Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things
Detecting cyber-security attacks is still a challenging task. This is due to the evolving nature of the attacks. On the other hand, existing stream data learning models with limited labelling have many limitations. Most importantly, algorithms that suffer from a limited capability to adapt to the...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2022
|
Subjects: | |
Online Access: | http://psasir.upm.edu.my/id/eprint/113138/1/113138.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my-upm-ir.113138 |
---|---|
record_format |
uketd_dc |
spelling |
my-upm-ir.1131382024-10-28T01:46:27Z Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things 2022-10 Hadi, Ahmed Adnan Detecting cyber-security attacks is still a challenging task. This is due to the evolving nature of the attacks. On the other hand, existing stream data learning models with limited labelling have many limitations. Most importantly, algorithms that suffer from a limited capability to adapt to the evolving nature of data generated from network traffic are called concept drift. Hence, the algorithm must overcome the problem of dynamic updates in the internal parameters or counter the concept drift. Existing literature relies on offline trained models or incremental learning models. The former suffers from partially or fully outdated knowledge after drift occurrence, and the latter suffers from the constraints of the pre-defined hyper-parameter of the model. Thus, using neural network-based semi-supervised stream data learning is inadequate due to capture the changes in the distribution and characteristics of various classes of data while avoiding the effect of the outdated stored knowledge in neural networks (NN). Therefore, we propose a prominent approach that integrates each of the NN, a meta-heuristic based on an evolutionary genetic algorithm (GA), and a core online-offline clustering (Core). The system trains the NN on previously labelled data, and its knowledge is used to calculate the core online-offline clustering block error. Genetic optimisation is responsible for selecting the best parameters of the core clustering to minimise the error. In doing so, the old knowledge can be preserved dynamically to overcome the concept drift. Nevertheless, the various components embedded in the hyperheuristic models have created concern about the model's efficiency and whether it is an over-fitting or under-fitting free performance. Therefore, the core classifier in the hyper-heuristic approach of Intrusion Detection System (IDS) is developed to the parallel structure NN. This enables more controllability of reaching optimal learning without falling into sub-optimality because of over-fitting or under-fitting. In addition, it is considered that existing solutions do not provide a feature driftaware solution to the concept drift adaptable solution, which exploits the fact that many of the original features are non-relevant. Here, the memory consumption can be reduced by enabling a feature selection algorithm that excludes nonrelevant features and preserves the relevant ones. the algorithm is developed based on the variable length of the PSO. The reason for using variable length searching is its effectiveness in searching for high dimensional space and reducing the number of candidates' features. This is done by segmenting the space into parts after sorting the features based on their relevance. The algorithms were examined on two real datasets, namely, NSL-KDD and Landsat. The experimental results showed that the accuracy of the algorithm over the NSL-KDD dataset was 99.72%, with a memory reduction of 10%. Furthermore, this was accomplished with only 25 neurons which means a reduction of the number of neurons by a percentage of 75%. Hence, this provides a handling of the effectiveness and efficiency dilemma, which is considered a need in IoT networks. Other than that, a decrease in memory has assisted in generating better accuracy performance with more memory efficiency. Internet of things - Security measures Computer networks - Security measures Intrusion detection systems (Computer security) 2022-10 Thesis http://psasir.upm.edu.my/id/eprint/113138/ http://psasir.upm.edu.my/id/eprint/113138/1/113138.pdf text en public doctoral Universiti Putra Malaysia Internet of things - Security measures Computer networks - Security measures Intrusion detection systems (Computer security) Muhammed, Abdullah |
institution |
Universiti Putra Malaysia |
collection |
PSAS Institutional Repository |
language |
English |
advisor |
Muhammed, Abdullah |
topic |
Internet of things - Security measures Computer networks - Security measures Intrusion detection systems (Computer security) |
spellingShingle |
Internet of things - Security measures Computer networks - Security measures Intrusion detection systems (Computer security) Hadi, Ahmed Adnan Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
description |
Detecting cyber-security attacks is still a challenging task. This is due to the
evolving nature of the attacks. On the other hand, existing stream data learning
models with limited labelling have many limitations. Most importantly, algorithms
that suffer from a limited capability to adapt to the evolving nature of data
generated from network traffic are called concept drift. Hence, the algorithm
must overcome the problem of dynamic updates in the internal parameters or
counter the concept drift. Existing literature relies on offline trained models or
incremental learning models. The former suffers from partially or fully outdated
knowledge after drift occurrence, and the latter suffers from the constraints of
the pre-defined hyper-parameter of the model.
Thus, using neural network-based semi-supervised stream data learning is
inadequate due to capture the changes in the distribution and characteristics of
various classes of data while avoiding the effect of the outdated stored
knowledge in neural networks (NN). Therefore, we propose a prominent
approach that integrates each of the NN, a meta-heuristic based on an
evolutionary genetic algorithm (GA), and a core online-offline clustering (Core).
The system trains the NN on previously labelled data, and its knowledge is used
to calculate the core online-offline clustering block error. Genetic optimisation is
responsible for selecting the best parameters of the core clustering to minimise
the error.
In doing so, the old knowledge can be preserved dynamically to overcome the
concept drift. Nevertheless, the various components embedded in the hyperheuristic
models have created concern about the model's efficiency and whether
it is an over-fitting or under-fitting free performance. Therefore, the core classifier
in the hyper-heuristic approach of Intrusion Detection System (IDS) is developed
to the parallel structure NN. This enables more controllability of reaching optimal
learning without falling into sub-optimality because of over-fitting or under-fitting.
In addition, it is considered that existing solutions do not provide a feature driftaware
solution to the concept drift adaptable solution, which exploits the fact that
many of the original features are non-relevant. Here, the memory consumption
can be reduced by enabling a feature selection algorithm that excludes nonrelevant
features and preserves the relevant ones. the algorithm is developed
based on the variable length of the PSO. The reason for using variable length
searching is its effectiveness in searching for high dimensional space and
reducing the number of candidates' features. This is done by segmenting the
space into parts after sorting the features based on their relevance.
The algorithms were examined on two real datasets, namely, NSL-KDD and
Landsat. The experimental results showed that the accuracy of the algorithm
over the NSL-KDD dataset was 99.72%, with a memory reduction of 10%.
Furthermore, this was accomplished with only 25 neurons which means a
reduction of the number of neurons by a percentage of 75%. Hence, this
provides a handling of the effectiveness and efficiency dilemma, which is
considered a need in IoT networks. Other than that, a decrease in memory has
assisted in generating better accuracy performance with more memory
efficiency. |
format |
Thesis |
qualification_level |
Doctorate |
author |
Hadi, Ahmed Adnan |
author_facet |
Hadi, Ahmed Adnan |
author_sort |
Hadi, Ahmed Adnan |
title |
Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
title_short |
Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
title_full |
Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
title_fullStr |
Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
title_full_unstemmed |
Hyper-heuristic approaches for data stream-based iIntrusion detection in the Internet of Things |
title_sort |
hyper-heuristic approaches for data stream-based iintrusion detection in the internet of things |
granting_institution |
Universiti Putra Malaysia |
publishDate |
2022 |
url |
http://psasir.upm.edu.my/id/eprint/113138/1/113138.pdf |
_version_ |
1818586142169104384 |