Effective network intrusion detection using stacking-based ensemble approach

被引:0
作者
Muhammad Ali
Mansoor-ul- Haque
Muhammad Hanif Durad
Anila Usman
Syed Muhammad Mohsin
Hana Mujlid
Carsten Maple
机构
[1] Pakistan Institute of Engineering and Applied Sciences,Department of Computer and Information Sciences
[2] Pakistan Institute of Engineering and Applied Sciences,Critical Infrastructure Protection and Malware Analysis Lab
[3] COMSATS University Islamabad,Department of Computer Science
[4] Virtual University of Pakistan,College of Intellectual Novitiates (COIN)
[5] Taif University,Department of Computer Engineering
[6] University of Warwick,Cyber Security Centre
来源
International Journal of Information Security | 2023年 / 22卷
关键词
Machine learning; Intrusion detection system; Denial of service; Ensemble-based learning; CICIDS2017; GNS-3; Performance metrics;
D O I
暂无
中图分类号
学科分类号
摘要
The increasing demand for communication between networked devices connected either through an intranet or the internet increases the need for a reliable and accurate network defense mechanism. Network intrusion detection systems (NIDSs), which are used to detect malicious or anomalous network traffic, are an integral part of network defense. This research aims to address some of the issues faced by anomaly-based network intrusion detection systems. In this research, we first identify some limitations of the legacy NIDS datasets, including a recent CICIDS2017 dataset, which lead us to develop our novel dataset, CIPMAIDS2023-1. Then, we propose a stacking-based ensemble approach that outperforms the overall state of the art for NIDS. Various attack scenarios were implemented along with benign user traffic on the network topology created using graphical network simulator-3 (GNS-3). Key flow features are extracted using cicflowmeter for each attack and are evaluated to analyze their behavior. Several different machine learning approaches are applied to the features extracted from the traffic data, and their performance is compared. The results show that the stacking-based ensemble approach is the most promising and achieves the highest weighted F1-score of 98.24%.
引用
收藏
页码:1781 / 1798
页数:17
相关论文
共 130 条
  • [1] Patil NV(2021)Distributed frameworks for detecting distributed denial of service attacks: a comprehensive review, challenges and future directions Concurr. Comput. Pract. Exp. 33 6197-36
  • [2] Krishna CR(2017)Detecting http-based application layer dos attacks on web servers in the presence of sampling Comput. Netw. 121 25-12
  • [3] Kumar K(2020)Anomaly detection optimization using big data and deep learning to reduce false-positive J. Big Data 7 1-2310
  • [4] Jazi HH(2021)Lio-ids: handling class imbalance using lstm and improved one-vs-one technique in intrusion detection system Comput. Netw. 192 108076-188
  • [5] Gonzalez H(2020)Machine learning based intrusion detection systems for iot applications Wirel. Pers. Commun. 111 2287-35
  • [6] Stakhanova N(2020)An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks Comput. Netw. 180 107390-323
  • [7] Ghorbani AA(2019)A detailed analysis of the cicids2017 data set Commun. Comput. Inf. Sci. 977 172-196
  • [8] Jallad KA(1987)Computer viruses: Theory and experiments Comput. Secur. 6 22-1685
  • [9] Aljnidi M(2020)Applications of artificial intelligence and machine learning in smart cities Comput. Commun. 154 313-1779
  • [10] Desouki MS(2014)Comparative study of machine learning algorithm for intrusion detection system Adv. Intell. Syst. Comput. 247 189-18
12345678910