Machine Learning
A decision-theoretic generalization of on-line learning and an application to boosting
EuroCOLT '95 Proceedings of the Second European Conference on Computational Learning Theory
A Comparison of Several Ensemble Methods for Text Categorization
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
Ensemble of classifiers for detecting network intrusion
Proceedings of the International Conference on Advances in Computing, Communication and Control
A detailed analysis of the KDD CUP 99 data set
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Comparison of bagging, boosting and stacking ensembles applied to real estate appraisal
ACIIDS'10 Proceedings of the Second international conference on Intelligent information and database systems: Part II
Principles of Information Security
Principles of Information Security
| Hi-index | 0.00 |
This paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and reduce the false positive rate. We use four different data mining algorithms, naïve bayes, J48 (decision tree), JRip (rule induction) and iBK( nearest neighbour), as base classifiers for those ensemble methods. Our experiment shows that the prototype which implements four base classifiers and three ensemble algorithms achieves an accuracy of more than 99% in detecting known intrusions, but failed to detect novel intrusions with the accuracy rates of around just 60%. The use of bagging, boosting and stacking is unable to significantly improve the accuracy. Stacking is the only method that was able to reduce the false positive rate by a significantly high amount (46.84%); unfortunately, this method has the longest execution time and so is inefficient to implement in the intrusion detection field.