Network Intrusion Detection System Using Two Stage Classifier

Abstract

A Network Intrusion Detection System (NIDS) is a mechanism that detects illegal and malicious activity inside a network. Anomaly based Intrusion detection systems use machine learning techniques to detect novel attacks. Classifiers are predictors that estimate the class label of an attack based on prior training and learning models. While it can be seen that DoS (Denial of Service) and probe attacks are filtered with reasonable accuracy, the detection rate fails miserably for R2L (Remote-to-Local) and U2R (User-to-Root) attacks. This paper aims to improve the accuracy of the above-mentioned attacks by proposing a two-stage classifier with feature selection used in the second stage of classification. The first stage uses a simple NB classifier with all the trained features. The proposed feature selection technique is based on Genetic Algorithm with entropy-based weights used for giving importance to each feature in the fitness function. Experiments were conducted on the NSL-KDD dataset using the WEKA machine learning tool. It can be seen that the detection rate of R2L and U2R improves significantly with 86.2% and 95% enhancement in the second stage of classification. This paper also compares the proposed feature selection technique with the existing filter methods and inspects the accuracies of other classifiers.