Towards Hybrid Machine Learning Based Feature Extraction for the Detection of Network Attacks

Abstract

Network security is an important and critical issue when transmitting valuable and sensitive information over these networks. Most of the security solutions currently available related to common commercial attack detection systems suffer from difficulties in achieving them because they generate huge numbers of false alerts, the amount of processed data is small, and the detection time is slow. This makes it a complex and almost impossible task for the network security observer, to verify the validity of these alerts in order to take the appropriate actions. Hence the urgent need to explore this problem and find an appropriate solution to it. In this paper, we address this issue by proposing a security approach for a supervised intrusion detection system that has the ability to learn from previous attack examples to detect new attacks by classifying traffic of network packets as either network Attack packets or Normal data packets, and extracting relevant features of network attacks and using them to build classifiers that enable them to identify known attacks in real time. The proposed approach is based on the method of Artificial Neural Networks and Support Vector Machine algorithm that are used in the classification process. The proposed approach is a promising hybrid system for reducing false alarms (negative or positive), because neural networks are able to learn from actual examples. It also contributes to increasing the size of the processor data and the speed in detecting attacks. We verify its validity using the famous data set KDD-CUP99. The results show that the hybrid ANN-SVM model outperforms the ANN and SVM approaches alone in testing the accuracy of learning, processing time, and data Size, Reduce False Positive Alarms, in addition to extracting the Features of attacks.