Abstract
Intrusion detection systems (IDSs) play a pivotal role in computer security by discovering and repealing malicious activities in computer networks. Anomaly-based IDS, in particular, rely on classification models trained using historical data to discover such malicious activities. In this paper, an improved IDS based on hybrid feature selection and two-level classifier ensembles are proposed. A hybrid feature selection technique comprising three methods, i.e., particle swarm optimization, ant colony algorithm, and genetic algorithm, is utilized to reduce the feature size of the training datasets (NSL-KDD and UNSW-NB15 are considered in this paper). Features are selected based on the classification performance of a reduced error pruning tree (REPT) classifier. Then, a two-level classifier ensemble based on two meta learners, i.e., rotation forest and bagging, is proposed. On the NSL-KDD dataset, the proposed classifier shows 85.8% accuracy, 86.8% sensitivity, and 88.0% detection rate, which remarkably outperform other classification techniques recently proposed in the literature. The results regarding the UNSW-NB15 dataset also improve the ones achieved by several state-of-the-art techniques. Finally, to verify the results, a two-step statistical significance test is conducted. This is not usually considered by the IDS research thus far and, therefore, adds value to the experimental results achieved by the proposed classifier.
Highlights
Intrusion detection systems (IDSs) have been extensively recognized as a prominent technique for discovering and denying malevolent activities in a network [1]
The two-stage ensemble is composed by a meta classifier in the first stage whose base classifier is another meta classifier; (ii) we adopt a hybrid feature selection method to obtain a precise and accurate feature representation for the IDS problem, taking into account the fact that not all features are regarded as significant or even relevant in detecting intrusion; (iii) we conduct an extensive experimental evaluation of the proposed method to show that it produces a significant improvement of the detection rate on two different intrusion datasets when compared to several state of the art techniques; (iv) we present a two-fold statistical test to demonstrate that the performance improvement shown by the proposed algorithm in respect of state of the art techniques are significant
By considering a reduced feature set, the performance accuracy of SVM tested on KDDTest+ is improved when compared to other similar techniques, such as grey wolf optimizer (GWO), binary GWO, and MGWO
Summary
Intrusion detection systems (IDSs) have been extensively recognized as a prominent technique for discovering and denying malevolent activities in a network [1]. An efficient anomaly-based detection can be built using machine learning techniques It involves solving a binary classification problem, by training a classifier to learn whether normal or anomaly usage patterns exist in the network [9]. Meta classifiers have been proposed in diverse real-life application domains, such as remote sensing, information security, fraud detection, health care, and recommender systems [16]. In such applications, MCSs show a plausible performance improvement over single classifiers. Our contributions to the cyber-security domain are the following: (i) we propose an anomaly-based IDS based on a two-stage meta classifier, rather than an ensemble learner.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
