Using Triple Modular Redundancy for Threshold Determination in DDOS Intrusion Detection Systems

Aleksa N. Maksimovic; Vojkan R. Nikolic; Dejan V. Vidojevic; Milan D. Randjelovic; Slavisa M. Djukanovic; Dragan M. Randjelovic

doi:10.1109/ACCESS.2024.3384380

IEEE Access (Jan 2024)

Using Triple Modular Redundancy for Threshold Determination in DDOS Intrusion Detection Systems

Aleksa N. Maksimovic,
Vojkan R. Nikolic,
Dejan V. Vidojevic,
Milan D. Randjelovic,
Slavisa M. Djukanovic,
Dragan M. Randjelovic

Affiliations

Aleksa N. Maksimovic: ORCiD; Ministry of Interior Affairs of the Republic of Serbia, Belgrade, Serbia
Vojkan R. Nikolic: ORCiD; Department for Informatics and Computing, University of Criminal Investigation and Police Studies, Belgrade, Serbia
Dejan V. Vidojevic: Department for Informatics and Computing, University of Criminal Investigation and Police Studies, Belgrade, Serbia
Milan D. Randjelovic: Science Technology Park Niš, Niš, Serbia
Slavisa M. Djukanovic: Ministry of Interior Affairs of the Republic of Serbia, Belgrade, Serbia
Dragan M. Randjelovic: ORCiD; Faculty of Diplomacy and Security, Univerzitet Union Nikola Tesla, Belgrade, Serbia

DOI: https://doi.org/10.1109/ACCESS.2024.3384380
Journal volume & issue: Vol. 12
pp. 53785 – 53804

Abstract

Read online

This paper describes an Intrusion Detection System (IDS) which uses several existing known IDS algorithms and Triple Modular Redundancy (TMR) algorithm to make decision about eventual existing attack by majority voting in one constructed ensemble model which solves practically the problem of binary classification. Proposed novel model belongs to so called stacking ensemble methods of machine learning algorithms which uses exactly four algorithms from the group of best binary classification algorithms: Decision trees, Naive Bayes, Support Vector Machine, k-nearest neighbors, logistic regression and AdaBoost and is applicable for any similar problem. Using proposed method, we get a more precisely determined threshold than it is case using whatever of in method individual applied algorithm as well as those algorithms that are the state of the art in the field of binary classification. Besides that, one of the main disadvantages of classic TMR used for classification network traffic, which is the problem of bad over-voting was successfully avoided by improving classic TMR with a new algorithm proposed by the authors. Today a denial of service attacks (DoS) and distributed denial of service (DDoS) are one of most present type on Internet and that is why the authors in this paper paid special attention to them and because of that the authors of proposed method chose to use known KAGGLE dataset which contains data of these type of attacks for the examination of quality of proposed IDS method implemented in suitable software. The dataset itself consists of a wide range of simulated intrusions in a military network environment in United States. Obtained results showed that IDS software with implemented proposed method worked precise and timely, which means alarms was trigger properly and efficiently with better results of quality of classification in most important measures than the individual included algorithms who are the state of the art in binary classification.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords