Two-Layer Intrusion Detection Model Based on Ensemble Classifier

Ensemble classifier can not only improve the accuracy of learning system but also significantly improve its generalization ability by utilizing different deviations of each classifier. Although different classifier ensemble methods are proposed in intrusion field, they are more or less defective and still need further improvement. Aiming at realizing a strong generalization intrusion detection model with high detection rate (DR) and low false positive rate (FPR), a two-layer intrusion detection model based on ensemble classifier (TLMCE) is proposed in this paper. R2L and U2R are classified using JRip classifier in the first layer, and the ensemble classifier is used to classify Normal, DoS, and Probe in the second layer. The stacking optimization strategy is applied to the ensemble classifier using J48, JRip, RandomForest (RF), BayesNet, and SimpleCart as the base classifier. In addition, a modified sequential forward selection method is proposed to select appropriate feature subsets for TLMCE. The experimental results on the NSL-KDD dataset demonstrate that the TLMCE has better performance than some existing ensemble models. It achieved an overall accuracy rate of \(89.1\%\) and a FPR of \(3.1\%\).

[1]  George K. Matsopoulos,et al.  A New Ensemble Classification System For Fracture Zone Prediction Using Imbalanced Micro-CT Bone Morphometrical Data , 2018, IEEE Journal of Biomedical and Health Informatics.

[2]  Seyed Mojtaba Hosseini Bamakan,et al.  Ramp loss one-class support vector machine; A robust and effective approach to anomaly detection problems , 2018, Neurocomputing.

[3]  Vipin Kumar,et al.  A Comparative Study of Classification Techniques for Intrusion Detection , 2013, 2013 International Symposium on Computational and Business Intelligence.

[4]  Esmaeil Hadavandi,et al.  A Neural Network Ensemble Classifier for Effective Intrusion Detection Using Fuzzy Clustering and Radial Basis Function Networks , 2016, Int. J. Artif. Intell. Tools.

[5]  Pietro Sabatino,et al.  Ensemble based collaborative and distributed intrusion detection systems: A survey , 2016, J. Netw. Comput. Appl..

[6]  Albert De Jongh,et al.  Neural network ensembles , 2004 .

[7]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[8]  Thomas G. Dietterich Machine-Learning Research , 1997, AI Mag..

[9]  Manas Ranjan Patra,et al.  Ensembling Rule Based Classifiers for Detecting Network Intrusions , 2009, 2009 International Conference on Advances in Recent Technologies in Communication and Computing.

[10]  Shengli Wu,et al.  Effective Neural Network Ensemble Approach for Improving Generalization Performance , 2013, IEEE Transactions on Neural Networks and Learning Systems.

[11]  Hui Lu,et al.  Three-Level Hybrid Intrusion Detection System , 2009, 2009 International Conference on Information Engineering and Computer Science.

[12]  C. Xiang,et al.  Design of mnitiple-level tree classifiers for intrusion detection system , 2004, IEEE Conference on Cybernetics and Intelligent Systems, 2004..

[13]  R. Schapire The Strength of Weak Learnability , 1990, Machine Learning.

[14]  Lars Kai Hansen,et al.  Neural Network Ensembles , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[15]  Iftikhar Ahmad,et al.  Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000 , 2018 .

[16]  Manas Ranjan Patra,et al.  Ensemble of classifiers for detecting network intrusion , 2009, ICAC3 '09.

[17]  Huan Liu,et al.  Advancing feature selection research , 2010 .

[18]  Jugal K. Kalita,et al.  MLH-IDS: A Multi-Level Hybrid Intrusion Detection Method , 2014, Comput. J..

[19]  Emilio Corchado,et al.  A survey of multiple classifier systems as hybrid systems , 2014, Inf. Fusion.

[20]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[21]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[22]  Ali Borji,et al.  Combining Heterogeneous Classifiers for Network Intrusion Detection , 2007, ASIAN.

[23]  Gholamhossein Dastghaibyfard,et al.  Two-tier network anomaly detection model: a machine learning approach , 2017, Journal of Intelligent Information Systems.

[24]  Hongle Du,et al.  A Cooperative Network Intrusion detection Based on Fuzzy SVMs , 2010, J. Networks.

[25]  Naiqi Wu,et al.  SVM-DT-based adaptive and collaborative intrusion detection , 2018, IEEE/CAA Journal of Automatica Sinica.

[26]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[27]  Grigorios Tsoumakas,et al.  Greedy regression ensemble selection: Theory and an application to water quality prediction , 2008, Inf. Sci..

[28]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[29]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[30]  Lin Lu,et al.  Predicting short-term stock prices using ensemble methods and online data sources , 2018, Expert Syst. Appl..

[31]  Aboul Ella Hassanien,et al.  Comparison of classification techniques applied for network intrusion detection and classification , 2017, J. Appl. Log..

[32]  Bayu Adhi Tama,et al.  An Improved Model of Anomaly Detection Using Two-Level Classifier Ensemble , 2017, 2017 12th Asia Joint Conference on Information Security (AsiaJCIS).

[33]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[34]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[35]  Kazuhiko Hamamoto,et al.  Discrimination of Breast Tumors in Ultrasonic Images Using an Ensemble Classifier Based on the AdaBoost Algorithm With Feature Selection , 2010, IEEE Transactions on Medical Imaging.

[36]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[37]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[38]  Ali Bou Nassif,et al.  Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection , 2019, Comput. Networks.