A proposed method for detecting network intrusion using an ensemble learning (stacking -voting) approach with unbalanced data

Authors

  • Anouar Bachar Laboratory of Science and Technology for the Engineer, LaSTI-ENSA, Sultan Moulay Slimane University, Khouribga 25000, Morocco Author
  • Omar EL Bannay Laboratory of Science and Technology for the Engineer, LaSTI-ENSA, Sultan Moulay Slimane University, Khouribga 25000, Morocco Author

DOI:

https://doi.org/10.56294/dm2024297

Keywords:

Binary Classification IDS, Machine learning, Ensemble Learning, Stacking model, Voting model, UNSW-NB15

Abstract

The use of computer networks has become necessary in most human activities. However, these networks are exposed to potential threats affecting the confidentiality, integrity, and availability of data. Nowadays, the security of computer networks is based on tools and software such as antivirus software. Among the techniques used for machine protection, firewalls, data encryption, etc., were mentioned. These techniques constitute the first phase of computer network security. However, they remain limited and do not allow for full network protection. In this paper, a Network Intrusion Detection System (NIDS) was proposed for binary classification. This model was based on ensemble learning techniques, where the base models were carefully selected in a first layer. Several machine learning algorithms were individually studied to choose the best ones based on multiple metrics, including calculation speed. The SMOTE technique was used to balance the data, and cross-validation was employed to mitigate overfitting issues. Regarding the approaches used in this research, a stacking and voting model was employed, trained, and tested on a UNSW-NB15 dataset. The stacking classifier achieved a higher accuracy of 96 %, while the voting approach attained 95,6 %

References

1. Maglaras LA, Kim KH, Janicke H, Ferrag MA, Rallis S, Fragkou P, et al. Cyber security of critical infrastructures. Vol. 4, ICT Express. Korean Institute of Communication Sciences; 2018. p. 42–5.

2. Choo KKR. The cyber threat landscape: Challenges and future research directions. Comput Secur. 2011 Nov;30(8):719–31.

3. Guo Y. A review of Machine Learning-based zero-day attack detection: Challenges and future directions. Vol. 198, Computer Communications. Elsevier B.V.; 2023. p. 175–85.

4. NTT DATA. Global Threat Intelligence Report. 2023.

5. Natesan P. Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection. International Journal of Network Security & Its Applications. 2012 May 31;4(3):121–35.

6. Depren O, Topallar M, Anarim E, Ciliz MK. An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl. 2005 Nov;29(4):713–22.

7. (Communications in Computer and Information Science 259) Ju-Sung Kang, Dowon Hong (auth.), Tai-hoon Kim, Hojjat Adeli, Wai-chi Fang, Javier García Villalba, Kirk P. Arnett, Muhammad Khurram Khan (eds.

8. Divyatmika, Manasa S. A Two-tier Network based Intrusion Detection System Architecture using Machine Learning Approach. In: International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT). 2016. p. 42–7.

9. Bachar A, El Makhfi N, EL Bannay O. Machine learning for network intrusion detection based on SVM binary classification model. Advances in Science, Technology and Engineering Systems. 2020;5(4).

10. Shen Y, Zheng K, Wu C, Zhang M, Niu X, Yang Y. An Ensemble Method based on Selection Using Bat Algorithm for Intrusion Detection. Computer Journal. 2018 Apr 1;61(4):526–38.

11. Gao X, Shan C, Hu C, Niu Z, Liu Z. An Adaptive Ensemble Machine Learning Model for Intrusion Detection. IEEE Access. 2019;7:82512–21.

12. Hsu YF, He ZY, Tarutani Y, Matsuoka M. Toward an online network intrusion detection system based on ensemble learning. In: IEEE International Conference on Cloud Computing, CLOUD. IEEE Computer Society; 2019. p. 174–8.

13. UÇAR M, UÇAR E, İNCETAŞ MO. A Stacking Ensemble Learning Approach for Intrusion Detection System. Düzce Üniversitesi Bilim ve Teknoloji Dergisi. 2021 Jul 31;9(4):1329–41.

14. Das S, Saha S, Priyoti AT, Roy EK, Sheldon FT, Haque A, et al. Network Intrusion Detection and Comparative Analysis Using Ensemble Machine Learning and Feature Selection. IEEE Transactions on Network and Service Management. 2022 Dec 1;19(4):4821–33.

15. Thockchom N, Singh MM, Nandi U. A novel ensemble learning-based model for network intrusion detection. Complex and Intelligent Systems. 2023 Oct 1;9(5):5693–714.

16. Tama BA, Comuzzi M, Rhee KH. TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System. IEEE Access. 2019;7:94497–507.

17. V.J. Immanuel Jeo Sherin, Dr.N. Radhika. Stacked Ensemble-IDS Using NSL-KDD Dataset. J Pharm Negat Results. 2022 Jan 1;13(SO3).

18. DARPA98 Dataset. Available on: https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. DARPA 98.

19. KDDCUP99. Available on: https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. 1999. KDD99.

20. Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In: Proc IEEE Symp Comput Intell Secur Defense Appl. 2009. p. 1–6.

21. NSL-KDD(2009) NSL-KDD | Datasets | Research | Canadian Insti tute for Cybersecurity | UNB, https://www.unb.ca/cic/datasets/nsl.html.

22. Moustafa N, Slay J. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal. 2016 Apr 4;25(1–3):18–31.

23. Moustafa N, Slay J. The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems. In Institute of Electrical and Electronics Engineers (IEEE); 2017. p. 25–31.

24. UNSW-NB15. Available on: https://research.unsw.edu.au/projects/unsw-nb15-dataset [Internet]. 2015. UNSW-NB15.

25. Kohavi R. A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection [Internet]. Available from: http//roboticsStanfordedu/"ronnyk

26. Bijone M. A Survey on Secure Network: Intrusion Detection & Prevention Approaches. American Journal of Information Systems [Internet]. 2016;4(3):69–88. Available from: http://pubs.sciepub.com/ajis/4/3/2

27. Kabiri P, Ghorbani AA. Research on Intrusion Detection and Response: A Survey [Internet]. Vol. 1, International Journal of Network Security. 2005. Available from: http://isrc.nchu.edu.tw/ijns/

28. Buczak AL, Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys and Tutorials. 2016 Apr 1;18(2):1153–76.

29. Mischiatti M, Neri F. Applying Local Search and Genetic Evolution in Concept Learning Systems to Detect Intrusion in Computer Networks.

30. Moustafa N, Slay J. UNSW-NB15: A Comprehensive Data set for Network Intrusion Detection systems (UNSW-NB15 Network Data Set) [Internet]. Available from: https://cve.mitre.org/

31. Chawla N V, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: Synthetic Minority Over-sampling Technique. Vol. 16, Journal of Artificial Intelligence Research. 2002.

32. Prasad R, Rohokale V. Springer Series in Wireless Technology [Internet]. Available from: http://www.springer.com/series/14020

33. Laskov P, Düssel P, Schäfer C, Rieck K. Learning intrusion detection: Supervised or unsupervised? In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. p. 50–7.

34. Ting KM, Witten IH. Issues in Stacked Generalization. Vol. 10, Journal of Artiicial Intelligence Research. 1999.

35. Cawley GC, Talbot NLC. On Over-fitting in Model Selection and Subsequent Selection Bias in Performance Evaluation. Vol. 11, Journal of Machine Learning Research. 2010.

36. Deng X, Liu Q, Deng Y, Mahadevan S. An improved method to construct basic probability assignment based on the confusion matrix for classification problem. Inf Sci (N Y). 2016 May 1;340–341:250–61.

Downloads

Published

2024-01-01

Issue

Section

Original

How to Cite

1.
Anouar Bachar AB, Omar EL Bannay OEB. A proposed method for detecting network intrusion using an ensemble learning (stacking -voting) approach with unbalanced data. Data and Metadata [Internet]. 2024 Jan. 1 [cited 2024 Dec. 21];3:297. Available from: https://dm.ageditor.ar/index.php/dm/article/view/306