Intrusion detection systems (IDSs) have received great interest in computer science, along with increased network productivity and security threats. The purpose of this study is to determine whether the incoming network traffic is normal or an attack based on 41 features in the NSL-KDD dataset. In this paper, the performance of a stacking technique for network intrusion detection was analysed. Stacking technique is an ensemble approach which is used for combining various classification methods to produce a preferable classifier. Stacking models were trained on the NSLKDD training dataset and evaluated on the NSLKDDTest+ and NSLKDDTest21 test datasets. In the stacking technique, four different algorithms were used as base learners and an algorithm was used as a stacking meta learner. Logistic Regression (LR), Decision Trees (DT), Artificial Neural Networks (ANN), and K Nearest Neighbor (KNN) are the base learner models and Support Vector Machine (SVM) model is the meta learner. The proposed models were evaluated using accuracy rate and other performance metrics of classification. Experimental results showed that stacking significantly improved the performance of intrusion detection systems. The ensemble classifier (DT-LR-ANN + SVM) model achieved the best accuracy results with 90.57% in the NSLKDDTest + dataset and 84.32% in the NSLKDDTest21 dataset.
[1] C. Tsai, Y. Hsu, C. Lin, and W. Lin, “Expert Systems with Applications Intrusion detection by
machine learning : A review,” Expert Syst. Appl., vol. 36, no. 10, pp. 11994–12000, 2009.
[2] S. Morgan, (2019, Jun 15). “2017 Cyber Crime Report.” [Online]. Available:
https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-CybercrimeReport.pdf.
[3] G. Karataş and O. Şahingöz, “Neural network based ıntrusion detection systems with
different training functions,” IEEE, pp. 1–6, 2018.
[4] D. P. Vinchurkar and A. Reshamwala, “A review of ıntrusion detection system using neural
network and machine learning technique,” International Journal of Engineering Science and
Innovative Technology (IJESIT),vol. 1, no. 2, pp. 54–63, 2012.
[5] K. Leung and C. Leckie, “Unsupervised anomaly detection in network ıntrusion detection
using clusters,” in Proceedings of the Twenty-eighth Australasian Conference on Computer Science –
Volume 38, 2005, pp. 333–342.
[6] P. Ning and S. Jajodia, (2020, Feb 10). “Intrusion detection techniques.” [Online]. Available:
https://doi.org/10.1002/047148296X.tie097.
[7] L. I. Kuncheva, J. C. Bezdek and R. P. Duin, “Decision templates for multiple classifier fusion:
an experimental comparison,” Pattern Recognition, vol. 34, no. 2, pp. 299–314, 2001.
[8] M. Gyanchandani, R. N. Yadav and J. L. Rana, “Intrusion Detection using C4 . 5 : Performance
Enhancement by Classifier Combination,” ACEEE Int. J. on Signal & Image Processing, vol. 01, no.
03. pp. 46–49, 2010.
[9] E. Bahri, N. Harbi, and H. N. Huu, “Approach Based Ensemble Methods for Better and Faster
Intrusion Detection,” in Proceedings of the 4th International Conference on Computational
Intelligence in Security for Information Systems, 2011, pp. 17–24.
[10] I. Syarif, E. Zaluska, A. Prugel-Bennett, and G. Wills, “Application of bagging, boosting and
stacking to ıntrusion detection,” in Proceedings of the 8th International Conference on Machine
Learning and Data Mining in Pattern Recognition, 2012, pp. 593–602.
[11] A. K. Shrivas and A. K. Dewangan, “Article: An ensemble model for classification of attacks
with feature selection based on KDD99 and NSL-KDD Data Set,” Int. J. Comput. Appl., vol. 99, no.
15, pp. 8–13, 2014.
[12] D. P. Gaikwad and R. C. Thool, “Intrusion detection system using bagging with partial
decision treebase classifier,” Procedia Comput. Sci., vol. 49, pp. 92–98, 2015.
[13] B. A. Tama and K. H. Rhee, “A Combination of PSO-Based Feature Selection and Tree-Based
Classifiers Ensemble for Intrusion Detection Systems,” in CSA/CUTE, 2015.
[14] S. Choudhury and A. Bhowal, “Comparative analysis of machine learning algorithms along
with classifiers for network intrusion detection,” 2015 Int. Conf. Smart Technol. Manag. Comput.
Commun. Control. Energy Mater., 2015, pp. 89–95.
[15] I. S. Thaseen and C. A. Kumar, “Intrusion detection model using fusion of PCA and optimized
SVM,” in 2014 International Conference on Contemporary Computing and Informatics (IC3I), 2014, pp. 879–884.
[16] S. Naseer, Y. Saleem, S. Khalid, M. K. Bashir, J. Han, M. M. Iqbal and K. Han, “Enhanced
network anomaly detection based on deep neural networks,” IEEE Access, vol. 6, pp. 48231–48246,
2018.
[17] R. C. Aygun and A. G. Yavuz, “Network anomaly detection with stochastically ımproved
autoencoder based models,” 2017 IEEE 4th Int. Conf. Cyber Secur. Cloud Comput., 2017, pp. 193
198.
[18] C. Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for ıntrusion detection using
recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2017.
[19] N. Shone, T. N. Ngoc, V. D. Phai and Q. Shi, "A deep learning approach to network
intrusion detection," in IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2,
no. 1, pp. 41–50, 2018.
[20] T. A. Tang, L. Mhamdi, D. McLernon, S.A.R. Zaidi, M. Ghogho and F El Moussa, “DeepIDS:
deep learning approach for intrusion detection in software defined networking,” Electronics, vol.
9, pp. 1533, 2020.
[21] A. Ledezma, R. Aler, and D. Borrajo, “Heuristic Search-Based Stacking of Classifiers,” 2002.
[22] D. H. Wolpert, “Stacked Generalization,” Neural Networks, vol. 5, pp. 241–259, 1992.
[24] S. Haykin, Neural Networks and Learning Machines. New Jersey: Prentice Hall, 2008.
[25] E. Öztemel, Yapay Sinir Ağları. İstanbul, Türkiye: PapatyaYayıncılık, 2012
[26] N. Demir and G. Dalkiliç, “Modified stacking ensemble approach to detect network intrusion,”
Turkish J. Electr. Eng. Comput. Sci., vol. 26, pp. 418–433, 2018.
[27] W. Wang, X. Zhang, and S. Gombault, “Constructing attribute weights from computer audit
data for effective intrusion detection,” J. Syst. Softw., vol. 82, pp. 1974–1981, 2009.
[28] M. Pontil and A. Verri, “Support vector machines for 3D object recognition,” IEEE Trans.
Pattern Anal. Mach. Intell., vol. 20, no. 6, pp. 637–646, 1998.
[29] N. Cristianini and J. Shawe-Taylor, An Introduction to Support Vector Machines and Other
Kernel-Based Learning Methods. Cambridge University Press, 2000.
[30] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP
99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense
Applications, 2009, pp. 1–6.
[31] UNB. (2021, March 6). “The NSL-KDD Data Set.” [Online]. Available:https://github.com/
defcom17/NSL_KDD.
[32] T. Poongothai, K. Jayarajan and P.Udayakumar, “An Effective and Intelligent Intrusion
DetectionSystem using Deep Auto-Encoders”, IJAST, vol. 29, no. 9s, pp. 3139–3154, 2020.
[33] F. Pedregosa et al., “Scikit-learn: Machine Learning in Python,” J. Mach. Learn. Res., vol. 12,
no. 85, pp. 2825–2830, 2011.
[34] M. Mohammadi, B. Raahemi, A. Akbari, and B. Nasersharif, “New class-dependent feature
transformation for intrusion detection systems,” Secur. Commun. Networks, vol. 5, pp. 1296–1311,
2012.
[35] P. Krömer, J. Platos, V. Snásel, and A. Abraham, “Fuzzy classification by evolutionary
algorithms,” 2011 IEEE Int. Conf. Syst. Man, Cybern., 2011, pp. 313–318.
[36] J. Kevric, S. Jukic, and A. Subasi, “An effective combining classifier approach using tree
algorithms for network intrusion detection,” Neural Comput. Appl., vol. 28, pp. 1051–1058, 2016.
Saldırı Tespit Sistemi İçin İstifleme Topluluk Öğrenme Yaklaşımı
Saldırı tespit sistemleri (STS'ler), artan ağ verimliliği ve güvenlik tehditlerinin yanı sıra bilgisayar bilimlerinde de büyük ilgi görmüştür. Bu çalışmanın amacı, NSL-KDD veri kümesindeki 41 özelliğe bağlı olarak gelen ağ trafiğinin, normal veya saldırı olup olmadığını belirlemektir. Bu yazıda, ağ izinsiz giriş tespiti için bir istifleme tekniğinin performansı analiz edilmiştir. İstifleme tekniği, tercih edilebilir bir sınıflandırıcı üretmek için çeşitli sınıflandırma yöntemlerini birleştirerek kullanılan bir topluluk yaklaşımıdır. İstifleme modelleri NSLKDD eğitim veri seti üzerinde eğitilmiş ve NSLKDDTest+ ve NSLKDDTest21 test veri setleri üzerinde test edilmiştir. İstifleme tekniğinde temel öğrenenler olarak dört farklı algoritma ve istifleme meta öğrenicisi olarak bir algoritma kullanılmıştır. Lojistik Regresyon (LR), Karar Ağaçları (KA), Yapay Sinir Ağları (YSA) ve K En Yakın Komşu (KEYK) temel öğrenici modelleridir ve Destek Vektör Makinesi (DVM) modeli meta öğrenicidir. Önerilen modeller, doğruluk oranı ve sınıflandırmanın diğer performans metrikleri kullanılarak değerlendirilmiştir. Deney sonuçları istiflemenin saldırı tespit sisteminin performansını önemli ölçüde artırdığını göstermiştir. Topluluk sınıflandırıcısı (KA-LR-YSA + DVM) modeli, NSLKDDTest+ veri kümesinde %90.57 ve NSLKDDTest21 veri kümesinde %84.32 ile en iyi sonuçlara ulaşmıştır.
[1] C. Tsai, Y. Hsu, C. Lin, and W. Lin, “Expert Systems with Applications Intrusion detection by
machine learning : A review,” Expert Syst. Appl., vol. 36, no. 10, pp. 11994–12000, 2009.
[2] S. Morgan, (2019, Jun 15). “2017 Cyber Crime Report.” [Online]. Available:
https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-CybercrimeReport.pdf.
[3] G. Karataş and O. Şahingöz, “Neural network based ıntrusion detection systems with
different training functions,” IEEE, pp. 1–6, 2018.
[4] D. P. Vinchurkar and A. Reshamwala, “A review of ıntrusion detection system using neural
network and machine learning technique,” International Journal of Engineering Science and
Innovative Technology (IJESIT),vol. 1, no. 2, pp. 54–63, 2012.
[5] K. Leung and C. Leckie, “Unsupervised anomaly detection in network ıntrusion detection
using clusters,” in Proceedings of the Twenty-eighth Australasian Conference on Computer Science –
Volume 38, 2005, pp. 333–342.
[6] P. Ning and S. Jajodia, (2020, Feb 10). “Intrusion detection techniques.” [Online]. Available:
https://doi.org/10.1002/047148296X.tie097.
[7] L. I. Kuncheva, J. C. Bezdek and R. P. Duin, “Decision templates for multiple classifier fusion:
an experimental comparison,” Pattern Recognition, vol. 34, no. 2, pp. 299–314, 2001.
[8] M. Gyanchandani, R. N. Yadav and J. L. Rana, “Intrusion Detection using C4 . 5 : Performance
Enhancement by Classifier Combination,” ACEEE Int. J. on Signal & Image Processing, vol. 01, no.
03. pp. 46–49, 2010.
[9] E. Bahri, N. Harbi, and H. N. Huu, “Approach Based Ensemble Methods for Better and Faster
Intrusion Detection,” in Proceedings of the 4th International Conference on Computational
Intelligence in Security for Information Systems, 2011, pp. 17–24.
[10] I. Syarif, E. Zaluska, A. Prugel-Bennett, and G. Wills, “Application of bagging, boosting and
stacking to ıntrusion detection,” in Proceedings of the 8th International Conference on Machine
Learning and Data Mining in Pattern Recognition, 2012, pp. 593–602.
[11] A. K. Shrivas and A. K. Dewangan, “Article: An ensemble model for classification of attacks
with feature selection based on KDD99 and NSL-KDD Data Set,” Int. J. Comput. Appl., vol. 99, no.
15, pp. 8–13, 2014.
[12] D. P. Gaikwad and R. C. Thool, “Intrusion detection system using bagging with partial
decision treebase classifier,” Procedia Comput. Sci., vol. 49, pp. 92–98, 2015.
[13] B. A. Tama and K. H. Rhee, “A Combination of PSO-Based Feature Selection and Tree-Based
Classifiers Ensemble for Intrusion Detection Systems,” in CSA/CUTE, 2015.
[14] S. Choudhury and A. Bhowal, “Comparative analysis of machine learning algorithms along
with classifiers for network intrusion detection,” 2015 Int. Conf. Smart Technol. Manag. Comput.
Commun. Control. Energy Mater., 2015, pp. 89–95.
[15] I. S. Thaseen and C. A. Kumar, “Intrusion detection model using fusion of PCA and optimized
SVM,” in 2014 International Conference on Contemporary Computing and Informatics (IC3I), 2014, pp. 879–884.
[16] S. Naseer, Y. Saleem, S. Khalid, M. K. Bashir, J. Han, M. M. Iqbal and K. Han, “Enhanced
network anomaly detection based on deep neural networks,” IEEE Access, vol. 6, pp. 48231–48246,
2018.
[17] R. C. Aygun and A. G. Yavuz, “Network anomaly detection with stochastically ımproved
autoencoder based models,” 2017 IEEE 4th Int. Conf. Cyber Secur. Cloud Comput., 2017, pp. 193
198.
[18] C. Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for ıntrusion detection using
recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2017.
[19] N. Shone, T. N. Ngoc, V. D. Phai and Q. Shi, "A deep learning approach to network
intrusion detection," in IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2,
no. 1, pp. 41–50, 2018.
[20] T. A. Tang, L. Mhamdi, D. McLernon, S.A.R. Zaidi, M. Ghogho and F El Moussa, “DeepIDS:
deep learning approach for intrusion detection in software defined networking,” Electronics, vol.
9, pp. 1533, 2020.
[21] A. Ledezma, R. Aler, and D. Borrajo, “Heuristic Search-Based Stacking of Classifiers,” 2002.
[22] D. H. Wolpert, “Stacked Generalization,” Neural Networks, vol. 5, pp. 241–259, 1992.
[24] S. Haykin, Neural Networks and Learning Machines. New Jersey: Prentice Hall, 2008.
[25] E. Öztemel, Yapay Sinir Ağları. İstanbul, Türkiye: PapatyaYayıncılık, 2012
[26] N. Demir and G. Dalkiliç, “Modified stacking ensemble approach to detect network intrusion,”
Turkish J. Electr. Eng. Comput. Sci., vol. 26, pp. 418–433, 2018.
[27] W. Wang, X. Zhang, and S. Gombault, “Constructing attribute weights from computer audit
data for effective intrusion detection,” J. Syst. Softw., vol. 82, pp. 1974–1981, 2009.
[28] M. Pontil and A. Verri, “Support vector machines for 3D object recognition,” IEEE Trans.
Pattern Anal. Mach. Intell., vol. 20, no. 6, pp. 637–646, 1998.
[29] N. Cristianini and J. Shawe-Taylor, An Introduction to Support Vector Machines and Other
Kernel-Based Learning Methods. Cambridge University Press, 2000.
[30] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP
99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense
Applications, 2009, pp. 1–6.
[31] UNB. (2021, March 6). “The NSL-KDD Data Set.” [Online]. Available:https://github.com/
defcom17/NSL_KDD.
[32] T. Poongothai, K. Jayarajan and P.Udayakumar, “An Effective and Intelligent Intrusion
DetectionSystem using Deep Auto-Encoders”, IJAST, vol. 29, no. 9s, pp. 3139–3154, 2020.
[33] F. Pedregosa et al., “Scikit-learn: Machine Learning in Python,” J. Mach. Learn. Res., vol. 12,
no. 85, pp. 2825–2830, 2011.
[34] M. Mohammadi, B. Raahemi, A. Akbari, and B. Nasersharif, “New class-dependent feature
transformation for intrusion detection systems,” Secur. Commun. Networks, vol. 5, pp. 1296–1311,
2012.
[35] P. Krömer, J. Platos, V. Snásel, and A. Abraham, “Fuzzy classification by evolutionary
algorithms,” 2011 IEEE Int. Conf. Syst. Man, Cybern., 2011, pp. 313–318.
[36] J. Kevric, S. Jukic, and A. Subasi, “An effective combining classifier approach using tree
algorithms for network intrusion detection,” Neural Comput. Appl., vol. 28, pp. 1051–1058, 2016.
Uçar, M., Uçar, E., & İncetaş, M. O. (2021). A Stacking Ensemble Learning Approach for Intrusion Detection System. Duzce University Journal of Science and Technology, 9(4), 1329-1341. https://doi.org/10.29130/dubited.737211
AMA
Uçar M, Uçar E, İncetaş MO. A Stacking Ensemble Learning Approach for Intrusion Detection System. DÜBİTED. Temmuz 2021;9(4):1329-1341. doi:10.29130/dubited.737211
Chicago
Uçar, Murat, Emine Uçar, ve Mürsel Ozan İncetaş. “A Stacking Ensemble Learning Approach for Intrusion Detection System”. Duzce University Journal of Science and Technology 9, sy. 4 (Temmuz 2021): 1329-41. https://doi.org/10.29130/dubited.737211.
EndNote
Uçar M, Uçar E, İncetaş MO (01 Temmuz 2021) A Stacking Ensemble Learning Approach for Intrusion Detection System. Duzce University Journal of Science and Technology 9 4 1329–1341.
IEEE
M. Uçar, E. Uçar, ve M. O. İncetaş, “A Stacking Ensemble Learning Approach for Intrusion Detection System”, DÜBİTED, c. 9, sy. 4, ss. 1329–1341, 2021, doi: 10.29130/dubited.737211.
ISNAD
Uçar, Murat vd. “A Stacking Ensemble Learning Approach for Intrusion Detection System”. Duzce University Journal of Science and Technology 9/4 (Temmuz 2021), 1329-1341. https://doi.org/10.29130/dubited.737211.
JAMA
Uçar M, Uçar E, İncetaş MO. A Stacking Ensemble Learning Approach for Intrusion Detection System. DÜBİTED. 2021;9:1329–1341.
MLA
Uçar, Murat vd. “A Stacking Ensemble Learning Approach for Intrusion Detection System”. Duzce University Journal of Science and Technology, c. 9, sy. 4, 2021, ss. 1329-41, doi:10.29130/dubited.737211.
Vancouver
Uçar M, Uçar E, İncetaş MO. A Stacking Ensemble Learning Approach for Intrusion Detection System. DÜBİTED. 2021;9(4):1329-41.