IJCATR Volume 8 Issue 4

A Comparative Analysis of Standard and Ensemble Classifiers on Intrusion Detection System

Joseph Mbugua, Moses Thiga, Joseph Siror
keywords : Ensemble classifiers, intrusion detection, standard classifiers, false alarms

With the increased dependence on the Internet, Network Intrusion Detection system (NIDs) becomes an indispensable part of information security system. NIDs aims at distinguishing the network traffic as either normal or abmormal. Due to the variety of network behaviors and the rapid development of attack strategies, it is necessary to build an intelligent and effective intrusion detection system with high detection rates and low false-alarm rates. One of the major developments in machine learning in the past decade is the ensemble method that generates a set of accurate and diverse classifiers that combine their outputs such that the resultant classifier outperforms all the single classifiers. In this work a comparative analysis on performance of three different ensemble methods, bagging, boosting and stacking is performed in order to determine the algorithm with high detection accuracy and low false positive rate. Three different experiments on NSL KDD data set are conducted and their performance evaluated based on accuracy, false alarms and computation time. The overall performance of the different types of classifiers used proved that ensemble machine learning classifiers outperformed the single classifiers with high detection accuracy and low false rates.
Title = "A Comparative Analysis of Standard and Ensemble Classifiers on Intrusion Detection System",
Journal ="International Journal of Computer Applications Technology and Research(IJCATR)",
Volume = "8",
Issue ="4",
Pages ="82 - 148",
Year = "2019",
Authors ="Joseph Mbugua, Moses Thiga, Joseph Siror"}
  • Explain how to improve performance of IDS based on single and Ensemble classifiers
  • Compare eight different algorithms and SVM as a base learners and stacking as a multi classifier learner
  • Compare two ensemble learning techniques, bagging and boosting and five standard classifiers using 10-fold cross validation
  • Improving Intrusion detection performance using combination of four distinct classifiers based on stacking with SVM as a meta classifier.