Skip to main content
SpringerLink
Log in

Intrusion Detection Using Ensemble Models

  • Conference paper
  • First Online:
Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1753))

Abstract

A massive amount of work has been carried out in the field of Intrusion Detection Systems (IDS). Predictive models are used to identify various attacks on the network traffic. Several machine learning approaches have been used to prevent malware attacks or network intrusions. However, single classifiers have several limitations which cause low performance in the classification between normal traffic and attacks. In other words, they are not strong enough to be used in practical settings. This is the reason why researchers seek to find more robust and high-performing models. Examples of these stronger models are ensemble models which are able to take advantage of the characteristics of different base models combining them. The main goal of using ensemble classifiers is to achieve higher performance.

In this paper, we propose two novel ensemble solutions for a network intrusion problem. We use pairs of strong and weak learners based on five different classifiers and combine them using weights derived through a Particle Swarm Optimization algorithm. We propose a voting and a stacking scheme to obtain the final predictions. We show the overwhelming advantage of using our proposed stacking solution in the context of an intrusion detection problem for multiple performance assessment metrics including F1-Score, AUCROC and G-Mean, a rare outcome in this type of problems. Another interesting outcome of this work concerns the finding that the majority voting scheme is not competitive in the studied scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aburomman, A.A., Reaz, M.B.I.: A novel SVM-KNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38, 360–372 (2016)

    Article  Google Scholar 

  2. Bamhdi, A.M., Abrar, I., Masoodi, F.: An ensemble based approach for effective intrusion detection using majority voting. Telkomnika 19(2), 664–671 (2021)

    Article  Google Scholar 

  3. Bhati, B.S., Rai, C.S.: Ensemble based approach for intrusion detection using extra tree classifier. In: Solanki, V.K., Hoang, M.K., Lu, Z.J., Pattnaik, P.K. (eds.) Intelligent Computing in Engineering. AISC, vol. 1125, pp. 213–220. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2780-7_25

    Chapter  Google Scholar 

  4. Branco, P.: Exploring the impact of resampling methods for malware detection. In: 2020 IEEE International Conference on Big Data (Big Data), pp. 3961–3968. IEEE (2020)

    Google Scholar 

  5. Branco, P., Torgo, L., Ribeiro, R.P.: A survey of predictive modeling on imbalanced domains. ACM Comput. Surv. (CSUR) 49(2), 1–50 (2016)

    Article  Google Scholar 

  6. Dietterich, T.G.: Machine-learning research. AI Mag. 18(4), 97–97 (1997)

    Google Scholar 

  7. Folino, G., Pisani, F.S.: Evolving meta-ensemble of classifiers for handling incomplete and unbalanced datasets in the cyber security domain. Appl. Soft Comput. 47, 179–190 (2016)

    Article  Google Scholar 

  8. Gaudreault, J.-G., Branco, P., Gama, J.: An analysis of performance metrics for imbalanced classification. In: Soares, C., Torgo, L. (eds.) DS 2021. LNCS (LNAI), vol. 12986, pp. 67–77. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88942-5_6

    Chapter  Google Scholar 

  9. Kennedy, J., Eberhart, R.: Particle swarm optimization. In: Proceedings of ICNN 1995-International Conference on Neural Networks, vol. 4, pp. 1942–1948. IEEE (1995)

    Google Scholar 

  10. Leevy, J.L., Hancock, J., Zuech, R., Khoshgoftaar, T.M.: Detecting cybersecurity attacks using different network features with LightGBM and XGBoost learners. In: 2020 IEEE Second International Conference on Cognitive Machine Intelligence (CogMI), pp. 190–197. IEEE (2020)

    Google Scholar 

  11. Pham, N.T., Foo, E., Suriadi, S., Jeffrey, H., Lahza, H.F.M.: Improving performance of intrusion detection system using ensemble methods and feature selection. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–6. ACM, Brisband Queensland Australia, January 2018. https://doi.org/10.1145/3167918.3167951

  12. Sagi, O., Rokach, L.: Ensemble learning: a survey. WIREs Data Mining Knowl. Discov. 8(4), e1249 (2018). https://doi.org/10.1002/widm.1249

    Article  Google Scholar 

  13. Schapire, R.E.: The boosting approach to machine learning: an overview. In: Bickel, P., et al. (eds.) Nonlinear Estimation and Classification. Lecture Notes in Statistics, vol. 171, pp. 149–171. Springer, New York (2003). https://doi.org/10.1007/978-0-387-21579-2_9

  14. Seth, S., Chahal, K.K., Singh, G.: A novel ensemble framework for an intelligent intrusion detection system. IEEE Access 9, 138451–138467 (2021). https://doi.org/10.1109/ACCESS.2021.3116219

    Article  Google Scholar 

  15. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  16. Wolpert, D.H.: Stacked generalization. Neural Netw. 5(2), 241–259 (1992)

    Article  Google Scholar 

  17. Dong, Y.-S., Han, K.-S.: A comparison of several ensemble methods for text categorization. In: IEEE International Conference on Services Computing, 2004, (SCC 2004), Proceedings, pp. 419–422. IEEE, Shanghai, China (2004). https://doi.org/10.1109/SCC.2004.1358033

  18. Yousefnezhad, M., Hamidzadeh, J., Aliannejadi, M.: Ensemble classification for intrusion detection via feature extraction based on deep Learning. Soft. Comput. 25(20), 12667–12683 (2021). https://doi.org/10.1007/s00500-021-06067-8

    Article  Google Scholar 

  19. Zainal, A., Maarof, M.A., Shamsuddin, S.M., et al.: Ensemble classifiers for network intrusion detection system. J. Inf. Assur. Secur. 4(3), 217–225 (2009)

    Google Scholar 

  20. Zhou, Y., Mazzuchi, T.A., Sarkani, S.: M-AdaBoost-A based ensemble system for network intrusion detection. Expert Syst. Appl. 162, 113864 (2020). https://doi.org/10.1016/j.eswa.2020.113864

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carleton University, Ottawa, ON, Canada

    Tina Yazdizadeh

  2. EECS, University of Ottawa, Ottawa, ON, Canada

    Shabnam Hassani & Paula Branco

Authors
  1. Tina Yazdizadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shabnam Hassani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paula Branco
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paula Branco .

Editor information

Editors and Affiliations

  1. University of Sydney, Sydney, Australia

    Irena Koprinska

  2. University of Bari Aldo Moro, Bari, Italy

    Paolo Mignone

  3. University of Pisa, Pisa, Italy

    Riccardo Guidotti

  4. Warsaw University of Technology, Warsaw, Poland

    Szymon Jaroszewicz

  5. Heidelberg University, Heidelberg, Germany

    Holger Fröning

  6. UniCredit, Rome, Italy

    Francesco Gullo

  7. University of Lisbon, Lisbon, Portugal

    Pedro M. Ferreira

  8. Roche, Basel, Switzerland

    Damian Roqueiro

  9. Barcelona Supercomputing Center, Barcelona, Spain

    Gaia Ceddia

  10. Halmstad University, Halmstad, Sweden

    Slawomir Nowaczyk

  11. University of Porto, Porto, Portugal

    João Gama

  12. University of Porto, Porto, Portugal

    Rita Ribeiro

  13. UPC BarcelonaTech, Barcelona, Spain

    Ricard Gavaldà

  14. University of Naples Federico II, Naples, Italy

    Elio Masciari

  15. University of North Carolina, Charlotte, USA

    Zbigniew Ras

  16. ICAR-CNR, Rende, Italy

    Ettore Ritacco

  17. University of Pisa, Pisa, Italy

    Francesca Naretto

  18. Aalen University of Applied Sciences, Aalen, Germany

    Andreas Theissler

  19. Warsaw University of Technology, Warszaw, Poland

    Przemyslaw Biecek

  20. KU Leuven, Leuven, Belgium

    Wouter Verbeke

  21. University of Duisburg-Essen, Essen, Germany

    Gregor Schiele

  22. Graz University of Technology, Graz, Austria

    Franz Pernkopf

  23. AMD, Dublin, Ireland

    Michaela Blott

  24. UniCredit, Rome, Italy

    Ilaria Bordino

  25. UniCredit, Milan, Italy

    Ivan Luciano Danesi

  26. National Agency for New Technologies, Rome, Italy

    Giovanni Ponti

  27. Unicredit, Rome, Italy

    Lorenzo Severini

  28. University of Bari Aldo Moro, Bari, Italy

    Annalisa Appice

  29. University of Bari Aldo Moro, Bari, Italy

    Giuseppina Andresini

  30. University of Lisbon, Lisbon, Portugal

    Ibéria Medeiros

  31. University of Lisbon, Lisbon, Portugal

    Guilherme Graça

  32. Northwestern University, Chicago, USA

    Lee Cooper

  33. Roche, Basel, Switzerland

    Naghmeh Ghazaleh

  34. University of Lausanne, Lausanne, Switzerland

    Jonas Richiardi

  35. Novartis, Basel, Switzerland

    Diego Saldana

  36. Novartis, Basel, Switzerland

    Konstantinos Sechidis

  37. Fondazione IRCCS Ca’ Granda Ospedale Maggiore Policlinico, Milan, Italy

    Arif Canakoglu

  38. Politecnico di Milano, Milan, Italy

    Sara Pido

  39. Politecnico di Milano, Milan, Italy

    Pietro Pinoli

  40. University of Waikato, Hamilton, New Zealand

    Albert Bifet

  41. Halmstad University, Halmstad, Sweden

    Sepideh Pashami

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yazdizadeh, T., Hassani, S., Branco, P. (2023). Intrusion Detection Using Ensemble Models. In: Koprinska, I., et al. Machine Learning and Principles and Practice of Knowledge Discovery in Databases. ECML PKDD 2022. Communications in Computer and Information Science, vol 1753. Springer, Cham. https://doi.org/10.1007/978-3-031-23633-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-23633-4_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-23632-7

  • Online ISBN: 978-3-031-23633-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation