Hybrid Intrusion Detection Using Ensemble of Classification Methods

Full Text (PDF, 465KB), PP.45-53

Views: 0 Downloads: 0


M.Govindarajan 1,*

1. Department of Computer Science and Engineering, Annamalai University, Annamalai Nagar – 608002, Tamil Nadu, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2014.02.07

Received: 24 Jun. 2013 / Revised: 10 Sep. 2013 / Accepted: 14 Nov. 2013 / Published: 8 Jan. 2014

Index Terms

Data Mining, Ensemble, Radial Basis Function, Support Vector Machine, Accuracy


One of the major developments in machine learning in the past decade is the ensemble method, which finds highly accurate classifier by combining many moderately accurate component classifiers. In this research work, new ensemble classification methods are proposed for homogeneous ensemble classifiers using bagging and heterogeneous ensemble classifiers using arcing classifier and their performances are analyzed in terms of accuracy. A Classifier ensemble is designed using Radial Basis Function (RBF) and Support Vector Machine (SVM) as base classifiers. The feasibility and the benefits of the proposed approaches are demonstrated by the means of real and benchmark data sets of intrusion detection. The main originality of the proposed approach is based on three main parts:  preprocessing phase, classification phase and combining phase. A wide range of comparative experiments are conducted for real and benchmark data sets of intrusion detection. The accuracy of base classifiers is compared with homogeneous and heterogeneous models for data mining problem. The proposed ensemble methods provide significant improvement of accuracy compared to individual classifiers and also heterogeneous models exhibit better results than homogeneous models for real and benchmark data sets of intrusion detection.

Cite This Paper

M.Govindarajan, "Hybrid Intrusion Detection Using Ensemble of Classification Methods", International Journal of Computer Network and Information Security(IJCNIS), vol.6, no.2, pp.45-53, 2014. DOI:10.5815/ijcnis.2014.02.07


[1]P. Anderson, "Computer security threat monitoring and surveillance", Technical Report, James P. Anderson Co., Fort Washington, PA, 1980.
[2]E. Biermann, E. Cloete and L.M. Venter, "A comparison of intrusion detection Systems", Computer and Security, vol. 20, pp. 676-683, 2001.
[3]Breiman. L, “Bias, Variance, and Arcing Classifiers”, Technical Report 460, Department of Statistics, University of California, Berkeley, CA, 1996.
[4]Breiman, L. “Bagging predictors”, Machine Learning, vol.24, no. 2, pp. 123– 140, 1996a
[5]Burges, C. J. C, “A tutorial on support vector machines for pattern recognition”, Data Mining and Knowledge Discovery, vol. 2, no. 2, pp. 121-167, 1998.
[6]W. H. Chen, S. H. Hsu, H.P Shen, “Application of SVM and ANN for intrusion detection”, Comput OperRes Vol-ume 32, Issue 10, pp. 2617–2634, 2005a.
[7]Chen Y, Abraham A, and Yang J, “Feature deduction and intrusion detection using flexible neural trees”, In: Second IEEE International Symposium on Neural Networks, 2005b, pp. 2617-2634.
[8]C. Katar, “Combining multiple techniques for intrusion detection”, Int J Comput Sci Network Security, pp. 208–218, 2006.
[9]Cherkassky, V. and Mulier, F, “Learning from Data - Concepts, Theory and Methods”, John Wiley & Sons, New York, 1998.
[10]Freund, Y. and Schapire, R, “A decision-theoretic generalization of on-line learning and an application to boosting”, In proceedings of the Second European Conference on Computational Learning Theory, 1995, pp 23-37.
[11]Freund, Y. and Schapire, R, “Experiments with a new boosting algorithm”, In Proceedings of the Thirteenth International Conference on Machine Learning, 1996, pp. 148-156 Bari, Italy.
[12]Ghosh AK, Schwartzbard A, “A study in using neural networks for anomaly and misuse detection”, In: The proceeding on the 8th USENIX security symposium, <http://citeseer.ist.psu.edu/context/117
0861/0>; [accessed August 2006], 1999.
[13]M.Govindarajan, RM.Chandrasekaran, “Intrusion Detection using an Ensemble of Classification Methods”, In Proceedings of International Conference on Machine Learning and Data Analysis, San Francisco, U.S.A, 2012, pp. 459-464.
[14]Haykin, S, “Neural networks: a comprehensive foundation” (second ed.), New Jersey: Prentice Hall, 1999.
[15]Heady R, Luger G, Maccabe A, Servilla M, “The architecture of a network level intrusion detection system”, Technical Report, Department of Computer Science, University of New Mexico, 1990.
[16]K. Ilgun, R.A. Kemmerer and P.A. Porras, "State transition analysis:A rule-based intrusion detection approach", IEEE Trans. Software Eng. vol. 21, pp. 181-199, 1995.
[17]Ira Cohen, Qi Tian, Xiang Sean Zhou and Thoms S.Huang, "Feature Selection Using Principal Feature Analysis", In Proceedings of the 15th international conference on Multimedia, Augsburg, Germany, September, 2007, pp. 25-29.
[18]Jiawei Han , Micheline Kamber, “ Data Mining – Concepts and Techniques” Elsevier Publications, 2003.
[19]Kohavi, R, “A study of cross-validation and bootstrap for accuracy estimation and model selection”, Proceedings of International Joint Conference on Artificial Intelligence, 1995, pp. 1137–1143.
[20]KDD'99 dataset, http://kdd.ics.uci.edu/databases, Irvine, CA, USA, 2010.
[21]E. Lundin and E. Jonsson, "Anomaly-based intrusion detection: privacy concerns and other problems", Computer Networks, vol. 34, pp. 623-640, 2002.
[22]D. Marchette, "A statistical method for profiling network traffic", In proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring (Santa Clara), CA.1999, pp. 119-128.
[23]Mukkamala S, Sung AH, Abraham A, “Intrusion detection using ensemble of soft computing paradigms”, third international conference on intelligent systems design and applications, intelligent systems design and applications, advances in soft computing. Germany: Springer, 2003, pp. 239–48.
[24]Mukkamala S, Sung AH, Abraham A, “Modeling intrusion detection systems using linear genetic programming approach”, The 17th international conference on industrial & engineering applications of artificial intelligence and expert systems, innovations in applied artificial intelligence. In: Robert O., Chunsheng Y., Moonis A., editors. Lecture Notes in Computer Science, vol. 3029. Germany: Springer, 2004a, pp. 633–42.
[25]Mukkamala S, Sung AH, Abraham A, Ramos V, “Intrusion detection systems using adaptive regression splines”, In: Seruca I, Filipe J, Hammoudi S, Cordeiro J, editors, Proceedings of the 6th international conference on enterprise information systems, ICEIS’04, vol. 3, Portugal, 2004b, pp. 26–33.
[26]S. Mukkamala, G. Janoski and A.Sung, "Intrusion detection: support vector machines and neural networks", In proceedings of the IEEE International Joint Conference on Neural Networks (ANNIE), St. Louis, MO, 2002, pp. 1702-1707.
[27]Oliver Buchtala, Manuel Klimek, and Bernhard Sick, Member, IEEE, “Evolutionary Optimization of Radial Basis Function Classifiers for Data Mining Applications”, IEEE Transactions on systems, man, and cybernetics—part b: cybernetics, vol. 35, no. 5, 2005.
[28]Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S, “Adaptive neuro-fuzzy intrusion detection system”, IEEE International Conference on Information Technology: Coding and Computing (ITCC’04), vol. 1. USA: IEEE Computer Society, 2004, pp. 70–74.
[29]T. Shon and J. Moon, "A hybrid machine learning approach to network anomaly detection", Information Sciences, vol.177, pp. 3799-3821, 2007.
[30]Summers RC, “Secure computing: threats and safeguards”, New York: McGraw-Hill, 1997.
[31]Sundaram A, “An introduction to intrusion detection”, ACM Cross Roads, vol.2, no.4, 1996.
[32]W. Stallings, "Cryptography and network security principles and practices", USA: Prentice Hall, 2006.
[33]C. Tsai, Y. Hsu, C. Lin and W. Lin, "Intrusion detection by machine learning: A review", Expert Systems with Applications, vol. 36, pp.11994-12000, 2009.
[34]Vanajakshi, L. and Rilett, L.R, “A Comparison of the Performance of Artificial Neural Network and Support Vector Machines for the Prediction of Traffic Speed”, IEEE Intelligent Vehicles Symposium, University of Parma, Parma, Italy: IEEE, 2004, pp.194-199.
[35]T. Verwoerd and R. Hunt, "Intrusion detection techniques and approaches", Computer Communications, vol. 25, pp.1356-1365, 2002.
[36]S. Wu and W. Banzhaf, "The use of computational intelligence in intrusion detection systems: A review", Applied Soft Computing, vol.10, pp. 1-35, 2010.