Intrusion detection system based on bagging with support vector machine

Abstract

<p>Due to their rapid spread, computer worms perform harmful tasks in networks, posing a security risk; however, existing worm detection algorithms continue to struggle to achieve good performance and the reasons for that are: First, a large amount of irrelevant data affects classification accuracy. Second, individual classifiers do not detect all types of worms effectively. Third, many systems are based on outdated data, making them unsuitable for new worm species. The goal of the study is to use data mining algorithms to detect worms in the network because they have a high ability to detect new types accurately. The proposal is based on the UNSW NB15 dataset and uses a support vector machine to train and test the ensemble bagging algorithm. To detect various types of worms efficiently, the contribution suggests combining correlation and Chi2 feature selection method called Chi2-Corr to select relevant features and using support vector machine (SVM) in the bagging algorithm. The system achieved accuracy reaching 0.998 with Chi2-Corr, and 0.989, 0.992 with correlation and chi-square separately.</p>