A Novel Ensemble Method for Network-Based Anomaly Intrusion Detection System

Abstract

Anomaly intrusion detection technologies are essential for network and computer security as the threat gets more serious yearly. Ensemble learning techniques are promising machine learning methods in anomaly detection that aim to produce multiple models and combine their output in a specific manner to obtain a perfect attack detection. However, it’s still difficult to choose an appropriate ensemble method for a particular dataset. This research is conducted on entry-disciplinary concept in which the knowledge is transferred between network security and machine learning. Thus, the problematic of anomaly detection in network traffic is considered, and two novel ensemble methods for anomaly detection is presented. In both methods, the decision rule (henceforth, Rule-set) which is extracted from two different families of classifiers Naïve Bayes and decision tree J48 will be used as an ensemble constitute classifiers. In the first method, a set of Rule Evaluation Metrics (henceforth, REMs) extracted from Rule-sets will be used for combining classifiers and solving rules conflict whenever occurred. While in the second method the paper presents a novel stacking approach as follows: a cover property of Rule-sets will be utilized to re-encode training instances and produce metadata set that is used for training a meta-level classifier which produces the ultimate result. The evaluation of the proposed methods will be conducted on CICIDS2017 dataset in a term of detection rate, execution time, false alarm rate, accuracy, and other interesting measures. The experimental results show attests their superiority of accuracy that reaches 99.8630% and 99.8642% for first and second methods respectively and lower execution time for both methods especially for the second proposed method, which is (0.25 s).