TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System

Tama, Bayu Adhi; Comuzzi, Marco; Rhee, Kyung-Hyune

doi:10.1109/access.2019.2928048

Cited by 274 publications

(146 citation statements)

References 66 publications

(70 reference statements)

Supporting

Mentioning

143

Contrasting

Unclassified

Order By: Relevance

“…The comparison results with some of the existing approaches on these two sets are shown in Table 12. The highest detection accuracy is achieved by the proposed approach based on the experimental results on KDDTest+, which outperforms the other recent IDS techniques, including FSSL [9], FSSL-EL [34], and TSE-IDS [82]. Besides having superior detection accuracy, the proposed method also outperforms significantly other approaches in terms of detection rate metric.…”

Section: Comparison With the State Of The Art Methodsmentioning

confidence: 73%

“…Although the multi-class classification performance of our proposed method has been proven through experiments, to provide more reference for the readers, we still compare the results of our CFS-BA-Ensemble method with other earlier researches in binary classification based on NSL-KDD, AWID, and CIC-IDS2017 datasets, which is shown in Table 13. First of all, it can be seen in Table 13 that our proposed model outperforms other similar ensemble classifiers, such as FS-EL [83], XGBoost-IDS [13], and TSE-IDS [82] when using 10f cross-validation as a validation technique. There are also some deep learning methods for IDS in the current literature such as DEMISe [69], DeepWindow [79], and HELAD [99].…”

Section: Comparison With the State Of The Art Methodsmentioning

confidence: 86%

“…Zhong et al [99] also proposed a new anomaly detection model called HELAD, which is based on the Damped Incremental Statistics algorithm for feature selection and organic integration of multiple deep learning techniques for classification. In [82], a novel IDS based on hybrid feature selection and two-level classifier ensembles has been proposed, and experimental results show that it produces a significant improvement of the detection rate on the NSL-KDD and UNSW-NB15 datasets.…”

Section: On Hybrid Approachesmentioning

confidence: 99%

See 2 more Smart Citations

Building an efficient intrusion detection system based on feature selection and ensemble classifier

et al. 2020

View full text Add to dashboard Cite

A B S T R A C T Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

show abstract

Section: Comparison With the State Of The Art Methodsmentioning

confidence: 73%

Section: Comparison With the State Of The Art Methodsmentioning

confidence: 86%

Section: On Hybrid Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Building an efficient intrusion detection system based on feature selection and ensemble classifier

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In order to further verify the superiority of the proposed model, we compared the proposed model with related models in other literature, including SCDNN [ 42 ], LSTM 4 [ 43 ], GRU 3 [ 43 ], CFBLS [ 43 ], TSE-IDS [ 44 ], ROS-DNN [ 45 ], SMOTE-DNN [ 45 ], and ADASYN-DNN [ 45 ]. To be fair, all the methods were implemented on NSL-KDDTest+ and NSL-KDDTest21.…”

Section: Discussionmentioning

confidence: 99%

A Hybrid Intrusion Detection Model Combining SAE with Kernel Approximation in Internet of Things

Lee

Gong

et al. 2020

Sensors

View full text Add to dashboard Cite

Owing to the constraints of time and space complexity, network intrusion detection systems (NIDSs) based on support vector machines (SVMs) face the “curse of dimensionality” in a large-scale, high-dimensional feature space. This study proposes a joint training model that combines a stacked autoencoder (SAE) with an SVM and the kernel approximation technique. The training model uses the SAE to perform feature dimension reduction, uses random Fourier features to perform kernel approximation, and then random Fourier mapping is explicitly applied to the sub-sample to generate the random feature space, making it possible to apply a linear SVM to uniformly approximate to the Gaussian kernel SVM. Finally, the SAE performs joint training with the efficient linear SVM. We studied the effects of an SAE structure and a random Fourier feature on classification performance, and compared that performance with that of other training models, including some without kernel approximation. At the same time, we compare the accuracy of the proposed model with that of other models, which include basic machine learning models and the state-of-the-art models in other literatures. The experimental results demonstrate that the proposed model outperforms the previously proposed methods in terms of classification performance and also reduces the training time. Our model is feasible and works efficiently on large-scale datasets.

show abstract

“…Owing to this fact, they attract the researchers' attention by proposing new approaches aiming to improve the system security robustness against new potential unknown attacks. Actually, three types of methods used in IDS can be distinguished, namely (i) signature-based method [3], (ii) anomaly-based method [4], and (iii) hybrid signature/anomaly-based method to get a complementary intrusion detection. While signaturebased IDS technique matches the presented attack's signature with a database of known attacks [5], the anomaly-based IDS can effectively identify unknown attacks whose signatures do not exist in database, by learning about certain normal behaviors in the network.…”

Section: Introductionmentioning

confidence: 99%

Epigenetic Algorithm-Based Detection Technique for Network Attacks

2020

View full text Add to dashboard Cite

Nowadays, the cybersecurity issue involves new strategies to protect against advanced threats and unknown attacks. Intrusion detection system (IDS) is considered a robust system dealing with attacks detection, particularly unknown attacks and anomalies. Several IDS-based algorithms have been recently inspected in the literature, among them the well-known strengthen algorithms, i.e. Genetic algorithm (GA). Moreover, Epigenetic-based algorithm (EGA) is known as an improved version of GA ensuring high performance with reduced computational complexity. Its main goal is to converge within a short time towards an optimal solution by acting on genetic operators, namely mutation and crossover. In this paper, we propose a new classifier based on EGA for IDS. Especially, based on a database of network traffics, EGA is applied to classify attacks. The results, performed through EGA simulation, show that the performance of the proposed technique outperforms the ones of GA classifier by obtaining a high detection rate up to 98% and a faster processing time than that of GA and other algorithms that we have compared in this paper.

show abstract

TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System

Cited by 274 publications

References 66 publications

Building an efficient intrusion detection system based on feature selection and ensemble classifier

Building an efficient intrusion detection system based on feature selection and ensemble classifier

A Hybrid Intrusion Detection Model Combining SAE with Kernel Approximation in Internet of Things

Epigenetic Algorithm-Based Detection Technique for Network Attacks

Contact Info

Product

Resources

About