Security Enrichment in Intrusion Detection System Using Classifier … · Govindarajan [8] introduced a new hybrid Intrusion Detection System by combining radial basis function and

Research ArticleSecurity Enrichment in Intrusion Detection System UsingClassifier Ensemble

Uma R Salunkhe1 and Suresh N Mali2

1Smt Kashibai Navale College of Engineering Savitribai Phule Pune University Pune India2Sinhgad Institute of Technology and Science Savitribai Phule Pune University Narhe Pune India

Correspondence should be addressed to Uma R Salunkhe umasalunkheyahoocom

Received 6 January 2017 Accepted 20 February 2017 Published 12 March 2017

Academic Editor Arun K Sangaiah

Copyright copy 2017 Uma R Salunkhe and Suresh N Mali This is an open access article distributed under the Creative CommonsAttribution License which permits unrestricted use distribution and reproduction in any medium provided the original work isproperly cited

In the era of Internet and with increasing number of people as its end users a large number of attack categories are introduceddaily Hence effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in researchthese days Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems In thiswork we aim to enhance detection rate of Intrusion Detection System by using machine learning technique We propose a novelclassifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approachClassifier ensembles combine the opinions of different experts and improve the intrusion detection rate Experimental results showthe improved detection rates of our system compared to reference technique

1 Introduction

With the wide usage of Internet Information Security is animportant domain for research Intrusion Detection System(IDS) is a major concern of security IDS is designed tomonitor the network traffic and identify the suspiciouspatterns representing network intrusion that may compro-mise the system That is it continuously inspects networktraffic for potential vulnerabilities [1] Whenever IDS findssecurity breach or any kind of compromise to the systemit generates an alert to indicate the existence of intrusionIDS play a crucial role in enhancing security of networkingenvironment Based on the approaches that are used to detectthe intrusions IDS can be categorized into following groups[2]

(1) Signature Based IDS IDS monitor the network andcompare actual behavior with known suspicious patterns thatare maintained in a database of attack signatures Matchingbehavior indicates the existence of attack and generates analert The database does not cover any unknown or newlyintroduced threat whose signature is not available If anyunknown attack occurs IDS cannot detect it as its signaturedoes not match with those in the databaseThis indicates that

success of intrusion detection is limited by the availability ofthe recent attack signatures in the database These systemshave proved efficient for known attacks

(2) Anomaly Based IDS Signature based IDS effectively detectknown attacks but are ineffective for unknown attacks Inorder to overcome this limitation anomaly based IDS com-pare actual behavior with the baseline that defines the normalstate of the system that is parameters such as protocolstraffic load and typical packet size [3] Deviation from thebaseline indicates the anomalous behavior and generates analert Sometimes normal behavior can be misclassified asattack due to incomplete description of normal behavior

(3) Hybrid IDS Hybrid IDSmakes combined use of signaturebased and anomaly based ones in order to gain advantages ofboth [4]That is they try to increase detection rates of knownattacks and decrease false positive rates of novel attacks

The rest of this paper is organized as follows Section 2presents a review of related work Section 3 describes theproposed IntrusionDetection System and its algorithm is dis-cussed in Section 4 Section 5 presents the experimental setupused Section 6 focuses on obtained results and discussionsFinally conclusions are given in Section 7

HindawiJournal of Electrical and Computer EngineeringVolume 2017 Article ID 1794849 6 pageshttpsdoiorg10115520171794849

2 Journal of Electrical and Computer Engineering

2 Related Work

Buczak and Guven [4] reviewed machine learning meth-ods for intrusion detection with respect to parameters likecomplexity of algorithm challenges in security enhancementand so forth Authors suggested different criteria such asaccuracy algorithm complexity and time complexity to selectthe effective technique for intrusion detection

Khor et al [5] proposed a cascaded classifier approachfor IDS that enhances the detection rates of the attacks whichbelong to the rare categoryThe proposed technique first sep-arates out the rare intrusions fromnonrare intrusion categoryso that each expert can focus on fewer categoriesThemethodhelps to diminish the effects of dominant intrusion categorywhich has shown increased detection rates for rare intrusionsAlso double filtering of network traffic improves detectionrates and computational cost of the approach is less

Aburomman and Ibne Reaz [6] presented a novel clas-sifier ensemble approach for Intrusion Detection System inorder to improve the accuracy Authors have constructed anensemble by using proposed PSO generated weights schemeand compared the results with that of the Weighted MajorityAlgorithm (WMA) approach LUS metaoptimization of theset of generated weights has resulted in the performanceimprovements of IDS

Qassim et al [7] reviewed the set of features that ismore suitable for detecting wide range of anomalies fromthe network traffic Authors introduced A-IDS an alarmclassifier that can automatically analyze and categorize theanomalies monitored by a packet header based anomalydetection system Proposed method monitors the networktraffic flow selects appropriate features and compares trafficflows representing attack to existing data

Govindarajan [8] introduced a new hybrid IntrusionDetection System by combining radial basis function andsupport vector machine Experimentation carried out onvarious data sets of intrusion detection proves effectiveness ofheterogeneousmodels compared with homogeneousmodelsLiu et al [9] presented a hybrid approach SmoteAdaNL thatapplies resampling in order to increase number of flows inminority class and then diversified ensemble technique toimprove the generalization of classifier Weight assignmentto the misclassified flows helps to improve the classificationperformance

Al-Jarrah et al [1] introduced a traffic based IDS (T-IDS) for botnet which includes number of compromisedmachines known as bots remotely controlled by a machineknown as botmaster The proposed approach makes useof a novel randomized data partitioned learning method(RDPLM) and analyzes packet header rather than packetpayload to identify intrusion Authors developed a novelfeature selection technique to create a subset of featureswhich will be helpful for correct detection of intrusionsApproach has proved to improve detection accuracy withlower computational cost and is scalable to large networks

Hu et al [10] proposed a distributed intrusion detectionframework in which each node constructs a global detectionmodel that combines local parametric models created usinga small set of samples Hence a node can detect attack

signatures present in other nodes though it does not haverepresentative samples of that attack Li et al [11] proposednonnegative matrix factorization (NMF) based method forclassification of networked text Proposed algorithm puNetinitially identifies clusters with the help of NMF methodand then learning algorithm is trained with available labeleddata

Hu et al [12] proposed a novel intrusion detectionalgorithm that has low computational complexity and highdetection rate If any false detection of attack is made nextiteration of AdaBoost focuses on it and improves the detec-tion rate The proposed approach also handles overfittingissue where detection of attack is not very specific and newattacks will be also detected effectively

Yu et al [13] presented an automatically tuning IDS(ATIDS) that can automatically tune the detection modelbased on the feedback about the false predictions When-ever deployed detection model encounters novel data itadapts to that data so that model performance is improvedExperimental results onKDDCuprsquo99 dataset have shown 35improvements in detecting the anomalous behavior

Alrajeh et al [14] discussed few existing IDS and researchissues relevant toWireless Network Security (WSN) Authorsbriefed different categories of IDS and choosing appropriatetype of IDS for specifiedWSNThey suggested use of anomalybased IDS for small sized WSN due to their lightweightnature Relatively larger WSN should prefer signature basedIDS while very large WSN should choose hybrid type of IDSAuthors suggest not to prefer cross layer IDS for WSN withlimited resources

Machine learning techniques have helped in correctlyidentifying the intrusions in IDS which in turn helps toimprove the security of IDS Although there is much workon IDS still some issues in this area need further attention ofresearchers Skewed nature of training datasets of IDS is suchan important issue that may have significant impact on theperformance of IDS The number of instances belonging topositive class is very low compared to that of negative classThe classifier that is trained on skewed data may be biasedtowards negative class in decisionmakingThis hasmotivatedus to address the imbalance between the classes in order toavoid this issue The first concern in the proposed system isto reduce the imbalance between the classes by resamplingthe dataset and then apply classifier ensemble technique toimprove the classification performance

3 Proposed System

Basically Intrusion Detection System involves analysis ofnetwork traffic collected and comparison with the baselinedefined for the system that indicates the normal behavior ofthe system If a mismatch is found it indicates that someonehas intruded the system

Intrusion Detection System comprises the following ele-ments

(1) Monitoring of Network Traffic This involves monitoringthe user and system activity in order to collect network trafficdata

Journal of Electrical and Computer Engineering 3

(i) Data collection

Monitoring

(ii) Intrusion detection

Analysis

(iii) Alert generation

Alert

Training data

Datasubsets

Feature subsets

Detection model 1

Detection model 2

Detection model

Intrusion Detection System

Analysis amp detection

Figure 1 Proposed system

(2) Analysis and Detection Figure 1 represents the analysisand detection process of the proposed system

This element incorporates generation of a predictionmodel for intrusion detection that can correctly detect theintrusion

In this paper we propose a classification-based frame-work for the analysis and detection of intrusions Firstconcern of this work is to focus on intrusions of rarecategory Such category has few representative instances andhence detection model trained on such data may not beefficient in detecting the intrusions of that category In orderto avoid this initially resampling of minority category isdone Synthetic data is introduced to such attack categoryAlso samples of category having relatively high number ofinstances are reduced Such preprocessed data is provided asinput for learning of detection models Preprocessing alsoinvolves identification of noisy data or data with missingvalues

Existing studies have shown improved rates of detec-tion with the usage of classifier ensemble approach Henceproposed system creates a novel classifier ensemble thatcombines opinions of individual experts Two level ensemblesare constructed by using two different approaches of creatingthe ensemble That is data level and feature level method isused to generate two detection models

Detection Model 1 Data subsets1198631 1198632 119863

119899are created by

extracting subset of original training data and are providedas input to the individual base classifier Results of thoseclassifiers are combined to get predicted output of ensemblenamed Detection Model 1

Detection Model 2 Feature subsets 1198781 1198782 119878

119899are created

by extracting subsets of features from the original training

dataset and individual classifiers are trained with thosesubsets Their results are combined to get Detection Model2

Outputs of Detection Model 1 and Detection Model 2 arecombined to get the final prediction of whether intrusionexists or not

(3) Alert Generation If any malicious activity is detected analert will be generated to inform the administrator about theexistence of intrusion

The detailed algorithm is explained in Section 4

4 Algorithm

Algorithm 1 (GenerateClassifier)

119879 Original Training data set119879111987921198793 Training Subsets by using different datasets

1198781 1198782 1198783 Training Subsets by using different feature

sets1198791015840 Modified data set after Pre-processing119865 Final classifier Ensemble modelCE Classifier Ensemble

Steps

(1) Apply pre-processing to original training data set 119879

1198781015840 = Over_sample (119879)1198611015840 = under_sample (119879)

(2) For 119894 = 1 to 119870 do create 119896models


(3) Create a new training dataset119879119894by extracting different

data subsets 119879119894= 1198781015840 cup 1198611015840

(4) Train and learn a base classifier using 119879119894

119861119894= BuildClassifier (119879

119894)

(5) Create a new training dataset 119878119894by extracting different

feature subsets

119878119894= Feature subset (1198791015840)

(6) Train and learn a base classifier J48 using 119878119894


119894)

(7) Construct first level classifier ensembles

1198641= CE (119861

1 1198612 1198613)


1198642= CE (119872

111987221198723)

(9) Final classifier is

119865 = CE (1198641 1198642)

5 Experimental Investigation

For experimentation we have chosen KDDCuprsquo99 datasetthat is publicly available inUCI repository [13]Many existingworks in the area of IDS have been evaluated by using KDD-Cuprsquo99 data as standard dataset Dataset includes variousintrusions simulated in a military network environment forseveral weeks The dataset consists of a training dataset with494021 records and a test dataset with 311029 records [6]described with 41 attributes

Attacks in the KDDCuprsquo99 dataset can be categorizedinto four main categories [4] Remote to Local (R2L) Userto Root (U2R) Probing and Denial of Service (DOS) R2Lis a type of attack in which attacker tries to gain accessto network or machine [6] In U2R attack attacker hasaccess to victimmachine but aims to get superuser privilegesProbing is an attack in which attacker executes scanning inorder to identify possible vulnerabilities in the victim systemIdentified weaknesses can be used to harm the system DOSis a kind of attack that aims tomake the resources unavailableto authorized users Usually this is achieved by floodingsystems or networks with excess traffic disrupting the con-nection or services This will result in delayed or inefficientservices

In this work we have selected subset of attacks fromKDDCuprsquo99 dataset including attacks such as the following

(a) Teardrop It involves sending fragmented IP packets thatare overlapping with each other to the target machine Afterreceiving targetmachine tries to reassemble them but cannotsucceed Windows 95 and Windows NT contain one bugrelated to overlapping due to which system cannot handle

Table 1 Datasets used in the experiment

Attack name Number of recordsNormal 3987Phf 3Teardrop 50Loadmodule 7Smurf 43Total 4090

overlapping packets in an effective way As a result systemmay crash or reboot

(b) Smurf It is a kind of Distributed DOS attack in whichattacker spoofs the target system and broadcasts InternetControl Message Protocol (ICMP) packets with target sys-temrsquos IP Most of the networked devices reply to the source IPwhich generates a huge traffic and floods the target systemHence its services will not be available to authorized users

For our experimentation we have chosen subset of theKDDCuprsquo99 dataset The details of the dataset used in ourexperimentation are shown in Table 1

Evaluation of the system performance is done by usingdetection rate as an evaluation measure Accuracy is a mea-sure that represents fraction of intrusions that are correctlyidentified

6 Results and Discussion

Performance of proposed system is compared with existingmulticlass classifier ensemble Experimentation is carried outfor different individual classifiers namely Logistic Regres-sion J48 and Naive Bayes Table 2 summarizes the detectionrates of proposed and other reference techniques

Figure 2 depicts performance evaluation of proposedmethod in terms of detection rate Though the performanceimprovement seems smaller correct identification of intru-sion is extremely important and proves beneficial

Analysis of the graphs presented in Figure 2 clearly showsimproved accuracy of detecting intrusions with the use ofproposedmethodThemajor aim of the experimentation wasto investigate the effect on detection rates of the proposed IDSby selecting different individual classifiers as base classifiers ofensemble This has helped to derive some conclusions aboutthe suitable classifiers for IDS Analysis of the results leadsto some findings that can help in choosing the appropriatebase classifier to be used for ensemble designed for IntrusionDetection System Three classifiers namely J48 LogisticRegression and Naive Bayes were tested as base classifiersof proposed ensemble technique Logistic Regression hasproved more beneficial as a base classifier in detecting theintrusions Usage of preprocessing helps to detect the attacksof rare category correctly and improves the performance ofclassifier But it has overhead as it requires more time forthe learning phase of model Overall the proposed methodimproves performance of IDS by using a simpler design andeasier approach


Table 2 Performance evaluation using detection rate ()

Base classifier Logistic Regression J48 Naive BayesAttack Model 1 Proposed method Model 1 Proposed method Model 1 Proposed methodPhf 9873 100 57 813 667 71Teardrop 9911 100 100 100 100 100Normal 100 999 999 999 986 99Smurf 977 977 100 100 100 100Loadmodule 571 714 674 742 857 857

Base classifier Logistic Regression

Attack

Model 1Proposed method

LoadmoduleSmurfNormalTeardropPhf0

20

40

60

80

100

Det

ectio

n ra

te

(a) Detection rate with Logistic Regression as base classifier

0

20

40

60

80

100

Det

ectio

n ra

te

Base classifier J48

Attack


LoadmoduleSmurfNormalTeardropPhf

(b) Detection rate with J48 as base classifier

Attack

Base classifier Naive Bayes


0

20

40

60

80

100

Det

ectio

n ra

te


(c) Detection rate with Naive Bayes as base classifier

Figure 2 Performance evaluation

7 Conclusion

In this work we proposed a novel classifier ensemble methodfor intrusion detection that is diversified by using two differ-ent approachesThat is it uses different feature sets and train-ing sets bothThemethodology also makes use of resamplingtechnique that emphasizes the attack of rare category The

comparison of proposed approach with reference techniquesshows significant improvement in detecting the intrusionscorrectlyThe procedure can be further extended to adjust theensemble size dynamically according to the size of datasetThat is decision of number of base classifiers to be usedfor constructing ensemble should be done dynamically Ifthe size is decided statistically it may not prove effective for


different dataset sizes with varying imbalance ratios Henceadaptively changing the size by analyzing these factors willhelp to improve performance with relatively less overheadAlso performance of the approach can be tested for morenumber of attack categories

Conflicts of Interest

The authors declare that they have no conflicts of interest

References

[1] O Y Al-Jarrah O Alhussein P D Yoo S Muhaidat KTaha and K Kim ldquoData randomization and cluster-basedpartitioning for botnet intrusion detectionrdquo IEEE Transactionson Cybernetics vol 46 no 8 pp 1796ndash1806 2016

[2] K Kumar and S Singh ldquoIntrusion Detection Using SoftComputing Techniquesrdquo 2016

[3] S Rajasegarar C Leckie J C Bezdek and M PalaniswamildquoCentered hyperspherical and hyperellipsoidal one-class sup-port vector machines for anomaly detection in sensor net-worksrdquo IEEE Transactions on Information Forensics and Secu-rity vol 5 no 3 pp 518ndash533 2010

[4] A L Buczak and E Guven ldquoA survey of data mining andmachine learning methods for cyber security intrusion detec-tionrdquo IEEE Communications Surveys and Tutorials vol 18 no2 pp 1153ndash1176 2016

[5] K-C Khor C-Y Ting and S Phon-Amnuaisuk ldquoA cascadedclassifier approach for improving detection rates on rare attackcategories in network intrusion detectionrdquo Applied Intelligencevol 36 no 2 pp 320ndash329 2012

[6] A A Aburomman and M B Ibne Reaz ldquoA novel SVM-kNN-PSO ensemble method for intrusion detection systemrdquo AppliedSoft Computing Journal vol 38 pp 360ndash372 2016

[7] Q S Qassim A M Zin and M J Ab Aziz ldquoAnomaliesclassification approach for networkmdashbased intrusion detectionsystemrdquo International Journal of Network Security pp 1159ndash11712016

[8] M Govindarajan ldquoEvaluation of ensemble classifiers forintrusion detectionrdquo World Academy of Science Engineeringand Technology International Journal of Computer ElectricalAutomation Control and Information Engineering vol 10 no6 pp 876ndash884 2016

[9] Z Liu R Wang andM Tao ldquoSmoteAdaNL a learning methodfor network traffic classificationrdquo Journal of Ambient Intelligenceand Humanized Computing vol 7 no 1 pp 121ndash130 2016

[10] W Hu J Gao Y Wang O Wu and S Maybank ldquoOnlineadaboost-based parameterized methods for dynamic dis-tributed network intrusion detectionrdquo IEEE Transactions onCybernetics vol 44 no 1 pp 66ndash82 2014

[11] M Li S Pan Y Zhang and X Cai ldquoClassifying networked textdata with positive and unlabeled examplesrdquo Pattern RecognitionLetters vol 77 pp 1ndash7 2016

[12] W Hu W Hu and S Maybank ldquoAdaBoost-based algorithmfor network intrusion detectionrdquo IEEE Transactions on SystemsMan andCybernetics Part B Cybernetics vol 38 no 2 pp 577ndash583 2008

[13] Z Yu J J P Tsai and T Weigert ldquoAn automatically tuningintrusion detection systemrdquo IEEE Transactions on SystemsMan and Cybernetics Part B Cybernetics vol 37 no 2 pp 373ndash384 2007

[14] N A Alrajeh S Khan and B Shams ldquoIntrusion detectionsystems in wireless sensor networks a reviewrdquo InternationalJournal of Distributed Sensor Networks vol 9 no 5 Article ID167575 2013

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpswwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



2 Related Work

Buczak and Guven [4] reviewed machine learning meth-ods for intrusion detection with respect to parameters likecomplexity of algorithm challenges in security enhancementand so forth Authors suggested different criteria such asaccuracy algorithm complexity and time complexity to selectthe effective technique for intrusion detection

Khor et al [5] proposed a cascaded classifier approachfor IDS that enhances the detection rates of the attacks whichbelong to the rare categoryThe proposed technique first sep-arates out the rare intrusions fromnonrare intrusion categoryso that each expert can focus on fewer categoriesThemethodhelps to diminish the effects of dominant intrusion categorywhich has shown increased detection rates for rare intrusionsAlso double filtering of network traffic improves detectionrates and computational cost of the approach is less

Aburomman and Ibne Reaz [6] presented a novel clas-sifier ensemble approach for Intrusion Detection System inorder to improve the accuracy Authors have constructed anensemble by using proposed PSO generated weights schemeand compared the results with that of the Weighted MajorityAlgorithm (WMA) approach LUS metaoptimization of theset of generated weights has resulted in the performanceimprovements of IDS

Qassim et al [7] reviewed the set of features that ismore suitable for detecting wide range of anomalies fromthe network traffic Authors introduced A-IDS an alarmclassifier that can automatically analyze and categorize theanomalies monitored by a packet header based anomalydetection system Proposed method monitors the networktraffic flow selects appropriate features and compares trafficflows representing attack to existing data

Govindarajan [8] introduced a new hybrid IntrusionDetection System by combining radial basis function andsupport vector machine Experimentation carried out onvarious data sets of intrusion detection proves effectiveness ofheterogeneousmodels compared with homogeneousmodelsLiu et al [9] presented a hybrid approach SmoteAdaNL thatapplies resampling in order to increase number of flows inminority class and then diversified ensemble technique toimprove the generalization of classifier Weight assignmentto the misclassified flows helps to improve the classificationperformance

Al-Jarrah et al [1] introduced a traffic based IDS (T-IDS) for botnet which includes number of compromisedmachines known as bots remotely controlled by a machineknown as botmaster The proposed approach makes useof a novel randomized data partitioned learning method(RDPLM) and analyzes packet header rather than packetpayload to identify intrusion Authors developed a novelfeature selection technique to create a subset of featureswhich will be helpful for correct detection of intrusionsApproach has proved to improve detection accuracy withlower computational cost and is scalable to large networks

Hu et al [10] proposed a distributed intrusion detectionframework in which each node constructs a global detectionmodel that combines local parametric models created usinga small set of samples Hence a node can detect attack

signatures present in other nodes though it does not haverepresentative samples of that attack Li et al [11] proposednonnegative matrix factorization (NMF) based method forclassification of networked text Proposed algorithm puNetinitially identifies clusters with the help of NMF methodand then learning algorithm is trained with available labeleddata

Hu et al [12] proposed a novel intrusion detectionalgorithm that has low computational complexity and highdetection rate If any false detection of attack is made nextiteration of AdaBoost focuses on it and improves the detec-tion rate The proposed approach also handles overfittingissue where detection of attack is not very specific and newattacks will be also detected effectively

Yu et al [13] presented an automatically tuning IDS(ATIDS) that can automatically tune the detection modelbased on the feedback about the false predictions When-ever deployed detection model encounters novel data itadapts to that data so that model performance is improvedExperimental results onKDDCuprsquo99 dataset have shown 35improvements in detecting the anomalous behavior

Alrajeh et al [14] discussed few existing IDS and researchissues relevant toWireless Network Security (WSN) Authorsbriefed different categories of IDS and choosing appropriatetype of IDS for specifiedWSNThey suggested use of anomalybased IDS for small sized WSN due to their lightweightnature Relatively larger WSN should prefer signature basedIDS while very large WSN should choose hybrid type of IDSAuthors suggest not to prefer cross layer IDS for WSN withlimited resources

Machine learning techniques have helped in correctlyidentifying the intrusions in IDS which in turn helps toimprove the security of IDS Although there is much workon IDS still some issues in this area need further attention ofresearchers Skewed nature of training datasets of IDS is suchan important issue that may have significant impact on theperformance of IDS The number of instances belonging topositive class is very low compared to that of negative classThe classifier that is trained on skewed data may be biasedtowards negative class in decisionmakingThis hasmotivatedus to address the imbalance between the classes in order toavoid this issue The first concern in the proposed system isto reduce the imbalance between the classes by resamplingthe dataset and then apply classifier ensemble technique toimprove the classification performance

3 Proposed System

Basically Intrusion Detection System involves analysis ofnetwork traffic collected and comparison with the baselinedefined for the system that indicates the normal behavior ofthe system If a mismatch is found it indicates that someonehas intruded the system

Intrusion Detection System comprises the following ele-ments

(1) Monitoring of Network Traffic This involves monitoringthe user and system activity in order to collect network trafficdata


(i) Data collection

Monitoring


Analysis


Alert

Training data

Datasubsets

Feature subsets

Detection model 1

Detection model 2

Detection model












119899are created






4 Algorithm





Steps






data subsets 119879119894= 1198781015840 cup 1198611015840



119894)


feature subsets

119878119894= Feature subset (1198791015840)



119894)


1198641= CE (119861

1 1198612 1198613)


1198642= CE (119872

111987221198723)


119865 = CE (1198641 1198642)




















Attack



20

40

60

80

100

Det

ectio

n ra

te


0

20

40

60

80

100

Det

ectio

n ra

te

Base classifier J48

Attack




Attack



0

20

40

60

80

100

Det

ectio

n ra

te




7 Conclusion







References

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










(i) Data collection

Monitoring


Analysis


Alert

Training data

Datasubsets

Feature subsets

Detection model 1

Detection model 2

Detection model












119899are created






4 Algorithm





Steps






data subsets 119879119894= 1198781015840 cup 1198611015840



119894)


feature subsets

119878119894= Feature subset (1198791015840)



119894)


1198641= CE (119861

1 1198612 1198613)


1198642= CE (119872

111987221198723)


119865 = CE (1198641 1198642)




















Attack



20

40

60

80

100

Det

ectio

n ra

te


0

20

40

60

80

100

Det

ectio

n ra

te

Base classifier J48

Attack




Attack



0

20

40

60

80

100

Det

ectio

n ra

te




7 Conclusion







References

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











data subsets 119879119894= 1198781015840 cup 1198611015840



119894)


feature subsets

119878119894= Feature subset (1198791015840)



119894)


1198641= CE (119861

1 1198612 1198613)


1198642= CE (119872

111987221198723)


119865 = CE (1198641 1198642)




















Attack



20

40

60

80

100

Det

ectio

n ra

te


0

20

40

60

80

100

Det

ectio

n ra

te

Base classifier J48

Attack




Attack



0

20

40

60

80

100

Det

ectio

n ra

te




7 Conclusion







References

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













Attack



20

40

60

80

100

Det

ectio

n ra

te


0

20

40

60

80

100

Det

ectio

n ra

te

Base classifier J48

Attack




Attack



0

20

40

60

80

100

Det

ectio

n ra

te




7 Conclusion







References

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













References

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Security Enrichment in Intrusion Detection System Using Classifier … · Govindarajan [8] introduced a new hybrid Intrusion Detection System by combining radial basis function and