The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Celestine Iwendi, Suleman Khan, Joseph Henry Anajemba, Mohit Mittal, Mamdouh Alenezi, Mamoun Alazab

    Research output: Contribution to journalArticlepeer-review

    55 Downloads (Pure)

    Abstract

    The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

    Original languageEnglish
    Pages (from-to)1-37
    Number of pages37
    JournalSensors (Basel, Switzerland)
    Volume20
    Issue number9
    DOIs
    Publication statusPublished - 30 Apr 2020

    Fingerprint

    Dive into the research topics of 'The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems'. Together they form a unique fingerprint.

    Cite this