期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2021
卷号:99
期号:13
语种:English
出版社:Journal of Theoretical and Applied
摘要:The use of network intrusion detection systems based on machine learning algorithms is currently emerging as one of the most effective solutions for monitoring high dimensional network traffic and identifying anomalous flows with high accuracy. Integrating feature reduction/selection techniques is also essential to reduce the undserlying complexity of processing big data sets and detect intrusions in real time. The purpose of this paper is to investigate the possibility of using hybrid network intrusion detection system based feature reduction/selection techniques and ensemble algorithms. First, we compare the performance of six classifiers namely Na�ve Bayes, Support Vector Machine, Simple Logistic Regression, JRip, Part and J48 using the NSL-KDD dataset. After analyzing the results, it is obvious that the algorithms take a lot of time to build the model. Therefore, we applied three dimensionality reduction methods namely: Information gain evaluation, correlation attribute evaluation and OneRule attribute evaluation, to detect intrusions in the minimum possible time without compromising accuracy. Then, we compared the performance of these methods based on the time taken to build the model, accuracy, error rate and other metrics to select the best one and associate it with Artificial Bee Colony algorithm. Based on the experimental results the three best classifiers are selected to be combined into a stacking model and a majority voting model. We then evaluate them using several detection measures including accuracy, precision, F-Measure, recall, time to build model, attack detection rate through true positive rate and false positive rate, and confusion matrices. The results are given and analyzed for each category of attack including R2L, Probes, DOS and U2R to identify the weaknesses of each algorithm, in order to make it more robust against new intrusions. Overall, no algorithm in the model of attack detection performed very well in detecting new U2R and R2L intrusions, nevertheless, the outcomes of our study demonstrate that stacking model, with J48 as the model learner and Part with JRip as the base classifiers, has allowed to increase the detection accuracy of R2L to 15. 20%, U2R up to 29.85%, Probes to 84.55%, DOS to 84.04% and an accuracy score of 91.17% for normal traffic, while reducing the time needed to build the model.
