Ensemble machine learning approach for network intrusion detection

Abstract

Due to increasing amount of cyber attack, there is a growing demand for Network intrusion detection systems (NIDSs) which are necessary for defending from potential attacks. Cyber attacks can harm in different sectors including small and large business, institutions and also an individual. By stealing confidential data and harvesting login credentials, attackers can turn an organization into destitute. Those attacks can occupy the network by traffic flooding which results in denial of service to its users. Besides, when an institution is hacked, they lose their reputation and customers. Detecting and preventing cyber attacks is one of the key research areas. Existing NIDSs use traditional machine learning algorithms with low detection rate and are also not suitable for the new unknown cyber attacks. In this thesis, we propose a detection model with ensemble machine learning methods. Ensemble method is a machine learning technique that combines several base models in order to produce one optimal predictive model. Ensemble machine learning methods have the potential to detect and prevent different types of attacks compared to traditional machine learning methods. Our proposed system uses ensemble machine learning methods with Voting, Stacking, Bagging and Boosting methodology. In this research work we have designed 16 new types of ensemble machine learning classifiers: 4 Voting, 4 Stacking, 3 Boosting, 3 Bagging and 2 Hybrid classifiers. We have used the full training and testing NSL-KDD dataset to evaluate the performance of multiclass classification and we also compare the performance with deep learning as well as traditional base level machine learning techniques. NSL-KDD dataset provides data with DoS, Probe, R2L and U2R attacks. Result shows that detection rate of DoS, Probe, R2L and U2R network attacks vary with different types of classifiers. Different classifiers perform better for different types of attacks. Moreover, we also identified that the detection rate changes with the change of the number of features. To design, develop and evaluate our proposed ensemble ML classifiers, we have used Scikit learn library which is mainly based on python language. Our proposed system can detect known attacks as well as prevent unknown attacks. Experimental results show that the proposed intrusion detection classifier is superior to the performance of existing methods. Our models can improve the detection rate of the IDS which is vital for network intrusion detection systems.