.5 (2021):

4481-4497

1. Anusuya, D., R. Senthilkumar, and T. Senthil Prakash. “Evolutionary Feature Selection for big data

   processing using Map reduce and APSO.” International Journal of Computational Research and Development (IJCRD) 1.2 (2017): 30-35.

2. Senthilkumar, R., et al. “Pearson Hashing B- Tree With Self Adaptive Random Key Elgamal Cryptography For Secured Data Storage And Communication In Cloud.” Webology 18.5 (2021):

4481-4497