An Ensemble Method for Supervised Learning for Intrusion Detection and Network Forensics

Abstract

With the rapid expansion of Internet usage, cyber-attacks are becoming a point of interest for network security researchers. While companies are interested in providing their services over the Internet, their services do not enjoy appropriate security protection. Consequently, they are costing millions of dollars with network threats. Accordingly, current research suggest that ensemble methods may have advantages over individual base learners in intrusion detection problem. In this research work, we propose a new intrusion detection model combining an ensemble learning method and the expert system. In this study, first, we explore the three popular ensemble learning methods (namely boosting, bagging, and random subspace) with three individual base learners (random forest, Bayes net, and SMO) for network intrusion detection. Moreover, the NSL-KDD intrusion dataset was experimented to evaluate the effectiveness and efficiency of ensemble learning methods for intrusion detection. The performance of ensemble classifiers on the NSL-KDD dataset is tested in terms of average prediction accuracy. On the basis of experiments, empirical results show that general learning methods considerably improve the performance of base learners. Among the three ensemble methods, AdaBoostM1 boosting ensemble method based on the random forest base learner achieves the better comparative results. These results show that ensemble methods are appropriate for intrusion detection and further combined with the expert system for a knowledge-rich intrusion detection model.