An improved ensemble approach for effective intrusion detection

Nowadays, one critical challenge of cybersecurity administrators is the protection of online resources from network intrusions. Despite several academic and industry research initiatives, full protection of online resources from these network intrusions is not feasible. Therefore, several techniques have been developed that use network audit data for accurate detection of network intrusions effectively and efficiently and are used in network intrusion detection systems (NIDSs). But, most of NIDSs reported low detection accuracy with high false alarm rate and provide a single solution that lacks in classification trade-offs. In this paper, the authors present a hybrid approach of multi-objective genetic algorithm and neural networks for creating a set of ensemble solutions for detecting network intrusions effectively. The proposed approach works in two phases that initially creates a set of non-dominating solutions or Pareto optimal solutions of base techniques and then creates ensemble solutions. In the outcome of individual solutions or models in the ensemble are aggregated using most popular method of majority voting. The proposed hybrid approach is evaluated using benchmark datasets of NSL_KDD and ISCX-2012 datasets for intrusion detection. The evaluation results using benchmark datasets demonstrate that the proposed hybrid approach enables detecting network intrusions effectively as compared to conventional ensemble approaches, namely bagging and boosting. The resultant ensemble solutions are non-dominating and provide classification trade-offs for cybersecurity administrators. The results also show that the proposed hybrid approach detects both minority and majority intrusion types accurately. The proposed hybrid approach demonstrated a detection accuracy of 97% and 88% with FPR of 2.4% and 2% for ISCX-2012 and NSL_KDD datasets, respectively.