Multiple learning based classifiers using layered approach and Feature Selection for attack detection

One of the major shares of the current security infrastructure is formed by the Intrusion Detection Systems (IDS). The attack launched towards the security systems are increasing in a rapid way. The sophistication of attack methods with more automated tools enables the attackers to gain control over the systems and produce threats to the information assets. The normal way of detecting the attacks is by using tools that produce alerts to the system administrators. But most of the attacks would normally escape from these tools since they are mostly rule-based. So the need for enhanced attack detection methods becomes vital for the security infrastructure. The attack detection methods are normally statistical based or probabilistic based. This paper focuses on attack detection using multiple learning based classifiers such as J48, Naïve Bayes, Random Forest, Random Tree, KStar, RotationForest, RandomSubspace, Ordinal Class Classifier, Data Near BalancedND and Multiclass classifier. Correlation Based Feature Selection (CFS) is also used to select the best features of the kddcup 99 dataset for the attack classes such as DoS, Probe, U2R and R2L. The feature selection enables the classifiers to improve the accuracy of classification. The multiple classifiers are used in four layers for detecting the four types of attack classes. The classification rate of above 99% is obtained. Cost - Benefit analysis is done for the various attack detection methods and the ROC curves are also plotted.