Ensemble Learning Approach for Flow-based Intrusion Detection System

Abstract

Network security remains a critical issue due to ongoing advancements in Information and Communication Technologies (ICT) and the concomitant rise in the number of security threats. Intrusion detection systems have emerged as an essential countermeasure to preserve network security. However, over the years, the challenge has been finding a detection mechanism that is accurate enough and has low false alarm rates. It has become increasingly difficult to attain high levels of accuracy with conventional anomaly detection systems due to the dynamic nature of network traffic patterns. In recent years machine learning based detection techniques have emerged as a viable IDS solution in comparison to pattern-based detection approaches. Some machine learning solutions that are reported to have high detection accuracy in literature are ineffective in practical situations due to the unreal nature of datasets used for evaluation. Moreover, in most cases these solutions use single classifiers which are known to be outperformed by ensemblers. This paper proposes a flow based intrusion detection method that utilizes ensemble classification machine learning techniques to analyze network flow data. A performance evaluation of the ensemble of decision tree, probabilistic and non-probabilistic classification methods is conducted. The ensemble methods; adaptive boosting, bootstrap aggregation, random forests, and majority voting were analyzed using the CIDDS-001 flow based IDS evaluation datasets. The experimental results indicate that the ensemble of decision tree based classification methods perform better when compared with the ensemble of probabilistic and non-probabilistic based classification methods. Additionally, the non-probabilistic based ensemble methods take longer to train and to classify new instances.