Proposed Hybrid Ensemble Learning Algorithms for an Efficient Intrusion Detection System

Abstract

Due to sophisticated cyber-attacks, and to produce false alarms on suspicious or unusual behavior to monitor computer resources, Intrusion Detection Systems (IDSs) are required. Hence, Many Machine Learning (ML) and data mining techniques have been proposed to increase the effectiveness of IDSs, whereas current IDS algorithms are still struggling to perform effectively while many IDSs depend on a single classifier to detect intrusions. Single-classifier IDSs cannot achieve high accuracy and low false alarm rates because of zero-day attacks. In this paper, a hybrid ensemble method using AdaBoosting and Bagging for IDS is proposed. This study aims to identify unknown (zero-day attacks) and known (well-known) attacks. So, the proposed model comprises three stages. The first stage is preprocessing. The second stage involves the application of AdaBoosting and Bagging methods by four different classifiers modifying (i.e., Naïve Bayesian (NB), Support Vector Machine (SVM), random forest (RF), and K_Nearest Neighbor (KNN)). Such a modification is performed for the AdaBoosting methods. The AdaBoosting classifier is then combined to work in the Bagging method. For attack recognition, uses the voting technique as the third stage. Experimental results reveal that using the UNSW BN15 dataset yields testing with 85.49% accuracy, 99.96% detection rate, and 0.006 false alarm rate. Therefore, the proposed Hybrid AdaBoosting and Bagging Method (HABBM) can outperform other comparable and state-of-the-art techniques across a variety of parameters. Index Terms—AdaBoosting method, Bagging method, Cyber Security CS, Ensemble Method, Intrusion Detection Systems IDSs.