Implementation of Ensemble Learning and Feature Selection for Performance Improvements in Anomaly-Based Intrusion Detection Systems

Abstract

In recent years, data security in organizational information systems has become a serious concern. Many attacks are becoming less detectable by firewall and antivirus software. To improve security, intrusion detection systems (IDSs) are used to detect anomalies in network traffic. Currently, IDS technology has performance issues regarding detection accuracy, detection times, false alarm notifications, and unknown attack detection. Several studies have applied machine-learning approaches as solutions. This study used an ensemble learning approach that integrates the benefits of each single detection algorithms. We made comparisons with seven single classifiers to identify the most appropriate basic classifiers for ensemble learning. The experiment shows logistics regression, decision trees, and gradient boosting are chosen for our ensemble model. The Communications Security Establishment and Canadian Institute for Cybersecurity 2018 (CSE-CIC-IDS2018) dataset was used to evaluate the proposed model. Spearman’s rank correlation coefficient facilitated the identification of the data features that might not be used. The experiment results showed that 23 of the 80 features were selected, and the model achieved the following scores: final accuracy, 98.8%; precision, 98.8%; recall, 97.1%; and F1, 97.9%.