A Two-Stage Classifier Approach for Network Intrusion Detection

Zong, Wei; Chow, Yang-Wai; Susilo, Willy

doi:10.1007/978-3-319-99807-7_20

Cited by 27 publications

(30 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zong et al [28] proposed an IDS using a two-stage (TS) classifier model based on the RF classifier. The Information Gain (IG) method was used to select the attributes required for the binary classification process.…”

Section: Related Workmentioning

confidence: 99%

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

2020

View full text Add to dashboard Cite

Computer networks intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are critical aspects that contribute to the success of an organization. Over the past years, IDSs and IPSs using different approaches have been developed and implemented to ensure that computer networks within enterprises are secure, reliable and available. In this paper, we focus on IDSs that are built using machine learning (ML) techniques. IDSs based on ML methods are effective and accurate in detecting networks attacks. However, the performance of these systems decreases for high dimensional data spaces. Therefore, it is crucial to implement an appropriate feature extraction method that can prune some of the features that do not possess a great impact in the classification process. Moreover, many of the ML based IDSs suffer from an increase in false positive rate and a low detection accuracy when the models are trained on highly imbalanced datasets. In this paper, we present an analysis the UNSW-NB15 intrusion detection dataset that will be used for training and testing our models. Moreover, we apply a filter-based feature reduction technique using the XGBoost algorithm. We then implement the following ML approaches using the reduced feature space: Support Vector Machine (SVM), k-Nearest-Neighbour (kNN), Logistic Regression (LR), Artificial Neural Network (ANN) and Decision Tree (DT). In our experiments, we considered both the binary and multiclass classification configurations. The results demonstrated that the XGBoost-based feature selection method allows for methods such as the DT to increase its test accuracy from 88.13 to 90.85% for the binary classification scheme.

show abstract

Section: Related Workmentioning

confidence: 99%

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

2020

View full text Add to dashboard Cite

show abstract

“…A decision tree is used to evaluate the reduced feature set, obtaining 81.42% and 6.39% for accuracy and false alarm rate, respectively. A traditional ensemble approach, i.e., bagging (J48), and random forest for anomaly-based IDS are discussed in [25] and [51], respectively. Similar to [48], since the proposed classifiers are applied only on a single dataset (UNSW-NB15) the generalizability of the proposed methods is still debatable.…”

Section: Related Workmentioning

confidence: 99%

TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System

2019

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) play a pivotal role in computer security by discovering and repealing malicious activities in computer networks. Anomaly-based IDS, in particular, rely on classification models trained using historical data to discover such malicious activities. In this paper, an improved IDS based on hybrid feature selection and two-level classifier ensembles are proposed. A hybrid feature selection technique comprising three methods, i.e., particle swarm optimization, ant colony algorithm, and genetic algorithm, is utilized to reduce the feature size of the training datasets (NSL-KDD and UNSW-NB15 are considered in this paper). Features are selected based on the classification performance of a reduced error pruning tree (REPT) classifier. Then, a two-level classifier ensemble based on two meta learners, i.e., rotation forest and bagging, is proposed. On the NSL-KDD dataset, the proposed classifier shows 85.8% accuracy, 86.8% sensitivity, and 88.0% detection rate, which remarkably outperform other classification techniques recently proposed in the literature. The results regarding the UNSW-NB15 dataset also improve the ones achieved by several state-of-the-art techniques. Finally, to verify the results, a two-step statistical significance test is conducted. This is not usually considered by the IDS research thus far and, therefore, adds value to the experimental results achieved by the proposed classifier.INDEX TERMS Two-stage meta classifier, network anomaly detection, hybrid feature selection, intrusion detection system, statistical significance test.

show abstract

“…Their method was reported to achieve high network intrusion detection performance. In addition, a two-stage approach for network intrusion detention has also been proposed, where different machine learning models can be used in the different stages [18]. An advantage of this approach is that it can deal with the extremely imbalanced characteristics of network intrusion datasets.…”

Section: Related Workmentioning

confidence: 99%

“…The first step was to extract data from the original datasets. NSL KDD and UNSW-NB15 are known as imbalanced datasets, because they contain minor classes that only occupy a relatively small proportion of the dataset, whereas the remainder of the dataset consists of major classes [18]. For example, worm attacks in the UNSW-NB15 occupy < 1% of the dataset, similarly U2R attacks in the NSL KDD only represents a minor portion of the dataset.…”

Section: Proposed Approachmentioning

confidence: 99%

Dimensionality Reduction and Visualization of Network Intrusion Detection Data

Zong

Chow

Susilo

2019

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

Nowadays, network intrusion detection is researched extensively due to increasing global network threats. Many researchers propose to incorporate machine learning techniques in network intrusion detection systems since these techniques allow for automated intrusion detection with high accuracy. Furthermore, dimensionality reduction techniques can improve the performance of machine learning models, and as such, are widely used as a pre-processing step. Nevertheless, many researchers consider machine learning techniques as a black box because of its complex intrinsic mechanism. Visualization plays an important role in facilitating the understanding of such sophisticated techniques because visualization is able to offer intuitive meaning to the machine learning results. This research investigates the performance of two dimensionality reduction techniques on network intrusion detection datasets. In addition, this work also demonstrates visualizing the resulting data in 3-dimensional space. The purpose of this is to possibly gain insight into the results, which can potentially aid in the improvement of machine learning performance.

show abstract

A Two-Stage Classifier Approach for Network Intrusion Detection

Cited by 27 publications

References 16 publications

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System

Dimensionality Reduction and Visualization of Network Intrusion Detection Data

Contact Info

Product

Resources

About