Improving performance of intrusion detection system using ensemble methods and feature selection

Pham, Ngoc Tu; Foo, Ernest; Suriadi, Suriadi; Jeffrey, H Siewerdsen; Lahza, Hassan Fareed M.

doi:10.1145/3167918.3167951

Cited by 123 publications

(65 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regarding other related IDSs, our proposed system is compared with some IDSs included in Refs. [5,6,7,9] as shown in Table 8. Results proved that our proposed system outperformed other related IDSs with a higher classification accuracy, TPR, TNR and a lower FPR.…”

Section: Implementation and Experimental Resultsmentioning

confidence: 99%

“…KDD99 dataset used to evaluate the proposed system which was characterized by a low false positive alarm and a high detection rate. In [9], Ngoc and T. Pham et al proposed an IDS by using boosting and bagging ensemble techniques along with the tree algorithm as a base classifier. NSL-KDD dataset was used for evaluating their proposed system.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Network Intrusion Detection System based PSO-SVM for Cloud Computing

Sakr¹,

Tawfeeq²,

El-Sisi³

2019

IJCNIS

View full text Add to dashboard Cite

Cloud computing provides and delivers a pool of on-demand and configurable resources and services that are delivered across the usage of the internet. Providing privacy and security to protect cloud assets and resources still a very challenging issue, since the distributed architecture of the cloud makes it vulnerable to the intruders. To mitigate this issue, intrusion detection systems (IDSs) play an important role in detecting the attacks in the cloud environment. In this paper, an anomaly-based network intrusion detection system (NIDS) is proposed which can monitor and analyze the network traffics flow that targets a cloud environment. The network administrator should be notified about the nature of these traffics to drop and block any intrusive network connections. Support vector machine (SVM) is employed as the classifier of the network connections. The binarybased Particle Swarm Optimization (BPSO) is adopted for selecting the most relevant network features, while the standard-based Particle Swarm Optimization (SPSO) is adopted for tuning the SVM control parameters. The benchmark NSL-KDD dataset is used as the network data source to build and evaluate the proposed system. Acceptable evaluation results state that the proposed system is characterized by detecting the intrusive network connections with high detection accuracy and low false alarm rates (FARs).

show abstract

Section: Implementation and Experimental Resultsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Network Intrusion Detection System based PSO-SVM for Cloud Computing

Sakr¹,

Tawfeeq²,

El-Sisi³

2019

IJCNIS

View full text Add to dashboard Cite

show abstract

“…Besides having superior detection accuracy, the proposed method also outperforms significantly other approaches in terms of detection rate metric. Even though EM-FS [72] performs best in terms of FAR metric, it only achieves the accuracy of 84.25% based on 35 features. However, our proposed method can obtain higher accuracy of 87.37% with FAR of 3.19% based on only 10 features, which still outperforms EM-FS to some extent.…”

Section: Comparison With the State Of The Art Methodsmentioning

confidence: 95%

“…Likewise, ensemble methods have been shown to improve accuracy in many use cases, including intrusion detection. For example, the results in [1,72,77] proved that their proposed ensemble models produce better performance of IDS than the one using a single classifier. For security professionals, ensemble classifiers provide mechanisms that aid in analysis such as similarity to existing known malicious or benign samples.…”

Section: Ensemble Classificationmentioning

confidence: 99%

“…Thus, researchers have come up with the idea of constructing ensemble classifiers for IDSs [28,77]. In general, the main goal of ensemble learning is to combine a set of individual classifiers and then make a better classification decision about the object submitted at the input [72]. For instance, training a single classifier on different subsets of an IDS dataset could produce different classification performances, however, an ensemble would average the output of multiple classifiers and therefore become a better option.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Building an efficient intrusion detection system based on feature selection and ensemble classifier

et al. 2020

View full text Add to dashboard Cite

A B S T R A C T Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

show abstract

Network intrusion detection based on ensemble classification and feature selection method for cloud computing

Krishnaveni¹,

Sivamohan²,

Sridhar³

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Cloud computing security is the most critical factor for providers, cloud users, and organizations. The various novel approaches apply host‐based or network‐based methods to increase cloud security performance and detection rate. However, due to the virtual and distributed environment of the cloud, conventional network intrusion detection systems (NIDS) have been unreliable in handling these security attacks. Therefore, we design a methodology that incorporates feature selection and classification using ensemble techniques to provide efficient and accurate intrusion detection to address these problems. This proposed model combines the three most effective feature selection techniques (gain‐ratio, chi‐squared, and information gain) to offer a qualifying result and four top classifiers (SVM, LR, NB, and DT) using enhanced weighted majority voting. Moreover, we proposed an experimental technique using a new dataset called Honeypot. All experiments utilized three datasets: Honeypots, Kyoto, and NSL: KDD. In addition, the results of this experimental study were compared with other approaches and performed the statistical significance analysis. Finally, the results reveal that the proposed intrusion detection based on the Honeypot dataset was better and more efficient than other methods because we have an accuracy of 98.29%, FAR of 0.012%, DR of 97.9%, and AUC = 0.9921.

show abstract

Improving performance of intrusion detection system using ensemble methods and feature selection

Cited by 123 publications

References 16 publications

Network Intrusion Detection System based PSO-SVM for Cloud Computing

Network Intrusion Detection System based PSO-SVM for Cloud Computing

Building an efficient intrusion detection system based on feature selection and ensemble classifier

Network intrusion detection based on ensemble classification and feature selection method for cloud computing

Contact Info

Product

Resources

About