Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 20

Communication Papers of the 2019 Federated Conference on Computer Science and Information Systems

A Framework for Network Intrusion Detection using Network Programmability and Data Stream Clustering Machine Learning Algorithms

, ,

DOI: http://dx.doi.org/10.15439/2019F87

Citation: Communication Papers of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 20, pages 5763 ()

Full text

Abstract. Several operational security mechanisms have been developed to mitigate malicious activity in the Internet. However, the most these mechanisms require a signature basis and present the inability to predict new malicious activity. Other anomaly-based mechanisms are inefficient due to the possibility of an attacker simulates legitimate traffic, which causes many false alarms. Thus, to overcome that problem, in this paper we present an anomaly-based framework that uses network programmability and machine learning algorithms over continuous data stream. Our approach overcomes the main challenges that occur when develop an anomaly-based system using machine learning techniques. We have done an experimental evaluation to demonstrate the feasibility of the proposed framework. In the experiments, we use a DDoS attack as network intrusion and we show that the technique attains an Accuracy of 98.98\%, a Recall of 60\%, a Precision of 60\% and an FPR of 0.48\% for 1\% DDoS attack on the real normal traffic. This shows the effectiveness of our technique.


  1. B. Sun, L. Osborne, Y. Xiao, et al. Intrusion detection techniques in mobile ad hoc and wireless sensor networks. IEEE Wirel Commun 2007; 14: 56–63.
  2. V. Paxson. Bro: a system for detecting network intruders in real-time. Comput Netw 1999; 31(23): 2435–2463.
  3. J.B. Cabrera, L. Lewis, X. Qin et al. Proactive detection of distributed denial of service attacks using MIB traffic variables—a feasibility study. In: Proceedings of the 2001 IEEE/IFIP international symposium on integrated network management, Seattle, WA, 14–18 May 2001, pp.609–622. New York: IEEE.
  4. M. Roesch. Snort: lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX conference on system administration, Seattle, WA, 7–12 November 1999. Berkeley, CA: USENIX Association.
  5. C.M. Cheng, H. Kung and K.S. Tan. Use of spectral analysis in defense against DoS attacks. In: Proceedings of the IEEE global telecommunications conference, 2002 (GLOBECOM’ 02), Taipei, Taiwan, 17–21 November 2002, vol. 3, pp.2143–2148. New York: IEEE.
  6. A. Hussain, J. Heidemann and C. Papadopoulos. A framework for classifying denial of service attacks. In: Proceedings of the 2003 conference on applications, technologies, architectures, and protocols for computer communications, Karlsruhe, 25–29 August 2003, pp.99–110. New York: ACM.
  7. A. Hussain, J. Heidemann and C. Papadopoulos. Identification of repeated denial of service attacks. In: Proceedings of the 25th IEEE international conference on computer communications (INFOCOM 2006), Barcelona, 23–29 April 2006, pp.1–15. New York: IEEE.
  8. C. Gates and C. Taylor, “Challenging the Anomaly Detection Paradigm: A Provocative Discussion,” in Proc: Workshop on New Security Paradigms, 2007.
  9. R. Sommer and V. Paxson, “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection”, In Proc. of IEEE Symposium on Security and Privacy, pp. 305-316, 2010.
  10. J. Zhang and M. Zulkernine, “Anomaly based network intrusion detection with unsupervised outlier detection,” in Proc. 2006 IEEE International Conference on Communications (ICC), 2006, vol. 5, pp. 2388-2393.
  11. N. Devarakonda, S. Pamidi, V. V. Kumari, and A. Govar­dhan,“Outliers Detection as Network Intrusion Detection System Using Multi Layered Framework,” in Advances in Computer Science and Information Technology, Communications in Computer and Information Science Vol. 131, 2011, pp. 101-111.
  12. D. Kershaw, Q. Gao, and H. Wang, “Anomaly-based network intrusion detection using outlier subspace analysis: A case study,” in Advances in Artificial Intelligence, Lecture Notes in Computer Science Vol. 6657, 2011, pp. 234-239.
  13. W. Da and H. S. Ting, “Distributed intrusion detection based on outlier mining,” in Proc. 2012 International Conference on Communication, Electronics and Automation Engineering (ICCEAE), Advances in Intelligent Systems and Computing Vol. 181, 2013, pp. 343-348.
  14. P. Manandhar, and Z. Aung. “Intrusion Detection Based on Outlier Detection Method”. Intl' conference on Intelligent Systems, Data Mining and Information Technology (ICIDIT’2014) April 21-22, 2014 Bangkok (Thailand)
  15. R. M. A. C. Mello; A. R. L. Ribeiro; F. M. Almeida, and E. D. Moreno.“Mitigating attacks in the Internet of Things with a Self-protecting Architecture”. In: AICT 2017 - The 30th Advanced International Conference on elecommunications, 2017, Venice. Proc. of AICT 2017. Paris: IARIA, v.1. p. 1-6, 2017.
  16. F. M. Almeida; A. R. L. Ribeiro; E. D. Moreno; and C. A. E. Montesco. . “Performance Evaluation of an Artificial Neural Network Multilayer Perceptron with Limited Weights for Detecting Denial of Service Attack on Internet of Things”. In: In: AICT 2016 - The 12th Advanced International Conference on Telecommunications, Valencia. Proc. of AICT 2016. Paris, France: IARIA XPS Press, v. 1. p. 1-6, 2016.
  17. V. Chandola, A. Banerjee and V. Kumar. “Anomaly Detection: A Survey”, ACM Computing Surveys, pp 1-72, 2009.
  18. P. Domingos and G. Hulten. A general method for scaling up machine learning algorithms and its application to clustering. In: Proceedings of the Eighteenth International Conference on Machine Learning, p. 106-113, 2001.
  19. J. A. Wickboldt, W. P. de Jesus, P. H. Isolani, C. B. Both, J. Rochol, and L. Z. Granville, “Software-Defined Networking: Management Requirements and Challenges,” IEEE Communications Magazine, vol. 53, no. 1, pp. 278–285, Jan 2015.
  20. D. Kreutz, P. E. Veríssimo, S. Azodolmolky, “Software-Defined Networking: A Comprehensive Survey”, arXiv preprint https://arxiv.org/abs/1406.0440, 2014
  21. J. A. Silva, E. R. Faria, R. C. Barros, E. R. Hruschka, A. C. P. L. F. Carvalho and J. Gama, “Data Stream Clustering: A survey”, ACM Computing Surveys, vol 46, Issue 1, October 2013.
  22. “The OutlierDenStream Algorithm”, https://github.com/anrputina/OutlierDenStream.
  23. F. Cao, M. Ester, W. Qian and A. Zhou, “Density-based Clustering over an Evolving Data Stream SIAM Conference Data Mining, Bethesda, 2006.
  24. M. Ester, H. Kriegel, J. Sander and X. Xu, “A Den-sity-Based Algorithm for Discovering Clusters Spatial Databases with Noise,” International Conference on Knowledge Discovery in Databases and Data Mining (KDD-96), Portland, pp. 226-231, 1996.
  25. A. Ghorbani and A. H. Lashkari, CDMC2018 Dataset: DDoS Attacks Detection for Enterprise Network Security, Canadian Institute for Cybersecurity, University of New Brunswick, http://www.csmining.org/
  26. T. Fawcet, “An introduction to ROC analysis”, Pattern Recognition Letters, p. 861-874, 2005.