ANID-SEoKELM: Adaptive network intrusion detection based on selective ensemble of kernel ELMs with random features

摘要

This paper presents an adaptive network intrusion detection (ANID) method based on the selective ensemble of kernel extreme learning machines (KELMs) with random features (termed ANID-SEoKELM), aiming at identifying various unauthorized uses, misuses and abuses of computer systems in real time. To generate a lightweight intrusion detector, multiple KELMs are learned independently based on the Bagging strategy with sparse random feature representation (SRFR), to reduce noise and redundant or irrelevant information in network connection instances and ensure the diversity of base learners for the effective ensemble of base learners. A marginal distance minimization (MDM)-based selective ensemble (MDMbSE) method is introduced to generate the ultimate intrusion detector. To ensure the adaptability of the intrusion detector, an incremental learning-based detection-model updating procedure is also derived. Extensive validation and comparative experiments on the benchmark KDD99 dataset and a hybrid heterogeneous network simulation platform mixed with wireless networks and Ethernet networks demonstrate that the ANID-SEoKELM is able to adapt to the dynamically changing network environments hence it can achieve higher detection accuracies stably and efficiently than classic single learner-based intrusion detection methods and representative ensemble-based intrusion detection methods. (C) 2019 Elsevier B.V. All rights reserved.