Self-healing hybrid intrusion detection system: An ensemble machine learning approach

Sauharda Kushal, Bharanidharan Shanmugam, Jawahar Sundaram, Suresh Thennadil

Research output: Contribution to journalArticlepeer-review

26 Downloads (Pure)

Abstract

The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal and attack categories. Next, an anomaly-based intrusion detection was built based on the LSTM (Long-Short Term Memory) algorithm to detect anomalies. These anomalies are then fed into the signature generator to extract attributes. These attributes get uploaded into the C5 training set, aiding the ensemble model in continual learning with expanding signatures of unknown attacks. By generating signatures of unknown attacks, the self-healing attribute of the ensemble model contributes to the early detection of attacks. For the C5 classifier, the proposed model is evaluated on the UNSW-NB15 dataset, while for the LSTM model, it is evaluated on the ADFA-LD dataset. Compared to conventional models, the experimental results show better detection rates for both known and unknown attacks. The C5 classifier achieved a True Positive Rate of 97% while maintaining a false positive rate of 8%. Also, the LSTM model achieved a detection rate of 90% while retaining a 17% False Alarm Rate. As the proposed model learns, its performance in real network traffic also improves and it also eliminates human intervention when updating training data.

Original languageEnglish
Article number28
Pages (from-to)1-20
Number of pages20
JournalDiscover Artificial Intelligence
Volume4
Issue number1
DOIs
Publication statusPublished - Dec 2024

Fingerprint

Dive into the research topics of 'Self-healing hybrid intrusion detection system: An ensemble machine learning approach'. Together they form a unique fingerprint.

Cite this