Building an efficient intrusion detection system based on feature selection and ensemble classifier

The problem of network intrusion detection poses innumerable challenges to the research community, industry, and commercial sectors. Moreover, the persistent attacks occurring on the cyber-threat landscape compel researchers to devise robust approaches in order to address the recurring problem. Given the presence of massive network traffic, conventional machine learning algorithms when applied in the field of network intrusion detection are quite ineffective. Instead, a hybrid multimodel solution when sought improves performance thereby producing reliable predictions. Therefore, this article presents an ensemble model using metaclassification approach enabled by stacked generalization. Two contemporary as well as heterogeneous datasets, namely, UNSW NB-15, a packet-based dataset, and UGR’16, a flow-based dataset, that were captured in emulated as well as real network traffic environment, respectively, were used for experimentation. Empirical results indicate that the proposed stacking ensemble is capable of generating superior predictions with respect to a real-time dataset (97% accuracy) than an emulated one (94% accuracy).

show abstract

“…An ensemble classifier using random forest, C4.5, and forest by penalizing attributes (FPA) was proposed by Zhou and Cheng [26].…”

Section: Related Workmentioning

confidence: 99%

A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets

Rajagopal

Kundapur

Hareesha

2020

Security and Communication Networks

151

View full text Add to dashboard Cite

show abstract

“…In Reference [15], a similar goal was achieved using Conditional Random Fields approach. Recently, Zhou et al [16] presented the ensemble model consisting of C4.5, Random Forest and PA Forest, where the decisions are based on the average of probabilities rule (voting based on average of probabilities). The ensemble model uses feature selection by applying a hybrid approach of combination of correlation-based feature selection and biologically inspired bat algorithm.…”

Section: Related Workmentioning

confidence: 99%

“…During the pre-processing, we mostly focused on feature selection. According to the work of Zhou and Cheng in [16], we selected only the most relevant attributes: service, src_bytes, dst_bytes, logged_in, num_file_creations, srv_count, serror_rate, rerror_rate, srv_diff_host_rate, dst_host_count, dst_host_diff_srv_rate, dst_host_srv_diff_host_rate.…”

Section: Machine Learning Models For Detection Of the Network Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Hierarchical Intrusion Detection Using Machine Learning and Knowledge Model

Sarnovský

Paralič

2020

Symmetry

View full text Add to dashboard Cite

Intrusion detection systems (IDS) present a critical component of network infrastructures. Machine learning models are widely used in the IDS to learn the patterns in the network data and to detect the possible attacks in the network traffic. Ensemble models combining a variety of different machine learning models proved to be efficient in this domain. On the other hand, knowledge models have been explicitly designed for the description of the attacks and used in ontology-based IDS. In this paper, we propose a hierarchical IDS based on the original symmetrical combination of machine learning approach with knowledge-based approach to support detection of existing types and severity of new types of network attacks. Multi-stage hierarchical prediction consists of the predictive models able to distinguish the normal connections from the attacks and then to predict the attack classes and concrete attack types. The knowledge model enables to navigate through the attack taxonomy and to select the appropriate model to perform a prediction on the selected level. Designed IDS was evaluated on a widely used KDD 99 dataset and compared to similar approaches.

show abstract

“…To enable comparison and analysis of the effects of feature selection, a feature selected version of each dataset is made using a wrapperbased feature selection approach with a decision tree algorithm as the feature evaluator. To determine the effect of normalization, min-max normalization, one of the most common [8] and the predominantly used normalization method in IDS modeling [5], [9], [10] is used. Using the four final datasets (full and feature selected version of each) three different IDS programs were implemented, each program contains ten distinct IDS models, with some of the models developed without applying normalization.…”

Section: Introductionmentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar¹,

Chen²

2023

Preprint

View full text Add to dashboard Cite

<div><br></div><div><p> The rapid rise of cyberattacks and the gradual failing of traditional defense systems and approaches led to the use of Machine Learning (ML) techniques aiming to build more efficient and reliable Intrusion Detection Systems (IDSs). However, the advent of larger IDS datasets brought about negative impacts on the performance and computational time of ML-based IDSs. To overcome such issues, many researchers utilized data preprocessing techniques such as feature selection and normalization. While most of these researchers reported the success of these preprocessing techniques on a shallow level, very few studies are performed on their effects on a wider scale. Furthermore, the performance of an IDS model is subject to not only the preprocessing techniques used but also the dataset and the ML algorithm used, which most of the existing studies on preprocessing techniques give little emphasis on. Thus, this study provides an in-depth analysis of the effects of feature selection and normalization on various IDS models built using four separate IDS datasets and five different ML algorithms. Wrapper-based decision tree and min-max are used in feature selection and normalization respectively. The models are evaluated and compared using popular evaluation metrics in IDS. The study found normalization to be more important than feature selection in improving performance and computational time of models on both datasets, while feature selection on UNSW-NB15 failed to reduce models computational time, and in the case of models built using NSL-KDD, it decreases their performance. The study also reveals that, compared to the UNSW-NB15 dataset, the NSL-KDD dataset is less complex and unsuitable for building reliable modern-day IDS models. Furthermore, the best performance on both datasets is achieved by Random Forest with accuracy of 99.75% and 98.51% on NSL-KDD and UNSW-NB15 respectively. </p></div>

show abstract

Building an efficient intrusion detection system based on feature selection and ensemble classifier

Cited by 466 publications

References 76 publications

A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets

A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets

Hierarchical Intrusion Detection Using Machine Learning and Knowledge Model

Effects of Feature Selection and Normalization on Network Intrusion Detection

Contact Info

Product

Resources

About