Network Intrusion Detection and Prevention System Using Hybrid Machine Learning with Supervised Ensemble Stacking Model

Network intrusion detection systems play a critical role in protecting a variety of services ranging from economic through social to commerce. However, the growing level and sophistication of malicious attacks launched on networks in the current technological landscape have necessitated the need for...

Full description

Saved in:
Bibliographic Details
Published inJournal of Computer Networks and Communications Vol. 2024; no. 1
Main Authors Mills, Godfrey A, Acquah, Daniel K, Sowah, Robert A
Format Journal Article
LanguageEnglish
Published New York John Wiley & Sons, Inc 01.01.2024
Hindawi Limited
Subjects
Accuracy
Algorithms
Classification
Data mining
Datasets
Decision making
Decision trees
Deep learning
Denial of service attacks
Detectors
Disk operating system (DOS)
False alarms
Feature selection
Hypotheses
Hypothesis testing
Intrusion detection systems
Machine learning
Multilayer perceptrons
Neural networks
Performance evaluation
Prevention
Self organizing maps
Trends
Unsupervised learning
Online AccessGet full text

Cover

More Information
Summary:Network intrusion detection systems play a critical role in protecting a variety of services ranging from economic through social to commerce. However, the growing level and sophistication of malicious attacks launched on networks in the current technological landscape have necessitated the need for advanced and robust detection mechanisms to mitigate against security breaches of confidentiality, integrity, and denial-of-service. In this paper, we present a hybrid intrusion detection system that combines supervised and unsupervised learning models through an ensemble stacking model to increase the detection accuracy rates of attacks in networks while minimising false alarms. Three machine learning algorithms comprising a multilayer perceptron neural network, a modified self-organizing map, and a decision tree were used for the detection framework. The intrusion detection system was trained and evaluated on benchmark datasets: NSL-KDD and CIC-DDoS2019. The intrusion detection system was implemented as a Java solution and the detection performance was evaluated. A 10-fold cross-validation performance was also performed to validate how well the detection system predicts unknown attacks for prevention. The results of the tests revealed a detection accuracy of 99.84% of the instances in the NLS-KDD dataset with a true positive rate of 99.8% and a false positive rate of 0.10% while a detection accuracy of 99.90% was achieved with the CIC-DDoS2019 dataset. Furthermore, the detection system was effective in distinguishing attack traffic from normal traffic in the NSL-KDD dataset and was able to adequately detect DOS, Probe, and R2L attacks with F1 scores of 100%, 99.6%, and 95.1%, respectively, which are significantly impressive. However, the detection of less frequency attack types such as U2R attacks was quite low with an F1 score of 62.5%. The detection performance of the proposed hybrid intrusion detection system suggests that it can be deployed in network security applications to detect packets that exhibit suspicious behaviour or indicate potential threats and respond appropriately to attacks. Implementing the detection framework as a Java solution makes it possible to deploy it across various operating system platforms without any impact on the detection performance.
ISSN:2090-7141
2090-715X
DOI:10.1155/2024/5775671