ABSTRACT
The main task of an intrusion detection system (IDS) is to detect anomalous behaviors from both within and outside the network system, and there have been increasing studies applying machine learning in this area. The limitations of using a single classifier in the classification of normal traffic and anomalies (attacks) led to the idea of building hybrid or ensemble models which are more complicated but provide higher accuracy and lower false alarm rate (FAR). The aim of this paper is to improve the performance of IDS by using ensemble methods and feature selection. The ensemble models were built based on the two ensemble techniques, Bagging and Boosting, with the tree-based algorithms as the base classifier. The proposed models were then evaluated using NSL-KDD datasets. The experimental results showed that the bagging ensemble model with J48 as the base classifier produced the best performance in terms of both classification accuracy and FAR when working with the subset of 35 selected features.
- Leo Breiman. 1996. Bagging predictors. Machine learning 24, 2 (1996), 123--140. Google ScholarDigital Library
- Shalinee Chaurasia and Anurag Jain. 2014. Ensemble neural network and k-NN classifiers for intrusion detection. International Journal of Computer Science and Information Technology 5 (2014), 2481--2485.Google Scholar
- Yoav Freund, Robert E Schapire, et al. 1996. Experiments with a new boosting algorithm. In Icml, Vol. 96. 148--156. Google ScholarDigital Library
- Dwarkoba Gaikwad and Ravindra Thool. 2016. DAREnsemble: Decision Tree and Rule Learner Based Ensemble for Network Intrusion Detection System. In Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 1. Springer, 185--193.Google ScholarCross Ref
- M Govindarajan. 2014. Hybrid intrusion detection using ensemble of classification methods. International Journal of Computer Network and Information Security 6, 2 (2014), 45.Google ScholarCross Ref
- Jiawei Han, Jian Pei, and Micheline Kamber. 2011. Data mining: concepts and techniques. Elsevier. Google ScholarDigital Library
- Lars Kai Hansen and Peter Salamon. 1990. Neural network ensembles. IEEE transactions on pattern analysis and machine intelligence 12, 10 (1990), 993--1001. Google ScholarDigital Library
- Nutan Farah Haq, Abdur Rahman Onik, and Faisal Muhammad Shah. 2015. An ensemble framework of anomaly detection using hybridized feature selection approach (HFSA). In SAI Intelligent Systems Conference (IntelliSys), 2015. IEEE, 989--995.Google ScholarCross Ref
- Tin Kam Ho. 2002. Multiple classifier combination: Lessons and next steps. In Hybrid methods in pattern recognition. World Scientific, 171--198.Google Scholar
- Navaneeth Kumar Kanakarajan and Kandasamy Muniasamy. 2016. Improving the accuracy of intrusion detection using GAR-Forest with feature selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. Springer, 539--547.Google ScholarCross Ref
- Ludmila I Kuncheva. 2014. Combining pattern classifiers: methods and algorithms (second ed.). John Wiley & Sons. Google ScholarDigital Library
- Arif Jamal Malik, Waseem Shahzad, and Farrukh Aslam Khan. 2015. Network intrusion detection using hybrid binary PSO and random forests algorithm. Security and Communication Networks 8, 16 (2015), 2646--2660. Google ScholarDigital Library
- Saurabh Mukherjee and Neelam Sharma. 2012. Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technology 4 (2012), 119--128.Google ScholarCross Ref
- NSL-KDD 2017. NSL-KDD dataset. (2017). Retrieved September 20, 2017 from http://www.unb.ca/cic/research/datasets/nsl.htmlGoogle Scholar
- Hamed Haddad Pajouh, GholamHossein Dastghaibyfard, and Sattar Hashemi. 2017. Two-tier network anomaly detection model: a machine learning approach. Journal of Intelligent Information Systems 48, 1 (2017), 61--74. Google ScholarDigital Library
- Mrutyunjaya Panda and Manas Ranjan Patra. 2009. Ensemble of classifiers for detecting network intrusion. In Proceedings of the International Conference on Advances in Computing, Communication and Control. ACM, 510--515. Google ScholarDigital Library
- Muhammad Shakil Pervez and Dewan Md Farid. 2014. Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In Software, Knowledge, Information Management and Applications (SKIMA), 2014 8th International Conference on. IEEE, 1--6.Google Scholar
- Robert E Schapire. 1990. The strength of weak learnability. Machine learning 5, 2 (1990), 197--227. Google ScholarDigital Library
- Akhilesh Kumar Shrivas and Amit Kumar Dewangan. 2014. An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD data set. International Journal of Computer Applications 99, 15 (2014).Google Scholar
- Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A Ghorbani. 2009. A detailed analysis of the KDD CUP 99 data set. In Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on. IEEE, 1--6. Google ScholarDigital Library
Index Terms
- Improving performance of intrusion detection system using ensemble methods and feature selection
Recommendations
Intrusion Detection Using Big Data and Deep Learning Techniques
ACM SE '19: Proceedings of the 2019 ACM Southeast ConferenceIn this paper, Big Data and Deep Learning Techniques are integrated to improve the performance of intrusion detection systems. Three classifiers are used to classify network traffic datasets, and these are Deep Feed-Forward Neural Network (DNN) and two ...
A novel SVM-kNN-PSO ensemble method for intrusion detection system
Graphical abstractThe objective of this paper is to develop ensemble based classifiers that will improve the accuracy of Intrusion Detection. For this purpose, we trained and tested 12 experts and then combined them into an ensemble. We used the PSO ...
Analysis of Feature Selection and Ensemble Classifier Methods for Intrusion Detection
Day by day network security is becoming more challenging task. Intrusion detection systems IDSs are one of the methods used to monitor the network activities. Data mining algorithms play a major role in the field of IDS. NSL-KDD'99 dataset is used to ...
Comments