Ensemble of Classifiers Based Network Intrusion Detection System Performance Bound

This paper provides a performance bound of a network intrusion detection system (NIDS) that uses an ensemble of classifiers. Currently researchers rely on implementing the ensemble of classifiers based NIDS before they can determine the performance of such NIDS. Therefore the knowledge of this bound would help researchers estimate the performance of their ensemble of classifiers based network intrusion detection systems (NIDSs) before they even implement them. The performance bound is defined in terms of the average information gain associated with the features used in building the ensemble and is obtained by Adaboosting a decision stump which is the weak classifier in the ensemble. Different proportions of the NSL KDD dataset that was filtered for Neptune and normal connections were used as different datasets in this study for observing the performance behaviour of the ensemble. The bound is based on the performance of this ensemble in classifying the normal and Neptune connections. Classification accuracy was used as the performance measure in this study. From the experimental results, we therefore deduce that, if the average information gain value amongst features used in the ensemble lies between 0.045651 and 0.25615 then the classification accuracy of the ensemble will be at most 0.9.