A Hybrid Intrusion Detection Method using Improved Stacking Ensemble Algorithm and False Positive Elimination Strategy for CBTC

Abstract

With the wide application of information technolo-gies in communication based train control (CB TC) systems, the information security risks it confronts to are ever increasing. It is very difficult to design an intrusion detection system (IDS) which can detect both known and unknown cyber attacks with high true positive rate (TPR) and low false positive rate (FPR), simultaneously. In this paper, we propose a hybrid intrusion detection system (RIDS) which is composed of a signature-based intrusion detection system (SIDS) and an anomaly-based intrusion detection system (AIDS). An improved stacking ensemble algorithm (ISEA) is proposed to enhance the TPR of the SIDS which uses weighted classification probabilities outputted by base-classifiers to generate meta-features for the meta-classifier. The FPR of the AIDS is significantly reduced through adopting the proposed false positive elimination strategy (FPES). In addition, a Bayesian optimization algorithm is used for hyper-parameters adjustment to optimize the overall performance of the RIDS. The proposed RIDS is evaluated using both a KDD99 dataset and a CBTC dataset collected on a hardware-in-the-Ioop simulation platform. For the KDD99 dataset, the TPR and FPR of the proposed RIDS are 98.6% and 1.3%, respectively. For the CBTC dataset, the TPR and FPR are 98.1% and 1.1 %, respectively. Based on the performance comparison among different RIDSs, it is can be concluded that the proposed RIDS is superior to the existing RIDS in both TPR and FPR.