Open Access

ARTICLE

Classification of Adversarial Attacks Using Ensemble Clustering Approach

Pongsakorn Tatongjai¹, Tossapon Boongoen^2,*, Natthakan Iam-On², Nitin Naik³, Longzhi Yang⁴

1 Center of Excellence in AI & Emerging Technologies, School of IT, Mae Fah Luang University, Chiang Rai, Thailand
2 Department of Computer Science, Aberystwyth University, Aberystwyth, United Kingdom
3 School of Informatics and Digital Engineering, Aston University, Birmingham, United Kingdom
4 Department of Computer and Information Sciences, Northumbria University, Newcastle, United Kingdom

* Corresponding Author: Tossapon Boongoen. Email:

Computers, Materials & Continua 2023, 74(2), 2479-2498. https://doi.org/10.32604/cmc.2023.024858

Received 03 November 2021; Accepted 05 May 2022; Issue published 31 October 2022

Abstract

As more business transactions and information services have been implemented via communication networks, both personal and organization assets encounter a higher risk of attacks. To safeguard these, a perimeter defence like NIDS (network-based intrusion detection system) can be effective for known intrusions. There has been a great deal of attention within the joint community of security and data science to improve machine-learning based NIDS such that it becomes more accurate for adversarial attacks, where obfuscation techniques are applied to disguise patterns of intrusive traffics. The current research focuses on non-payload connections at the TCP (transmission control protocol) stack level that is applicable to different network applications. In contrary to the wrapper method introduced with the benchmark dataset, three new filter models are proposed to transform the feature space without knowledge of class labels. These ECT (ensemble clustering based transformation) techniques, i.e., ECT-Subspace, ECT-Noise and ECT-Combined, are developed using the concept of ensemble clustering and three different ensemble generation strategies, i.e., random feature subspace, feature noise injection and their combinations. Based on the empirical study with published dataset and four classification algorithms, new models usually outperform that original wrapper and other filter alternatives found in the literature. This is similarly summarized from the first experiment with basic classification of legitimate and direct attacks, and the second that focuses on recognizing obfuscated intrusions. In addition, analysis of algorithmic parameters, i.e., ensemble size and level of noise, is provided as a guideline for a practical use.

---

Keywords

---