A Novel Transfer Extreme Learning Machine from Multiple Sources for Intrusion Detection

Abstract

Abstract Intrusion detection systems (IDSs), as a technology to protect networks from attacks, play a pivotal role in ensuring computer system and network security. Machine learning has been widely used for intrusion detection and achieves good results. Machine learning-based intrusion detection technology requires a large number of labeled data training models, test data and training data to create independent and identical distributions. However, in reality, data distributions are difficult to make consistent, and there are problems such as low detection accuracy, slow model establishment and the need for a large quantity of labor and time cost labeled samples when faced with small samples and new attack behaviors. In response to the above issues, this paper proposes, MultiTLELM, a multisource migration limit learning machine algorithm for network intrusion detection. The algorithm utilizes the multisource migration learning idea to quickly build a high-quality target learning model by migrating knowledge from multiple auxiliary domains (source domains), assisting in labeling target domains that are insufficient or difficult to obtain. MultiTLELM simultaneously adapts the differences in the marginal probability distribution and conditional probability distribution between domain data, improves the classification performance by integrating multisource migration learning into a limit learning machine and improves the detection efficiency by utilizing the fast solving speed of the limit learning machine optimization algorithm. Experiments were conducted on the NSL-KDD, KDD99 and ISCX2012 datasets. The experimental results show that the proposed method improves detection accuracy and efficiency compared to the benchmark algorithm, and also adapts to different intrusion types and attack modes.