Abstract
A massive amount of work has been carried out in the field of Intrusion Detection Systems (IDS). Predictive models are used to identify various attacks on the network traffic. Several machine learning approaches have been used to prevent malware attacks or network intrusions. However, single classifiers have several limitations which cause low performance in the classification between normal traffic and attacks. In other words, they are not strong enough to be used in practical settings. This is the reason why researchers seek to find more robust and high-performing models. Examples of these stronger models are ensemble models which are able to take advantage of the characteristics of different base models combining them. The main goal of using ensemble classifiers is to achieve higher performance.
In this paper, we propose two novel ensemble solutions for a network intrusion problem. We use pairs of strong and weak learners based on five different classifiers and combine them using weights derived through a Particle Swarm Optimization algorithm. We propose a voting and a stacking scheme to obtain the final predictions. We show the overwhelming advantage of using our proposed stacking solution in the context of an intrusion detection problem for multiple performance assessment metrics including F1-Score, AUCROC and G-Mean, a rare outcome in this type of problems. Another interesting outcome of this work concerns the finding that the majority voting scheme is not competitive in the studied scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aburomman, A.A., Reaz, M.B.I.: A novel SVM-KNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38, 360–372 (2016)
Bamhdi, A.M., Abrar, I., Masoodi, F.: An ensemble based approach for effective intrusion detection using majority voting. Telkomnika 19(2), 664–671 (2021)
Bhati, B.S., Rai, C.S.: Ensemble based approach for intrusion detection using extra tree classifier. In: Solanki, V.K., Hoang, M.K., Lu, Z.J., Pattnaik, P.K. (eds.) Intelligent Computing in Engineering. AISC, vol. 1125, pp. 213–220. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2780-7_25
Branco, P.: Exploring the impact of resampling methods for malware detection. In: 2020 IEEE International Conference on Big Data (Big Data), pp. 3961–3968. IEEE (2020)
Branco, P., Torgo, L., Ribeiro, R.P.: A survey of predictive modeling on imbalanced domains. ACM Comput. Surv. (CSUR) 49(2), 1–50 (2016)
Dietterich, T.G.: Machine-learning research. AI Mag. 18(4), 97–97 (1997)
Folino, G., Pisani, F.S.: Evolving meta-ensemble of classifiers for handling incomplete and unbalanced datasets in the cyber security domain. Appl. Soft Comput. 47, 179–190 (2016)
Gaudreault, J.-G., Branco, P., Gama, J.: An analysis of performance metrics for imbalanced classification. In: Soares, C., Torgo, L. (eds.) DS 2021. LNCS (LNAI), vol. 12986, pp. 67–77. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88942-5_6
Kennedy, J., Eberhart, R.: Particle swarm optimization. In: Proceedings of ICNN 1995-International Conference on Neural Networks, vol. 4, pp. 1942–1948. IEEE (1995)
Leevy, J.L., Hancock, J., Zuech, R., Khoshgoftaar, T.M.: Detecting cybersecurity attacks using different network features with LightGBM and XGBoost learners. In: 2020 IEEE Second International Conference on Cognitive Machine Intelligence (CogMI), pp. 190–197. IEEE (2020)
Pham, N.T., Foo, E., Suriadi, S., Jeffrey, H., Lahza, H.F.M.: Improving performance of intrusion detection system using ensemble methods and feature selection. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–6. ACM, Brisband Queensland Australia, January 2018. https://doi.org/10.1145/3167918.3167951
Sagi, O., Rokach, L.: Ensemble learning: a survey. WIREs Data Mining Knowl. Discov. 8(4), e1249 (2018). https://doi.org/10.1002/widm.1249
Schapire, R.E.: The boosting approach to machine learning: an overview. In: Bickel, P., et al. (eds.) Nonlinear Estimation and Classification. Lecture Notes in Statistics, vol. 171, pp. 149–171. Springer, New York (2003). https://doi.org/10.1007/978-0-387-21579-2_9
Seth, S., Chahal, K.K., Singh, G.: A novel ensemble framework for an intelligent intrusion detection system. IEEE Access 9, 138451–138467 (2021). https://doi.org/10.1109/ACCESS.2021.3116219
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)
Wolpert, D.H.: Stacked generalization. Neural Netw. 5(2), 241–259 (1992)
Dong, Y.-S., Han, K.-S.: A comparison of several ensemble methods for text categorization. In: IEEE International Conference on Services Computing, 2004, (SCC 2004), Proceedings, pp. 419–422. IEEE, Shanghai, China (2004). https://doi.org/10.1109/SCC.2004.1358033
Yousefnezhad, M., Hamidzadeh, J., Aliannejadi, M.: Ensemble classification for intrusion detection via feature extraction based on deep Learning. Soft. Comput. 25(20), 12667–12683 (2021). https://doi.org/10.1007/s00500-021-06067-8
Zainal, A., Maarof, M.A., Shamsuddin, S.M., et al.: Ensemble classifiers for network intrusion detection system. J. Inf. Assur. Secur. 4(3), 217–225 (2009)
Zhou, Y., Mazzuchi, T.A., Sarkani, S.: M-AdaBoost-A based ensemble system for network intrusion detection. Expert Syst. Appl. 162, 113864 (2020). https://doi.org/10.1016/j.eswa.2020.113864
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yazdizadeh, T., Hassani, S., Branco, P. (2023). Intrusion Detection Using Ensemble Models. In: Koprinska, I., et al. Machine Learning and Principles and Practice of Knowledge Discovery in Databases. ECML PKDD 2022. Communications in Computer and Information Science, vol 1753. Springer, Cham. https://doi.org/10.1007/978-3-031-23633-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-23633-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23632-7
Online ISBN: 978-3-031-23633-4
eBook Packages: Computer ScienceComputer Science (R0)