Network intrusion detection systems play a critical role in protecting a variety of services ranging from economic through social to commerce. However, the growing level and sophistication of malicious attacks launched on networks in the current technological landscape have necessitated the need for advanced and robust detection mechanisms to mitigate against security breaches of confidentiality, integrity, and denial‐of‐service. In this paper, we present a hybrid intrusion detection system that combines supervised and unsupervised learning models through an ensemble stacking model to increase the detection accuracy rates of attacks in networks while minimising false alarms. Three machine learning algorithms comprising a multilayer perceptron neural network, a modified self‐organizing map, and a decision tree were used for the detection framework. The intrusion detection system was trained and evaluated on benchmark datasets: NSL‐KDD and CIC‐DDoS2019. The intrusion detection system was implemented as a Java solution and the detection performance was evaluated. A 10‐fold cross‐validation performance was also performed to validate how well the detection system predicts unknown attacks for prevention. The results of the tests revealed a detection accuracy of 99.84% of the instances in the NLS‐KDD dataset with a true positive rate of 99.8% and a false positive rate of 0.10% while a detection accuracy of 99.90% was achieved with the CIC‐DDoS2019 dataset. Furthermore, the detection system was effective in distinguishing attack traffic from normal traffic in the NSL‐KDD dataset and was able to adequately detect DOS, Probe, and R2L attacks with F1 scores of 100%, 99.6%, and 95.1%, respectively, which are significantly impressive. However, the detection of less frequency attack types such as U2R attacks was quite low with an F1 score of 62.5%. The detection performance of the proposed hybrid intrusion detection system suggests that it can be deployed in network security applications to detect packets that exhibit suspicious behaviour or indicate potential threats and respond appropriately to attacks. Implementing the detection framework as a Java solution makes it possible to deploy it across various operating system platforms without any impact on the detection performance.
Read full abstract