Harnessing Decision Tree-guided Dynamic Oversampling for Intrusion Detection
Received: 27 June 2024 | Revised: 26 July 2024 and 12 August 2024 | Accepted: 18 August 2024 | Online: 18 September 2024
Corresponding author: Ritinder Kaur
Abstract
Imbalanced datasets present a significant challenge in the realm of intrusion detection, as the rare attacks are often overshadowed by the normal instances. To tackle this issue, it is essential to utilize the various strategies of imbalanced learning that aim to mitigate the effects of class imbalance and improve the performance of intrusion detection systems. One effective approach for dealing with class imbalance is through data augmentation methods like the Synthetic Minority Oversampling Technique (SMOTE). This research presents a novel data resampling approach that performs adaptive synthetic sampling on rare and complex samples by using decision boundaries. The benchmark dataset NSL-KDD was used to evaluate and validate the effectiveness of this approach. The experimental results demonstrated a significant improvement in the detection accuracy of rare classes, achieving 42% for u2r instances and 83% for r2l instances.
Keywords:
imbalanced learning, NSL-KDD, intrusion detection, oversamplingDownloads
References
F. Provost, "Machine Learning from Imbalanced Data Sets 101," presented at the AAAI’2000 Workshop on Imbalanced Data Sets, 2000.
B. Krawczyk, "Learning from imbalanced data: open challenges and future directions," Progress in Artificial Intelligence, vol. 5, no. 4, pp. 221–232, Nov. 2016.
D. Elreedy and A. F. Atiya, "A Comprehensive Analysis of Synthetic Minority Oversampling Technique (SMOTE) for handling class imbalance," Information Sciences, vol. 505, pp. 32–64, Dec. 2019.
M. Machoke, J. Mbelwa, J. Agbinya, and A. E. Sam, "Performance Comparison of Ensemble Learning and Supervised Algorithms in Classifying Multi-label Network Traffic Flow," Engineering, Technology & Applied Science Research, vol. 12, no. 3, pp. 8667–8674, Jun. 2022.
N. V. Chawla, A. Lazarevic, L. O. Hall, and K. W. Bowyer, "SMOTEBoost: Improving Prediction of the Minority Class in Boosting," in 7th European Conference on Principles and Practice of Knowledge Discovery in Databases, Dubrovnik, Croatia, Sep. 2003, pp. 107–119.
C. Seiffert, T. M. Khoshgoftaar, J. Van Hulse, and A. Napolitano, "RUSBoost: A Hybrid Approach to Alleviating Class Imbalance," IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, vol. 40, no. 1, pp. 185–197, Jan. 2010.
M. Lamari et al., "SMOTE–ENN-Based Data Sampling and Improved Dynamic Ensemble Selection for Imbalanced Medical Data Classification," in Advances on Smart and Soft Computing, F. Saeed, T. Al-Hadhrami, F. Mohammed, and E. Mohammed, Eds. New York, NY, USA: Springer, 2021, pp. 37–49.
R. Kaur and N. Gupta, "An Empirical Study on Imbalanced Learning in Intrusion Detection Using Random Tree Classifier," in International Conference on Augmented Intelligence and Sustainable Systems, Trichy, India, Nov. 2022, pp. 944–949.
Y. Wang, M. M. Rosli, N. Musa, and F. Li, "Multi-Class Imbalanced Data Classification: A Systematic Mapping Study," Engineering, Technology & Applied Science Research, vol. 14, no. 3, pp. 14183–14190, Jun. 2024.
N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, "SMOTE: Synthetic Minority Over-sampling Technique," Journal of Artificial Intelligence Research, vol. 16, pp. 321–357, Jun. 2002.
T. Wongvorachan, S. He, and O. Bulut, "A Comparison of Undersampling, Oversampling, and SMOTE Methods for Dealing with Imbalanced Classification in Educational Data Mining," Information, vol. 14, no. 1, Jan. 2023, Art. no. 54.
D. Bajer, B. Zonc, M. Dudjak, and G. Martinovic, "Performance Analysis of SMOTE-based Oversampling Techniques When Dealing with Data Imbalance," in International Conference on Systems, Signals and Image Processing, Osijek, Croatia, Jun. 2019, pp. 265–271.
H. Han, W.-Y. Wang, and B.-H. Mao, "Borderline-SMOTE: A New Over-Sampling Method in Imbalanced Data Sets Learning," in International Conference on Intelligent Computing, Hefei, China, Aug. 2005, pp. 878–887.
H. He, Y. Bai, E. A. Garcia, and S. Li, "ADASYN: Adaptive synthetic sampling approach for imbalanced learning," in International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), Hong Kong, China, Jun. 2008, pp. 1322–1328.
C. Bunkhumpornpat, K. Sinapiromsaran, and C. Lursinsap, "Safe-Level-SMOTE: Safe-Level-Synthetic Minority Over-Sampling TEchnique for Handling the Class Imbalanced Problem," in Pacific-Asia Conference on Knowledge Discovery and Data Mining, Bangkok, Thailand, Apr. 2009, pp. 475–482.
M. A. H. Farquad and I. Bose, "Preprocessing unbalanced data using support vector machine," Decision Support Systems, vol. 53, no. 1, pp. 226–233, Apr. 2012.
L. Sun, M. Li, W. Ding, E. Zhang, X. Mu, and J. Xu, "AFNFS: Adaptive fuzzy neighborhood-based feature selection with adaptive synthetic over-sampling for imbalanced data," Information Sciences, vol. 612, pp. 724–744, Oct. 2022.
J. Li, Y. Liu, and Q. Li, "Intelligent fault diagnosis of rolling bearings under imbalanced data conditions using attention-based deep learning method," Measurement, vol. 189, Feb. 2022, Art. no. 110500.
Y. Liu, G. Wu, W. Zhang, and J. Li, "Federated Learning-Based Intrusion Detection on Non-IID Data," in International Conference on Algorithms and Architectures for Parallel Processing, Copenhagen, Denmark, Oct. 2022, pp. 313–329.
K. A. ElDahshan, A. A. AlHabshy, and B. I. Hameed, "Meta-Heuristic Optimization Algorithm-Based Hierarchical Intrusion Detection System," Computers, vol. 11, no. 12, Dec. 2022, Art. no. 170.
S. Barua, Md. M. Islam, X. Yao, and K. Murase, "MWMOTE–Majority Weighted Minority Oversampling Technique for Imbalanced Data Set Learning," IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 2, pp. 405–425, Oct. 2014.
G. Douzas and F. Bacao, "Geometric SMOTE a geometrically enhanced drop-in replacement for SMOTE," Information Sciences, vol. 501, pp. 118–135, Oct. 2019.
G. Douzas, F. Bacao, and F. Last, "Improving imbalanced learning through a heuristic oversampling method based on k-means and SMOTE," Information Sciences, vol. 465, pp. 1–20, Oct. 2018.
S. Divakar, A. Bhattacharjee, and R. Priyadarshini, "Smote-DL: A Deep Learning Based Plant Disease Detection Method," in 6th International Conference for Convergence in Technology, Maharashtra, India, Apr. 2021.
H. Y. I. Khalid and N. B. I. Aldabagh, "A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments," Engineering, Technology & Applied Science Research, vol. 14, no. 2, pp. 13190–13200, Apr. 2024.
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, Jul. 2009.
R. Kaur and N. Gupta, "CFS-MHA: A Two-Stage Network Intrusion Detection Framework," International Journal of Information Security and Privacy, vol. 16, no. 1, pp. 1–27, Jan. 2022.
R. Greiner, A. J. Grove, and D. Roth, "Learning cost-sensitive active classifiers," Artificial Intelligence, vol. 139, no. 2, pp. 137–174, Aug. 2002.
A. Parmar, R. Katariya, and V. Patel, "A Review on Random Forest: An Ensemble Classifier," in International Conference on Intelligent Data Communication Technologies and Internet of Things, Coimbatore, India, Aug. 2018, pp. 758–763.
P. Bedi, N. Gupta, and V. Jindal, "Siam-IDS: Handling class imbalance problem in Intrusion Detection Systems using Siamese Neural Network," Procedia Computer Science, vol. 171, pp. 780–789, Jan. 2020.
S. Sapre, K. Islam, and P. Ahmadi, "A Comprehensive Data Sampling Analysis Applied to the Classification of Rare IoT Network Intrusion Types," in 18th Annual Consumer Communications & Networking Conference, Las Vegas, NV, USA, Jan. 2021.
J.-E. Yoon and K. Kim, "Comparison of Dimensional Reduction and Oversampling Methods for Efficient Network Anomaly Detection," Journal of Digital Contents Society, vol. 24, no. 3, pp. 583–591, Mar. 2023.
Y. Fu, Y. Du, Z. Cao, Q. Li, and W. Xiang, "A Deep Learning Model for Network Intrusion Detection with Imbalanced Data," Electronics, vol. 11, no. 6, Jan. 2022, Art. no. 898.
T. Wu, H. Fan, H. Zhu, C. You, H. Zhou, and X. Huang, "Intrusion detection system combined enhanced random forest with SMOTE algorithm," EURASIP Journal on Advances in Signal Processing, vol. 2022, no. 1, May 2022, Art. no. 39.
A. O. Arik and G. C. Cavdaroglu, "An Intrusion Detection Approach based on the Combination of Oversampling and Undersampling Algorithms," Acta Infologica, vol. 7, no. 1, pp. 125–138, Jan. 2024.
Downloads
How to Cite
License
Copyright (c) 2024 Ritinder Kaur, Neha Gupta
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
