ENSEMBLE TECHNIQUE FOR INTRUDER DETECTION IN NETWORK TRAFFIC

Due to increasing incidents of cyber-attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. However, most of the conducted studies rely on static and one-time dataset where all the changes monitored are based on the dataset used. As network behaviors and patterns change and intrusions evolve, thus it has very much become necessary to move away from static and one-time dataset toward more dynamically configurable classifiers. The Current researches show that different classifiers provide different results about the patterns to be classified. These different results combined together (aka ensemble) yields better performance than individual classifiers. In this paper we have used a hybrid ensemble intrusion detection system consisting of a Misuse Binary Tree of Classifiers as the first stage and an anomaly detection model based upon SVM Classifier as the second stage. The Binary Tree consists of several best known classifiers specialized in detecting specific attacks at a high level of accuracy. Combination of a Binary Tree and specialized classifiers will increase accuracy of the misuse detection model. The misuse detection model will detect only known attacks. In-order to detect unknown attacks, we have an anomaly detection model as the second stage. SVM has been used, since it's the best known classifier for anomaly detection which will detect patterns that deviate from normal behavior. The proposed hybrid intrusion detection has been tested and evaluated using KDD Cup '99, NSL-KDD and UNSW-NB15 datasets.