IEEE Access (Jan 2022)
An Ameliorated Multiattack Network Anomaly Detection in Distributed Big Data System-Based Enhanced Stacking Multiple Binary Classifiers
Abstract
The growth of the Internet of Things (IoT) generates new processing, networking infrastructure, data storage, and management capabilities. This massive volume of data may be used to provide high-value information for decision support and data-intensive science research, etc. However, owing to the nature of IoT in distribution, virtualisation, cloud integration, and internet connectivity, the IoT environment is prone to various cyber-attacks and security issues. Hence, the increasing frequency and potency of recent attacks and constantly evolving attack vectors necessitate the development of improved detection methods. Therefore, this study proposes a distributed computing-based security model to safeguard big data systems. The proposed ensemble multi binary attack model (EMBAM) is an intrusion detection system (IDS) that offers a unique anomaly based IDS to detect normal behaviour and abnormal attack(s), for example, threats in a network. EMBAM ensembles multiple binary classifiers into a single model through stacking. The core binary model is a decision tree classifier with hyperparameters optimised using the grid search method. The use of multiple binary classifiers allows each binary classifier to adopt the limitations of the others. Empirical analysis of the experimental profile of the EMBAM has been discussed with eight-plus state-of-the-art methods using performance metrics, such as accuracy, detection rate, precision, specificity, false alarm rate, and F1-score. EMBAM can recognise multiple attack types as a star plug and play advantageous in a highly dynamic scheme. The proposed approach outperforms existing approaches on the UNSW-NB15 dataset and yields competitive results on the CICIDS2017 dataset.
Keywords
