Abstract
Ensemble classifier can not only improve the accuracy of learning system but also significantly improve its generalization ability by utilizing different deviations of each classifier. Although different classifier ensemble methods are proposed in intrusion field, they are more or less defective and still need further improvement. Aiming at realizing a strong generalization intrusion detection model with high detection rate (DR) and low false positive rate (FPR), a two-layer intrusion detection model based on ensemble classifier (TLMCE) is proposed in this paper. R2L and U2R are classified using JRip classifier in the first layer, and the ensemble classifier is used to classify Normal, DoS, and Probe in the second layer. The stacking optimization strategy is applied to the ensemble classifier using J48, JRip, RandomForest (RF), BayesNet, and SimpleCart as the base classifier. In addition, a modified sequential forward selection method is proposed to select appropriate feature subsets for TLMCE. The experimental results on the NSL-KDD dataset demonstrate that the TLMCE has better performance than some existing ensemble models. It achieved an overall accuracy rate of \(89.1\%\) and a FPR of \(3.1\%\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
Lee, J.H., Lee, J.H., Sohn, S.G., Ryu, J.H.: Effective value of decision tree with KDD 99 intrusion detection datasets for intrusion detection system. In: International Conference on Advanced Communication Technology. IEEE (2008)
Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), Nicosia, Cyprus, pp. 14–17 (2004)
Yingjie, T., Mahboubeh, M., Hosseini, B.S.M., Huadong, W., Qiang, Q.: Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems. Neurocomputing 310(1), 223–235 (2018)
Zhang, Z., Li, J., et al.: A hierarchical anomaly network intrusion detection system using neural network classification. In: CD-ROM Proceedings of 2001 WSES International Conference on: Neural Networks and Applications (2001)
Dietterich, T.G.: Machine learning research: four current directions ai magazine. Ai Mag. 18(4), 97–136 (1997)
Yang, J., Zeng, X., Zhong, S., Wu, S.: Effective neural network ensemble approach for improving generalization performance. IEEE Trans. Neural Netw. Learn. Syst. 24(6), 878–887 (2013)
Aburomman, A.A., Reaz, M.B.I.: A novel SVM-KNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38(C), 360–372 (2016)
Folino, G., Sabatino, P.: Ensemble based collaborative and distributed intrusion detection systems: a survey. J. Netw. Comput. Appl. 66, 1–16 (2016)
De Jongh, A.: Neural network ensembles. IEEE Trans. Pattern Anal. Mach. Intell. 12(10), 993–1001 (2004)
Zhao, Z., Morstatter, F., Sharma, S., Alelyani, S., Anand, A., Liu, H.: Advancing feature selection research. In: ASU Feature Selection Repository, pp. 1–28 (2010)
Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990)
Woźniak, M., Gran̋a, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Elsevier Science Publishers B. V (2014)
Takemura, A., Shimizu, A., Hamamoto, K.: Discrimination of breast tumors in ultrasonic images using an ensemble classifier based on the adaboost algorithm with feature selection. IEEE Trans. Med. Imaging 29(3), 598–609 (2010)
Partalas, I., Tsoumakas, G., Hatzikos, E.V., Vlahavas, I.: Greedy regression ensemble selection: theory and an application to water quality prediction. Inf. Sci. 178(20), 3867–3879 (2008)
Korfiatis, V.C., Tassani, S., Matsopoulos, G.K.: A new ensemble classification system for fracture zone prediction using imbalanced micro-CT bone morphometrical data. IEEE J. Biomed. Health Inform. 22(4), 1189–1196 (2017)
Bin, W., Lin, L., Xing, W., Megahed, F.M., Waldyn, M.: Predicting short-term stock prices using ensemble methods and online data sources. Expert Syst. Appl. 112(2), 258–273 (2018)
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114–132 (2007)
Borji, A.: Combining heterogeneous classifiers for network intrusion detection. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 254–260. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76929-3_24
Hu, W., Hu, W., Maybank, S.: Adaboost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B Cybern. 38(2), 577–583 (2008)
Panda, M., Patra, M.R.: Ensemble of classifiers for detecting network intrusion. In: International Conference on Advances in Computing. ACM (2009)
Hu, W., Gao, J., Wang, Y., Wu, O., Maybank, S.: Online adaboost-based parameterized methods for dynamic distributed network intrusion detection. IEEE Trans. Cybern. 44(1), 66–82 (2014)
Amini, M., Rezaeenour, J., Hadavandi, H.: A neural network ensemble classifier for effective intrusion detection using fuzzy clustering and radial basis function networks. Int. J. Artif. Intell. Tools 25(2), 1550033 (2016)
Mehdi, M., Khalid, E.Y., Seddik, B.: Mining network traffics for intrusion detection based on bagging ensemble multilayer perceptron with genetic algorithm optimization. Int. J. Comput. Sci. Netw. Secur. 18(5), 59–66 (2018)
Teng, S., Du, H., Wu, N., Zhang, W., Su, J.: A cooperative network intrusion detection based on fuzzy SVMs. J. Netw. 5(4), 475–483 (2010)
Teng, S., Wu, N., Zhu, H., et al.: SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA J. Autom. Sinica 5(1), 108–118 (2018)
Fadi, S., Ali, B.N., Aleksander, E.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019)
Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)
Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57(4), 602–623 (2014)
Xiang, C., Yong, P.C., Meng, L.S.: Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recogn. Lett. 29(7), 918–924 (2008)
Xiang, C., Chong, M.Y., Zhu, H.L.: Design of mnitiple-level tree classifiers for intrusion detection system. In: IEEE Conference on Cybernetics & Intelligent Systems (2004)
Lu, H., Xu, J.: Three-level hybrid intrusion detection system. In: International Conference on Information Engineering & Computer Science (2009)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE International Conference on Computational Intelligence for Security & Defense Applications (2009)
Chauhan, H., Kumar, V., Pundir, S., Pilli, E.S.: A comparative study of classification techniques for intrusion detection. In: International Symposium on Computational & Business Intelligence. IEEE Computer Society (2013)
Aziz, A.A.S., Hanafi, E.O., Hassanien, A.E.: Comparison of classification techniques applied for network intrusion detection and classification. J. Appl. Log. 24(A), 109–118 (2016)
Ahmad, L., Basheri, M.J., Raheem, A.: Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection. IEEE Access 6, 33789–33795 (2018)
Hamed, H.P., GholamHossein, D., Sattar, H.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Tama, B.A., Patil, A.S., Rhee, K.H.: An improved model of anomaly detection using two-level classifier ensemble. In: Asia Joint Conference on Information Security. IEEE Computer Society (2017)
Acknowledgement
This research is supported in part by the National Natural Science Foundation of China (Grant No. 61772141, 61702110, 61603100), Guangdong Provincial Science & Technology Project (Grant No. 2016B010108007), Guangdong Education Department Project (Grant No. [2018] 179, [2018] 1), and Guangzhou City Science & Technology Project (Grant No. 201604046017, 201604020145, 201802030011, 201802010042, 201802010026, 201903010107).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lu, L., Teng, S., Zhang, W., Zhang, Z., Fei, L., Fang, X. (2019). Two-Layer Intrusion Detection Model Based on Ensemble Classifier. In: Sun, Y., Lu, T., Yu, Z., Fan, H., Gao, L. (eds) Computer Supported Cooperative Work and Social Computing. ChineseCSCW 2019. Communications in Computer and Information Science, vol 1042. Springer, Singapore. https://doi.org/10.1007/978-981-15-1377-0_8
Download citation
DOI: https://doi.org/10.1007/978-981-15-1377-0_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1376-3
Online ISBN: 978-981-15-1377-0
eBook Packages: Computer ScienceComputer Science (R0)