Hybrid Learning Model for intrusion detection system: A combination of parametric and non-parametric classifiers

IF 6.2 2区 工程技术 Q1 ENGINEERING, MULTIDISCIPLINARY
C. Rajathi, P. Rukmani
{"title":"Hybrid Learning Model for intrusion detection system: A combination of parametric and non-parametric classifiers","authors":"C. Rajathi,&nbsp;P. Rukmani","doi":"10.1016/j.aej.2024.10.101","DOIUrl":null,"url":null,"abstract":"<div><div>The growing digital transformation has increased the need for effective intrusion detection systems. Traditional intrusion detection systems face challenges in accurately classifying complex patterns. To address this issue, this study proposed a Hybrid Learning Model (HLM) that combines both parametric and non-parametric classifiers. The proposed HLM consist of two stages: the first stage employs a non-parametric Base Learner (np-BL) to analyze the data patterns and the second stage involves meta-modelling to generalize the overall performance of the model, named the Parametric Meta-Learning (PML) model. The proposed HLM blends the outcomes of np-BL and PML models using a stacking ensemble. As a base learning model K-Nearest Neighbors (KNN), Decision Tree (DT), Random Forest (RF), Gradient Boosting Machine (GBM), and Support Vector Classification with Radial Basis Function (SVC-RBF), are adopted from a non-parametric classifier group. The parametric classifiers Logistic Regression (LR), Naïve Bayes Classifier (NBC), Linear Discriminant Analysis (LDA), Quadratic Discriminant Analysis (QDA) and Support Vector Machine with linear kernel (Linear SVM) were used as meta-models. The HLM, as proposed, enhances the adaptability and robustness of the model by combining non-parametric and parametric models. To evaluate the competence of the proposed HLM, a performance analysis was conducted using the NSL-KDD, UNSW-NB15, and CICIDS2017 datasets. The effectiveness was assessed using various metrics, including classification accuracy, precision, recall, F1-Score (F1), Receiver Operating Characteristic (ROC) curve, Detection Rate (DR), and False Alarm Rate (FAR). The proposed HLM achieves a better accuracy rate across different datasets when compared with the existing models. The achieved accuracies are 99.02 %, 99.98 % and 99.63 % for the NSL-KDD, UNSW-NB15, and CICIDS2017 datasets respectively. Furthermore, the HLM gave a significant reduction in FAR, with values of 0.0126, 0.0001, and 0.0016 for the above-mentioned datasets.</div></div>","PeriodicalId":7484,"journal":{"name":"alexandria engineering journal","volume":"112 ","pages":"Pages 384-396"},"PeriodicalIF":6.2000,"publicationDate":"2024-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"alexandria engineering journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110016824012651","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0

Abstract

The growing digital transformation has increased the need for effective intrusion detection systems. Traditional intrusion detection systems face challenges in accurately classifying complex patterns. To address this issue, this study proposed a Hybrid Learning Model (HLM) that combines both parametric and non-parametric classifiers. The proposed HLM consist of two stages: the first stage employs a non-parametric Base Learner (np-BL) to analyze the data patterns and the second stage involves meta-modelling to generalize the overall performance of the model, named the Parametric Meta-Learning (PML) model. The proposed HLM blends the outcomes of np-BL and PML models using a stacking ensemble. As a base learning model K-Nearest Neighbors (KNN), Decision Tree (DT), Random Forest (RF), Gradient Boosting Machine (GBM), and Support Vector Classification with Radial Basis Function (SVC-RBF), are adopted from a non-parametric classifier group. The parametric classifiers Logistic Regression (LR), Naïve Bayes Classifier (NBC), Linear Discriminant Analysis (LDA), Quadratic Discriminant Analysis (QDA) and Support Vector Machine with linear kernel (Linear SVM) were used as meta-models. The HLM, as proposed, enhances the adaptability and robustness of the model by combining non-parametric and parametric models. To evaluate the competence of the proposed HLM, a performance analysis was conducted using the NSL-KDD, UNSW-NB15, and CICIDS2017 datasets. The effectiveness was assessed using various metrics, including classification accuracy, precision, recall, F1-Score (F1), Receiver Operating Characteristic (ROC) curve, Detection Rate (DR), and False Alarm Rate (FAR). The proposed HLM achieves a better accuracy rate across different datasets when compared with the existing models. The achieved accuracies are 99.02 %, 99.98 % and 99.63 % for the NSL-KDD, UNSW-NB15, and CICIDS2017 datasets respectively. Furthermore, the HLM gave a significant reduction in FAR, with values of 0.0126, 0.0001, and 0.0016 for the above-mentioned datasets.
入侵检测系统的混合学习模型:参数和非参数分类器的组合
不断发展的数字化转型增加了对有效入侵检测系统的需求。传统的入侵检测系统在准确分类复杂模式方面面临挑战。为解决这一问题,本研究提出了一种混合学习模型(HLM),它结合了参数和非参数分类器。拟议的混合学习模型包括两个阶段:第一阶段采用非参数基础学习器(np-BL)分析数据模式,第二阶段采用元建模来概括模型的整体性能,命名为参数元学习(PML)模型。拟议的 HLM 采用堆叠集合的方式,融合了 np-BL 模型和 PML 模型的结果。作为基础学习模型,采用了非参数分类器组中的 K-Nearest Neighbors (KNN)、Decision Tree (DT)、Random Forest (RF)、Gradient Boosting Machine (GBM) 和 Support Vector Classification with Radial Basis Function (SVC-RBF)。参数分类器逻辑回归(LR)、奈夫贝叶斯分类器(NBC)、线性判别分析(LDA)、二次判别分析(QDA)和带线性核的支持向量机(线性 SVM)被用作元模型。所提出的 HLM 通过结合非参数模型和参数模型,增强了模型的适应性和稳健性。为了评估所提出的 HLM 的能力,使用 NSL-KDD、UNSW-NB15 和 CICIDS2017 数据集进行了性能分析。效果评估采用了多种指标,包括分类准确率、精确度、召回率、F1 分数(F1)、接收者工作特征曲线(ROC)、检测率(DR)和误报率(FAR)。与现有模型相比,所提出的 HLM 在不同数据集上都达到了更高的准确率。在 NSL-KDD、UNSW-NB15 和 CICIDS2017 数据集上的准确率分别为 99.02 %、99.98 % 和 99.63 %。此外,HLM 还显著降低了 FAR,上述数据集的 FAR 值分别为 0.0126、0.0001 和 0.0016。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
alexandria engineering journal
alexandria engineering journal Engineering-General Engineering
CiteScore
11.20
自引率
4.40%
发文量
1015
审稿时长
43 days
期刊介绍: Alexandria Engineering Journal is an international journal devoted to publishing high quality papers in the field of engineering and applied science. Alexandria Engineering Journal is cited in the Engineering Information Services (EIS) and the Chemical Abstracts (CA). The papers published in Alexandria Engineering Journal are grouped into five sections, according to the following classification: • Mechanical, Production, Marine and Textile Engineering • Electrical Engineering, Computer Science and Nuclear Engineering • Civil and Architecture Engineering • Chemical Engineering and Applied Sciences • Environmental Engineering
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信