Reduction of False Positives in Intrusion Detection Based on Extreme Learning Machine with Situation Awareness

Author

Donald A. Burgio, Nova Southeastern UniversityFollow

Date of Award

2019

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Engineering and Computing

Advisor

James L. Cannady

Committee Member

Paul S. Cerkez

Committee Member

Wei Li

Keywords

artificial intelligence, computer science, extreme learning machine, false positive reduction, hidden Markov model, information technology, network intrusion detection, situation awareness, UNSW-NB15 data set

Abstract

Protecting computer networks from intrusions is more important than ever for our privacy, economy, and national security. Seemingly a month does not pass without news of a major data breach involving sensitive personal identity, financial, medical, trade secret, or national security data. Democratic processes can now be potentially compromised through breaches of electronic voting systems. As ever more devices, including medical machines, automobiles, and control systems for critical infrastructure are increasingly networked, human life is also more at risk from cyber-attacks. Research into Intrusion Detection Systems (IDSs) began several decades ago and IDSs are still a mainstay of computer and network protection and continue to evolve. However, detecting previously unseen, or zero-day, threats is still an elusive goal. Many commercial IDS deployments still use misuse detection based on known threat signatures. Systems utilizing anomaly detection have shown great promise to detect previously unseen threats in academic research. But their success has been limited in large part due to the excessive number of false positives that they produce.

This research demonstrates that false positives can be better minimized, while maintaining detection accuracy, by combining Extreme Learning Machine (ELM) and Hidden Markov Models (HMM) as classifiers within the context of a situation awareness framework. This research was performed using the University of New South Wales - Network Based 2015 (UNSW-NB15) data set which is more representative of contemporary cyber-attack and normal network traffic than older data sets typically used in IDS research. It is shown that this approach provides better results than either HMM or ELM alone and with a lower False Positive Rate (FPR) than other comparable approaches that also used the UNSW-NB15 data set.

NSUWorks Citation

Donald A. Burgio. 2019. Reduction of False Positives in Intrusion Detection Based on Extreme Learning Machine with Situation Awareness. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Engineering and Computing. (1093)
https://nsuworks.nova.edu/gscis_etd/1093.