CSE-IDS: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems

Abstract

In recent times, Network-based Intrusion Detection Systems (NIDSs) have become very popular for detecting intrusions in computer networks. Existing NIDSs can easily identify those intrusions that have been frequently witnessed in the network (majority attacks), but they cannot identify new and infrequent intrusions (minority attacks) accurately. Moreover, such systems solely focus on maximizing the overall Attack Detection Rate while overlooking the number of false alarms. To address these issues, this paper proposes CSE-IDS, a three-layer NIDS, based on Cost-Sensitive Deep Learning and Ensemble algorithms. Layer 1 of the proposed CSE-IDS uses Cost-Sensitive Deep Neural Network to separate normal traffic from suspicious network traffic. These suspicious samples are then sent to Layer 2, which uses the eXtreme Gradient Boosting algorithm to classify them into normal class, different majority attack classes, and a single class representing all minority attack classes. At last, Random Forest is used at Layer 3 to classify the minority attacks identified at Layer 2 into their respective classes. The performance of the proposed CSE-IDS was evaluated on the NSL-KDD, CIDDS-001, and CICIDS2017 datasets with respect to Accuracy, Recall, Precision, F1-score, ROC curve, AUC values, and computational times. The proposed system outperforms its counterparts by achieving a high Attack Detection Rate for both majority attacks and minority attacks present in the network. Further, it minimizes the number of false alarms by correctly segregating normal traffic from attack traffic. The obtained results confirm that the proposed CSE-IDS can be deployed in the real world for performing network-based intrusion detection.