An integrated intrusion detection framework based on subspace clustering and ensemble learning

Jingyi Zhu, Xiufeng Liu

Research output: Contribution to journalJournal articleResearchpeer-review

64 Downloads (Pure)

Abstract

In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.
Original languageEnglish
Article number109113
JournalComputers and Electrical Engineering
Volume115
ISSN0045-7906
DOIs
Publication statusPublished - 2024

Keywords

  • Ensemble learning
  • Feature selection
  • Intrusion detection
  • IoT networks
  • Subspace clustering

Fingerprint

Dive into the research topics of 'An integrated intrusion detection framework based on subspace clustering and ensemble learning'. Together they form a unique fingerprint.

Cite this