Skip to main content
SpringerLink
Log in

Two-Layer Intrusion Detection Model Based on Ensemble Classifier

  • Conference paper
  • First Online:
Book cover Computer Supported Cooperative Work and Social Computing (ChineseCSCW 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1042))

Abstract

Ensemble classifier can not only improve the accuracy of learning system but also significantly improve its generalization ability by utilizing different deviations of each classifier. Although different classifier ensemble methods are proposed in intrusion field, they are more or less defective and still need further improvement. Aiming at realizing a strong generalization intrusion detection model with high detection rate (DR) and low false positive rate (FPR), a two-layer intrusion detection model based on ensemble classifier (TLMCE) is proposed in this paper. R2L and U2R are classified using JRip classifier in the first layer, and the ensemble classifier is used to classify Normal, DoS, and Probe in the second layer. The stacking optimization strategy is applied to the ensemble classifier using J48, JRip, RandomForest (RF), BayesNet, and SimpleCart as the base classifier. In addition, a modified sequential forward selection method is proposed to select appropriate feature subsets for TLMCE. The experimental results on the NSL-KDD dataset demonstrate that the TLMCE has better performance than some existing ensemble models. It achieved an overall accuracy rate of \(89.1\%\) and a FPR of \(3.1\%\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)

    Google Scholar 

  2. Lee, J.H., Lee, J.H., Sohn, S.G., Ryu, J.H.: Effective value of decision tree with KDD 99 intrusion detection datasets for intrusion detection system. In: International Conference on Advanced Communication Technology. IEEE (2008)

    Google Scholar 

  3. Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), Nicosia, Cyprus, pp. 14–17 (2004)

    Google Scholar 

  4. Yingjie, T., Mahboubeh, M., Hosseini, B.S.M., Huadong, W., Qiang, Q.: Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems. Neurocomputing 310(1), 223–235 (2018)

    Google Scholar 

  5. Zhang, Z., Li, J., et al.: A hierarchical anomaly network intrusion detection system using neural network classification. In: CD-ROM Proceedings of 2001 WSES International Conference on: Neural Networks and Applications (2001)

    Google Scholar 

  6. Dietterich, T.G.: Machine learning research: four current directions ai magazine. Ai Mag. 18(4), 97–136 (1997)

    Google Scholar 

  7. Yang, J., Zeng, X., Zhong, S., Wu, S.: Effective neural network ensemble approach for improving generalization performance. IEEE Trans. Neural Netw. Learn. Syst. 24(6), 878–887 (2013)

    Google Scholar 

  8. Aburomman, A.A., Reaz, M.B.I.: A novel SVM-KNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38(C), 360–372 (2016)

    Google Scholar 

  9. Folino, G., Sabatino, P.: Ensemble based collaborative and distributed intrusion detection systems: a survey. J. Netw. Comput. Appl. 66, 1–16 (2016)

    Google Scholar 

  10. De Jongh, A.: Neural network ensembles. IEEE Trans. Pattern Anal. Mach. Intell. 12(10), 993–1001 (2004)

    Google Scholar 

  11. Zhao, Z., Morstatter, F., Sharma, S., Alelyani, S., Anand, A., Liu, H.: Advancing feature selection research. In: ASU Feature Selection Repository, pp. 1–28 (2010)

    Google Scholar 

  12. Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990)

    Google Scholar 

  13. Woźniak, M., Gran̋a, M., Corchado, E.: A survey of multiple classifier systems as hybrid systems. Elsevier Science Publishers B. V (2014)

    Google Scholar 

  14. Takemura, A., Shimizu, A., Hamamoto, K.: Discrimination of breast tumors in ultrasonic images using an ensemble classifier based on the adaboost algorithm with feature selection. IEEE Trans. Med. Imaging 29(3), 598–609 (2010)

    Google Scholar 

  15. Partalas, I., Tsoumakas, G., Hatzikos, E.V., Vlahavas, I.: Greedy regression ensemble selection: theory and an application to water quality prediction. Inf. Sci. 178(20), 3867–3879 (2008)

    Google Scholar 

  16. Korfiatis, V.C., Tassani, S., Matsopoulos, G.K.: A new ensemble classification system for fracture zone prediction using imbalanced micro-CT bone morphometrical data. IEEE J. Biomed. Health Inform. 22(4), 1189–1196 (2017)

    Google Scholar 

  17. Bin, W., Lin, L., Xing, W., Megahed, F.M., Waldyn, M.: Predicting short-term stock prices using ensemble methods and online data sources. Expert Syst. Appl. 112(2), 258–273 (2018)

    Google Scholar 

  18. Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114–132 (2007)

    Google Scholar 

  19. Borji, A.: Combining heterogeneous classifiers for network intrusion detection. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 254–260. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76929-3_24

    Chapter  Google Scholar 

  20. Hu, W., Hu, W., Maybank, S.: Adaboost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B Cybern. 38(2), 577–583 (2008)

    Google Scholar 

  21. Panda, M., Patra, M.R.: Ensemble of classifiers for detecting network intrusion. In: International Conference on Advances in Computing. ACM (2009)

    Google Scholar 

  22. Hu, W., Gao, J., Wang, Y., Wu, O., Maybank, S.: Online adaboost-based parameterized methods for dynamic distributed network intrusion detection. IEEE Trans. Cybern. 44(1), 66–82 (2014)

    Google Scholar 

  23. Amini, M., Rezaeenour, J., Hadavandi, H.: A neural network ensemble classifier for effective intrusion detection using fuzzy clustering and radial basis function networks. Int. J. Artif. Intell. Tools 25(2), 1550033 (2016)

    Google Scholar 

  24. Mehdi, M., Khalid, E.Y., Seddik, B.: Mining network traffics for intrusion detection based on bagging ensemble multilayer perceptron with genetic algorithm optimization. Int. J. Comput. Sci. Netw. Secur. 18(5), 59–66 (2018)

    Google Scholar 

  25. Teng, S., Du, H., Wu, N., Zhang, W., Su, J.: A cooperative network intrusion detection based on fuzzy SVMs. J. Netw. 5(4), 475–483 (2010)

    Google Scholar 

  26. Teng, S., Wu, N., Zhu, H., et al.: SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA J. Autom. Sinica 5(1), 108–118 (2018)

    Google Scholar 

  27. Fadi, S., Ali, B.N., Aleksander, E.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019)

    Google Scholar 

  28. Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)

    Google Scholar 

  29. Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57(4), 602–623 (2014)

    Google Scholar 

  30. Xiang, C., Yong, P.C., Meng, L.S.: Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recogn. Lett. 29(7), 918–924 (2008)

    Google Scholar 

  31. Xiang, C., Chong, M.Y., Zhu, H.L.: Design of mnitiple-level tree classifiers for intrusion detection system. In: IEEE Conference on Cybernetics & Intelligent Systems (2004)

    Google Scholar 

  32. Lu, H., Xu, J.: Three-level hybrid intrusion detection system. In: International Conference on Information Engineering & Computer Science (2009)

    Google Scholar 

  33. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE International Conference on Computational Intelligence for Security & Defense Applications (2009)

    Google Scholar 

  34. Chauhan, H., Kumar, V., Pundir, S., Pilli, E.S.: A comparative study of classification techniques for intrusion detection. In: International Symposium on Computational & Business Intelligence. IEEE Computer Society (2013)

    Google Scholar 

  35. Aziz, A.A.S., Hanafi, E.O., Hassanien, A.E.: Comparison of classification techniques applied for network intrusion detection and classification. J. Appl. Log. 24(A), 109–118 (2016)

    MathSciNet  MATH  Google Scholar 

  36. Ahmad, L., Basheri, M.J., Raheem, A.: Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection. IEEE Access 6, 33789–33795 (2018)

    Google Scholar 

  37. Hamed, H.P., GholamHossein, D., Sattar, H.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)

    Google Scholar 

  38. Tama, B.A., Patil, A.S., Rhee, K.H.: An improved model of anomaly detection using two-level classifier ensemble. In: Asia Joint Conference on Information Security. IEEE Computer Society (2017)

    Google Scholar 

Download references

Acknowledgement

This research is supported in part by the National Natural Science Foundation of China (Grant No. 61772141, 61702110, 61603100), Guangdong Provincial Science & Technology Project (Grant No. 2016B010108007), Guangdong Education Department Project (Grant No. [2018] 179, [2018] 1), and Guangzhou City Science & Technology Project (Grant No. 201604046017, 201604020145, 201802030011, 201802010042, 201802010026, 201903010107).

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China

    Limin Lu, Shaohua Teng, Wei Zhang, Zhenhua Zhang, Lunke Fei & Xiaozhao Fang

Authors
  1. Limin Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaohua Teng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhenhua Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Lunke Fei
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiaozhao Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaohua Teng .

Editor information

Editors and Affiliations

  1. Shandong University, Jinan, China

    Yuqing Sun

  2. Fudan University, Shanghai, China

    Tun Lu

  3. Kunming University of Science and Technology, Kunming, China

    Zhengtao Yu

  4. Tongji University, Shanghai, China

    Hongfei Fan

  5. University of Shanghai for Science and Technology, Shanghai, China

    Liping Gao

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lu, L., Teng, S., Zhang, W., Zhang, Z., Fei, L., Fang, X. (2019). Two-Layer Intrusion Detection Model Based on Ensemble Classifier. In: Sun, Y., Lu, T., Yu, Z., Fan, H., Gao, L. (eds) Computer Supported Cooperative Work and Social Computing. ChineseCSCW 2019. Communications in Computer and Information Science, vol 1042. Springer, Singapore. https://doi.org/10.1007/978-981-15-1377-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1377-0_8

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1376-3

  • Online ISBN: 978-981-15-1377-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation