ICDF: Intrusion collaborative detection framework based on confidence

Many machine-learning-based intrusion detection methods have been proposed, however there is a lack of collaboration among these methods. Faced with a cascade of malicious behaviors and various running environments, coupled with the endless emergence of new malicious activities, it is difficult for us to choose an algorithm manually that is suitable for all scenarios. In addition, usually the binary detection models are applied that only "normal" or "abnormal" decision is made, and it is difficult for us to know how much confidence we have in the prediction model. In this study, we propose an intrusion collaborative detection framework (ICDF), an ICDF that allows heterogeneous detection models to effectively work together which have complementary expertise. A multialgorithm model ensemble learning method with confidence interval is adopted. In this process, each algorithm model only makes prediction judgments on its own credible probability interval and refuses to predict outside the interval. The final result is generated by voting based on the confidence of multiple models. Ten detection algorithms were tested on three different data sets. Compared with different single algorithms, ICDF could achieve high precision and recall rate, and the best F1 scores.