Assessing Centroid-Based Classification Models for Intrusion Detection System Using Composite Indicators

Detecting intrusion in network traffic is one of the computer security problems that has received a lot of attention for years. Various intrusion detection models were developed by machine learning and data mining. Commonly, confusion matrix-based performance measures are used to compare the performance of several models. But sometimes we need to combine those measure or combine it with performance measures outside the confusion matrix. In this study, we propose two composite indicator indexes (CPI) which built based on composite indicators and weighted linear aggregation methods to evaluate the model's performance. The first CPI is a combination of accuracy, robustness, completeness, and speed. We use it to rank the performance of the three centroid-based classifications models (CANN, L-SCANN, CASMN) on NSL-KDD dataset. While the second is a combination of overall class accuracy and accuracy of each class, we use to compare the models with the other IDS models. (C) 2019 The Authors. Published by Elsevier B.V.