Ensemble Design for Intrusion Detection Systems (original) (raw)

A Machine Learning Approach for Intrusion Detection using Ensemble Technique-A Survey

An Intrusion detection system is a machine or software that monitors the traffic in a network and on detection of a malicious packet, informs the user or a specific acting unit which can take further action and avoid the malicious packet from entering the network. In network intrusion, there may be multiple computing nodes attacked by intruders. The evidences of intrusions have to gather from all such attacked nodes. An intruder may move between multiple nodes in the network to conceal the origin of attack, or misuse some compromised hosts to launch the attack on other nodes. To detect such intrusion activities spread over the whole network, we present a new intrusion detection system (IDS) that classifies data with three different classifiers and an Ensemble technique that selects the majority of the three classifiers to assign the packet in the network as anomaly or normal. In this paper, we discuss a different ways to implement intelligent IDS, which classifies the normal traffic...

Ensemble-based framework for intrusion detection system

IJET, 2018

In this digital age, data is growing as faster as unimaginable. One common problem in data mining is high dimensionality which impacts the quality of training datasets and thereafter classification models. This leads to a high risk of identifying intrusions for Intrusion Detection System (IDS).The probable solution for reducing dimensionality is feature selection. Another considerable cumbersome task for constructing potent classification models from multiclass datasets is the class imbalance. This may lead to a higher error rate and less accuracy. Therefore to resolve these problems, we investigated ensemble feature selection and ensemble learning techniques for IDS. The ensemble models will decrease the hassle of selecting the wrong hypothesis and give a better approximation of the true function. In this paper Prudent Intrusion detection system (PIDS) framework, focusing on ensemble learning is given. It is a two-phase approach. Firstly, the merging of two filtering approaches is done with Ensemble Feature Selection (EFS) algorithm. The proposed EFS algorithm is implemented based on fuzzy aggregation function Height with two filtering methods: Canberra distance and city block distance. Later on, classification with Ensemble Classification (EC) algorithm is done with the unification of Support Vector Machines (SVM), Bayesi-an Network (BN) and K nearest neighbor (KNN). The proposed ensemble method has attained a substantial improvement in accuracy compared to single classifiers. The experiments were performed on EFS+SVM, EFS+BN, EFS+KNN and proposed framework EFS+EC. SVM recorded an accuracy rate of 81% where K-NN recorded 82.8%, Bayes network recorded 84% and our proposed EFS+EC recorded 92%. It is evidenced from the end results that this PIDS framework excels IDS and prevail the pitfalls of SVM, Bayes network and K-NN classifiers.

Hybrid Framework for Intrusion Detection System using Ensemble Approach

International Journal of Advanced Trends in Computer Science and Engineering, 2020

Malicious attack detection is a new emerging area of research now days due to huge number of internet and network usage. Attack detection in network is handled by a system called Intrusion Detection System (IDS). Most of the administrators make use of IDS for monitoring malicious activities of the network. To increase attack detection rate for securing network IDS need to work intelligently. Various machine learning algorithms are used to improve IDS performance considering threat of attacks in modern era of internet. In this paper a novel framework is proposed which will make use of signature as well as anomaly based detection to increase detection rate and reduce false alarm rate. This architecture makes use of various supervised and unsupervised machine learning algorithms for testing real time internet traffic. Dataset used for testing proposed framework is Intrusion Detection Evaluation Dataset CICIDS-17. This framework emphasis of attack detection using signature based detection and propose a new method for new attack detection using anomaly based identification. Dataset used for training deals with various modern attacks and helps to find signature of new attack with help of 88 features of dataset. Various feature selection techniques are used to reduce number of features from dataset to reduce computation time of the system. As this framework is proposed for distributed networks feature selection plays a vital role in performance of system. An experiment results shows that proposed architecture which makes use of ensemble approach provides better performance in terms of detection rate and false alarm rate. Proposed architecture shows increase in detection rate by 5% for signature based detection and 2% for anomaly based detection. Reduction of 0.05 is observed in false alarm rate.

An Ensemble of Classification Techniques for Intrusion Detection Systems

IJCSIS Vol 17 No 11 November Issue, 2019

Abstract-Extenuating intrusions into a network has become a great concern for network security scholars as they pose a threat to the confidentiality, integrity and availability of the data stored as well as derogating the services rendered by the network. Several researchers have proposed diverse techniques in other to curb intrusions into a network using various mechanisms. One of the mechanisms used is data mining. However, some of these systems have high false positive rates and relatively low detection rates which signifies a flaw in the system. In other to drastically reduce false positive rate and achieve higher detection rate whilst maintaining computational efficiency, a stacking ensemble using random forest, naïve bayes and c4.5 classifiers as base learners and support vector machine as the meta learner was proposed. The proposed stacking ensemble has a detection rate of 99.5% and a false positive rate of 0.6%. Compared to existing frameworks, the proposed ensemble performed better in detecting intrusions. Keywords: data mining, ensemble, false positive rate, intrusions, stacking

Ensemble Learning Approach for the Enhancement of Performance of Intrusion Detection System

International Conference on Information and Communication Technology and its Applications (ICTA 2018), 2018

—Due to the rapid growth in the Information and Communication Technology (ICT) infrastructures, application and services, both corporate and individuals including government now depend on cyber space for almost every day-today activity. This development has brought about the disappearance of network boundary between computers on the internet, thereby making the security of the confidentiality, integrity and availability (CIA) of individual's information a great concern. Intrusion Detection System (IDS) has emerged as an important component of secure network as it filters and monitors the network traffic for any anomaly or misused connection. Machine learning technique has been useful in the area of intrusion detection due to their model free properties which makes them to learn the network pattern and identifies them as either normal or malicious (attack). However, IDS suffers some performance challenges such as low detection and high false alarm rates. The focus of this research work is to develop a novel ensemble based model by integrating multilayer perceptron neural network (MPNN) and Sequential minimal optimization (SMO) classifiers to enhance the performance of IDS. Kyoto 2006+ intrusion detection dataset is used to evaluate the performance of the model. The results show that the ensemble of MPNN+SMO classifier outperformed ensemble of Random Forest (RF) and Average One Dependency Estimator(AODE) in terms accuracy, detection rate, false alarm rate and Hubert index measurement. It is concluded that combination of multiple classifiers requires serious consideration so that the weak algorithm will not weigh down the performance of the model.

MAIDEn: A Machine Learning Approach for Intrusion Detection using Ensemble Technique

International Journal of Computer Applications

An Intrusion detection system is a machine or software that monitors the traffic in a network and on detection of a malicious packet, informs the user or a specific acting unit which can take further action and avoid the malicious packet from entering the network. This paper discusses a way to implement an intelligent IDS which classifies the normal traffic in a network with abnormal or attacked ones. This paper explains the method used to generate such a system and the various classifiers used in the generation process. The proposed system of Intrusion Detection, classifies data with three different classifiers and an Ensemble technique which selects the majority of the three classifiers to assign the packet in the network as anomaly or normal. The dataset used to train the classifiers is the NSL-KDD dataset. The IDS proposed serves many applications in the field of Military Systems, Banks and Social Networking websites where data is very sensitive. The paper also explains related work done in this field and briefly explains every classifier, the network attacks and the dataset.

IJERT-A Novel Approach to Solve Class Imbalance by using Ensemble Classifier

International Journal of Engineering Research and Technology (IJERT), 2021

https://www.ijert.org/a-novel-approach-to-solve-class-imbalance-by-using-ensemble-classifier https://www.ijert.org/research/a-novel-approach-to-solve-class-imbalance-by-using-ensemble-classifier-IJERTCONV9IS05058.pdf Security is a key controversy to both computer and computer networks. An Intrusion Detection System is a software that superintend a single or a network of a computers for denmastry activities which are pursued at purloining or inspecting information or deprave network protocols. IDS can be grouped into Signature based Detection (SBD) and Anomaly based Detection (ABD). Machine Learning Techniques have been scrutinized and emulated in label of their detection potentiality for identifying the different groups of attacks. In this Paper, we Proposed a comprehensive evaluation of diverse machine learning techniques for locating the root of complications in recognizing Intrusion Activities. Controversies that are analogous to discerning low-frequency attacks utilizing network attack datasets are also explored and effective methods are recommended for betterment. Numerous Data Mining tools for Machine Learning have also been incorporated in this paper. By using Sampling Technique, the efficiency and scalability was improved better compared to formal approaches.

Intrusion detection using ensemble of soft computing paradigms

2003

Abstract: Soft computing techniques are increasingly being used for problem solving. This paper addresses using ensemble approach of different soft computing techniques for intrusion detection. Due to increasing incidents of cyber attacks, building effective intrusion detection systems (IDSs) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. Two classes of soft computing techniques are studied: Artificial Neural Networks (ANNs) and Support Vector Machines (SVMs).

A Comparative Analysis of Standard and Ensemble Classifiers on Intrusion Detection System

International Journal of Computer Applications Technology and Research, 2019

With the increased dependence on the Internet, Network Intrusion Detection system (NIDs) becomes an indispensable part of information security system. NIDs aims at distinguishing the network traffic as either normal or abmormal. Due to the variety of network behaviors and the rapid development of attack strategies, it is necessary to build an intelligent and effective intrusion detection system with high detection rates and low false-alarm rates. One of the major developments in machine learning in the past decade is the ensemble method that generates a set of accurate and diverse classifiers that combine their outputs such that the resultant classifier outperforms all the single classifiers. In this work a comparative analysis on performance of three different ensemble methods, bagging, boosting and stacking is performed in order to determine the algorithm with high detection accuracy and low false positive rate. Three different experiments on NSL KDD data set are conducted and their performance evaluated based on accuracy, false alarms and computation time. The overall performance of the different types of classifiers used proved that ensemble machine learning classifiers outperformed the single classifiers with high detection accuracy and low false rates.

A Comprehensive Survey on Support Vector Machines for Intrusion Detection System

International Journal of Knowledge Based Computer Systems, 2022

Machine learning is a widely interdisciplinary field centered on theories from cognitive science, computer science, statistics, optimization and many other theoretical and mathematical disciplines. Classification is a supervised learning technique used in machine learning to evaluate a given dataset and to create a model that divides data into a desired and distinct number of groups. The strength of SVMs lies in their use of nonlinear kernel features that map input into high-dimensional spaces of features implicitly. We'll address the value of SVMs in this survey article. Discussing their SVM tuning parameters as well. The main purpose of this paper is to include detailed studies on SVM implementations by contrasting the current ML models with the SVM versions, also poses the problems of the intrusion detection method of the support vector machines, and also this paper provides researchers with a summary of the SVM that assists in their future analysis.