Application of bagging, boosting and stacking to
intrusion detection
Application of bagging, boosting and stacking to
intrusion detection
This paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and reduce the false positive rate. We use four different data mining algorithms, naïve bayes, J48 (decision tree), JRip (rule induction) and iBK( nearest neighbour), as base classifiers for those ensemble methods. Our experiment shows that the prototype which implements four base classifiers and three ensemble algorithms achieves an accuracy of more than 99% in detecting known intrusions, but failed to detect novel intrusions with the accuracy rates of around just 60%. The use of bagging, boosting and stacking is unable to significantly improve the accuracy. Stacking is the only method that was able to reduce the false positive rate by a significantly high amount (46.84%); unfortunately, this method has the longest execution time and so is insufficient to implement in the intrusion detection field
intrusion detection system, bagging, boosting, stacking, ensemble classifiers
Syarif, Iwan
d6c3eb92-73cf-463b-819c-d97d017e54b5
Zaluska, Ed
43f6a989-9542-497e-bc9d-fe20f03cad35
Prugel-Bennett, Adam
b107a151-1751-4d8b-b8db-2c395ac4e14e
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
13 July 2012
Syarif, Iwan
d6c3eb92-73cf-463b-819c-d97d017e54b5
Zaluska, Ed
43f6a989-9542-497e-bc9d-fe20f03cad35
Prugel-Bennett, Adam
b107a151-1751-4d8b-b8db-2c395ac4e14e
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Syarif, Iwan, Zaluska, Ed, Prugel-Bennett, Adam and Wills, Gary
(2012)
Application of bagging, boosting and stacking to
intrusion detection.
MLDM 2012: 8th International Conference on Machine Learning and Data Mining, Berlin, Germany.
13 - 20 Jul 2012.
10 pp
.
Record type:
Conference or Workshop Item
(Paper)
Abstract
This paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and reduce the false positive rate. We use four different data mining algorithms, naïve bayes, J48 (decision tree), JRip (rule induction) and iBK( nearest neighbour), as base classifiers for those ensemble methods. Our experiment shows that the prototype which implements four base classifiers and three ensemble algorithms achieves an accuracy of more than 99% in detecting known intrusions, but failed to detect novel intrusions with the accuracy rates of around just 60%. The use of bagging, boosting and stacking is unable to significantly improve the accuracy. Stacking is the only method that was able to reduce the false positive rate by a significantly high amount (46.84%); unfortunately, this method has the longest execution time and so is insufficient to implement in the intrusion detection field
Text
Application_of_stacking_bagging_boosting_on_intrusion_-_MLDM_31012012.pdf
- Version of Record
More information
Published date: 13 July 2012
Venue - Dates:
MLDM 2012: 8th International Conference on Machine Learning and Data Mining, Berlin, Germany, 2012-07-13 - 2012-07-20
Keywords:
intrusion detection system, bagging, boosting, stacking, ensemble classifiers
Organisations:
Electronics & Computer Science
Identifiers
Local EPrints ID: 338222
URI: http://eprints.soton.ac.uk/id/eprint/338222
PURE UUID: daf08099-97fc-49cc-9f24-ac41dbe41273
Catalogue record
Date deposited: 14 May 2012 11:06
Last modified: 15 Mar 2024 02:51
Export record
Contributors
Author:
Iwan Syarif
Author:
Ed Zaluska
Author:
Adam Prugel-Bennett
Author:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics