Abstract
This paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and reduce the false positive rate. We use four different data mining algorithms, naïve bayes, J48 (decision tree), JRip (rule induction) and iBK( nearest neighbour), as base classifiers for those ensemble methods. Our experiment shows that the prototype which implements four base classifiers and three ensemble algorithms achieves an accuracy of more than 99% in detecting known intrusions, but failed to detect novel intrusions with the accuracy rates of around just 60%. The use of bagging, boosting and stacking is unable to significantly improve the accuracy. Stacking is the only method that was able to reduce the false positive rate by a significantly high amount (46.84%); unfortunately, this method has the longest execution time and so is inefficient to implement in the intrusion detection field.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Gudadhe, M., Prasad, P., Wankhade, K.: A new data mining based network intrusion detection model. In: International Conference on Computer & Communication Technology (ICCCT 2010), pp. 731–735 (2010)
Schapire, R.A.: The Boosting Approach to Machine Learning An Overview. In: Nonlinear Estimation and Classification. Springer (2003)
Lee, K.C., Cho, H.: Performance of Ensemble Classifier for Location Prediction Task: Emphasis on Markov Blanket Perspective. International Journal of u- and e- Service, Science and Technology 3(3) (September 2010)
Polikar, R.: Ensemble Based Systems in Decision Making. IEEE Circuits and Systems Magazine 6(3) (2006)
Dietterich, T.G.: Machine learning research: Four current directions. AI Magazine 18(4), 97–136 (1997)
Breiman, L.: Bagging predictors. Machine Learning 24(2), 123–140 (1996)
Schapire, R.E., Freund, Y., Bartlett, P., Lee, W.S.: Boosting the margin: A new explanation for the effectiveness of voting methods. The Annals of Statistics 26(5), 1651–1686 (1998)
Graczyk, M., Lasota, T., Trawiński, B., Trawiński, K.: Comparison of Bagging, Boosting and Stacking Ensembles Applied to Real Estate Appraisal. In: Nguyen, N.T., Le, M.T., Świątek, J. (eds.) ACIIDS 2010, Part II. LNCS, vol. 5991, pp. 340–350. Springer, Heidelberg (2010)
Freund, Y., Schapire, R.E.: A Decision-Theoritic Generalization of on-line Learning and an Application to Boosting (1995)
Zhou, Z.-H.: Ensemble Learning. In: Encyclopedia of Biometrics, vol. 1, pp. 270–273. Springer, Berlin (2009) ISBN: 978-0-387-73002-8
DARPA Intrusion Detection Data Sets, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
KDD Cup 1999 Intrusion Data Sets, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A Detailed Analysis of the KDD CUP 99 Data Set. In: Second IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA (2009)
Dong, L., Yuan, Y., Cai, Y.: Using Bagging Classifiers to Predict Protein Domain Structural Class. Journal of Biomolecular Structure & Dynamics 24(3) (2006) ISSN 0739-1102
Dong, Y.S., Han, K.S.: A comparison of several ensemble methods for text categorization. In: The 2004 IEEE International Conference on Service Computing (SCC 2004), pp. 419–422. IEEE Computer Society, Washington DC (2004) ISBN:0-7695-2225-4
Panda, M., Patra, M.R.: Ensemble of Classifiers for Detecting Network Intrusion. In: International Conference on Advances in Computing, Communication and Control (ICAC3 2009), pp. 510–515 (2009)
Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computer & Security 28(1-2), 18–28 (2009)
Davis, J.J., Clark, A.J.: Data preprocessing for anomaly based network intrusion detection: A review. Computer & Security 30(6-7), 353–375 (2011)
Whitman, M.E., Mattord, H.J.: Principles of Information Security, 4th edn. Course Technology (2011) ISBN: 1111138214
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Syarif, I., Zaluska, E., Prugel-Bennett, A., Wills, G. (2012). Application of Bagging, Boosting and Stacking to Intrusion Detection. In: Perner, P. (eds) Machine Learning and Data Mining in Pattern Recognition. MLDM 2012. Lecture Notes in Computer Science(), vol 7376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31537-4_46
Download citation
DOI: https://doi.org/10.1007/978-3-642-31537-4_46
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31536-7
Online ISBN: 978-3-642-31537-4
eBook Packages: Computer ScienceComputer Science (R0)