More Web Proxy on the site http://driver.im/

research-article

A survey of intrusion detection systems based on ensemble and hybrid classifiers

Authors:

Abdulla Amin Aburomman,

Mamun Bin Ibne ReazAuthors Info & Claims

Computers and Security, Volume 65, Issue C

Pages 135 - 152

https://doi.org/10.1016/j.cose.2016.11.004

Published: 01 March 2017 Publication History

Abstract

Due to the frequency of malicious network activities and network policy violations, intrusion detection systems (IDSs) have emerged as a group of methods that combats the unauthorized use of a network's resources. Recent advances in information technology have produced a wide variety of machine learning methods, which can be integrated into an IDS. This study presents an overview of intrusion classification algorithms, based on popular methods in the field of machine learning. Specifically, various ensemble and hybrid techniques were examined, considering both homogeneous and heterogeneous types of ensemble methods. In addition, special attention was paid to those ensemble methods that are based on voting techniques, as those methods are the simplest to implement and generally produce favorable results. A survey of recent literature shows that hybrid methods, where feature selection or a feature reduction component is combined with a single-stage classifier, have become commonplace. Therefore, the scope of this study has been expanded to encompass hybrid classifiers.

References

[1]

P.P. Angelov, X. Zhou, Evolving fuzzy-rule-based classifiers from data streams, IEEE Trans Fuzzy Syst, 16 (2008) 1462-1475.

Digital Library

[2]

S. Axelsson, Intrusion detection systems: a survey and taxonomy, 2000.

[3]

E. Bahri, N. Harbi, H.N. Huu, Approach based ensemble methods for better and faster intrusion detection, in: Computational intelligence in security for information systems, Springer, 2011, pp. 17-24.

Digital Library

[4]

A. Borji, Advances in computer science ASIAN 2007, Springer Berlin Heidelberg, Berlin, Heidelberg, 2007.

[5]

L. Breiman, Bagging predictors, Mach Learn, 24 (1996) 123-140.

Digital Library

[6]

L. Breiman, Pasting small votes for classification in large databases and on-line, Mach Learn, 36 (1999) 85-103.

Digital Library

[7]

L. Breiman, Random forests, Mach Learn, 45 (2001) 5-32.

Digital Library

[8]

V. Bukhtoyarov, V. Zhukov, Ensemble-distributed approach in classification problem solution for intrusion detection systems, in: Intelligent data engineering and automated learningIDEAL 2014, Springer, 2014, pp. 255-265.

[9]

A.P.F. Chan, W.W.Y. Ng, D.S. Yeung, E.C.C. Tsang, Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN, in: 2005 international conference on machine learning and cybernetics, vol. 6, 2005, pp. 3846-3851.

[10]

N.V. Chawla, L.O. Hall, K.W. Bowyer, T. Moore, W.P. Kegelmeyer, Distributed pasting of small votes, in: International workshop on multiple classifier systems, Springer, 2002, pp. 52-61.

Digital Library

[11]

Y. Chen, Y. Zhao, A novel ensemble of classifiers for microarray data classification, Appl Soft Comput, 8 (2008) 1664-1669.

Digital Library

[12]

Y. Chen, M.-L. Wong, H. Li, Applying ant colony optimization to configuring stacking ensembles for data mining, Exp Syst Appl, 41 (2014) 2688-2702.

Digital Library

[13]

J. Cheng, L. Chen, A weighted regional voting based ensemble of multiple classifiers for face recognition, in: International symposium on visual computing, Springer, 2014, pp. 482-491.

[14]

W. Cheng, E. Hllermeier, Combining instance-based learning and logistic regression for multilabel classification, Mach Learn, 76 (2009) 211-225.

Digital Library

[15]

E. De la Hoz, E. de la Hoz, A. Ortiz, J. Ortega, A. Martnez-lvarez, Feature selection by multi-objective optimisation: application to network anomaly detection by hierarchical self-organising maps, Knowl Based Syst, 71 (2014) 322-338.

Digital Library

[16]

C. De Stefano, A.D. Cioppa, A. Marcelli, An adaptive weighted majority vote rule for combining multiple classifiers, in: Proceedings. 16th international conference on pattern recognition, 2002, vol. 2, 2002, pp. 192-195.

[17]

T.G. Dietterich, Ensemble methods in machine learning, in: Multiple classifier systems, Springer, 2000, pp. 1-15.

Digital Library

[18]

H.F. Eid, A. Darwish, A.E. Hassanien, T. Kim, Intelligent hybrid anomaly network intrusion detection system, in: Communication and networking, Springer, 2011, pp. 209-218.

[19]

A. Eleyan, H. zkaramanli, H. Demirel, Weighted majority voting for face recognition from low resolution video sequences, in: Computing with words and perceptions in system analysis, decision and control, 2009. ICSCCW 2009. Fifth international conference on soft computing, IEEE, 2009, pp. 1-4.

[20]

A.C. Enache, V.V. Patriciu, Intrusions detection based on support vector machine optimized with swarm intelligence, in: 2014 IEEE 9th international symposium on applied computational intelligence and informatics (SACI), 2014, pp. 153-158.

[21]

C. Ferri, P. Flach, J. Hernndez-Orallo, Delegating classifiers, in: Proceedings of the twenty-first international conference on machine learning, ACM, 2004, pp. 37.

Digital Library

[22]

G. Folino, C. Pizzuti, G. Spezzano, An ensemble-based evolutionary framework for coping with distributed intrusion detection, Genet Program Evolvable Mach, 11 (2010) 131-146.

Digital Library

[23]

S. Freund, A desicion-theoretic generalization of on-line learning and an application to boosting, in: European conference on computational learning theory, Springer, 1995, pp. 23-37.

Digital Library

[24]

J. Frnkranz, E. Hllermeier, E.L. Menca, K. Brinker, Multilabel classification via calibrated label ranking, Mach Learn, 73 (2008) 133-153.

Digital Library

[25]

D. Gaikwad, R.C. Thool, Intrusion detection system using bagging with partial decision treebase classifier, Procedia Comput Sci, 49 (2015) 92-98.

[26]

J. Gama, P. Brazdil, Cascade generalization, Mach Learn, 41 (2000) 315-343.

Digital Library

[27]

M. Govindarajan, R. Chandrasekaran, Intrusion detection using an ensemble of classification methods, in: World congress on engineering and computer science, vol. 1, 2012, pp. 1-6.

[28]

S. Gu, Y. Jin, Heterogeneous classifier ensembles for EEG-based motor imaginary detection, in: 2012 12th UK workshop on computational intelligence (UKCI), IEEE, 2012, pp. 1-8.

[29]

Y. Gu, B. Zhou, J. Zhao, PCA-ICA ensembled intrusion detection system by pareto-optimal optimization, Inform Technol J, 7 (2008) 510-515.

[30]

M. Gudadhe, P. Prasad, K. Wankhade, A new data mining based network intrusion detection model, in: 2010 international conference on computer and communication technology (ICCCT), IEEE, 2010, pp. 731-735.

[31]

L.K. Hansen, P. Salamon, Neural network ensembles, IEEE Trans Pattern Anal Mach Intell, 12 (1990) 993-1001.

Digital Library

[32]

N.F. Haq, A.R. Onik, F.M. Shah, An ensemble framework of anomaly detection using hybridized feature selection approach (HFSA), in: SAI intelligent systems conference (IntelliSys), 2015, 2015, pp. 989-995.

[33]

A.E. Hassanien, T.-H. Kim, J. Kacprzyk, A.I. Awad, Springer, 2014.

[34]

H. Hota, A.K. Shrivas, Data mining approach for developing various models based on types of attack and feature selection as intrusion detection systems (IDS), in: Intelligent computing, networking, and informatics, Springer, 2014, pp. 845-851.

[35]

Y.S. Huang, C.Y. Suen, The behaviorknowledge space method for combination of multiple classifiers, in: IEEE computer society conference on computer vision and pattern recognition, Institute of Electrical Engineers Inc (IEEE), 1993, pp. 347.

[36]

R.A. Jacobs, M.I. Jordan, S.J. Nowlan, G.E. Hinton, Adaptive mixtures of local experts, Neural Comput, 3 (1991) 79-87.

[37]

N. Jankowski, K. Grabczewski, Heterogenous committees with competence analysis, in: Fifth international conference on hybrid intelligent systems, 2005. HIS05, IEEE, 2005, pp. 6.

Digital Library

[38]

M.I. Jordan, R.A. Jacobs, Hierarchical mixtures of experts and the EM algorithm, Neural Comput, 6 (1994) 181-214.

Digital Library

[39]

M.I. Jordan, L. Xu, Convergence results for the EM approach to mixtures of experts architectures, Neural Netw, 8 (1995) 1409-1431.

Digital Library

[40]

N.K. Kanakarajan, K. Muniasamy, Improving the accuracy of intrusion detection using GAR-Forest with feature selection, in: Proceedings of the 4th international conference on frontiers in intelligent computing: theory and applications (FICTA) 2015, Springer, 2016, pp. 539-547.

[41]

A. Kausar, M. Ishtiaq, M.A. Jaffar, A.M. Mirza, Optimization of ensemble based decision using PSO, in: Proceedings of the world congress on engineering, WCE, vol. 10, 2010, pp. 1-6.

[42]

G. Kumar, K. Kumar, Design of an evolutionary approach for intrusion detection, Scientific World Journal, 2013 (2013).

[43]

L.I. Kuncheva, J.J. Rodrguez, A weighted voting framework for classifiers ensembles, Knowl Inf Syst, 38 (2014) 259-275.

[44]

W. Lee, S.J. Stolfo, K.W. Mok, Adaptive intrusion detection: a data mining approach, Artif Intell Rev, 14 (2000) 533-567.

Digital Library

[45]

L. Lin, R. Zuo, S. Yang, Z. Zhang, SVM ensemble for anomaly detection based on rotation forest, in: 2012 third international conference on intelligent control and information processing (ICICIP), IEEE, 2012, pp. 150-153.

[46]

A.J. Malik, W. Shahzad, F.A. Khan, Binary PSO and random forests algorithm for probe attacks detection in a network, in: 2011 IEEE congress on evolutionary computation (CEC), IEEE, 2011, pp. 662-668.

[47]

S. Masarat, H. Taheri, S. Sharifian, A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems, in: 2014 4th international conference on computer and knowledge engineering (ICCKE), IEEE, 2014, pp. 165-170.

[48]

Y. Meng, L.-F. Kwok, Enhancing false alarm reduction using voted ensemble selection in intrusion detection, Int J Comput Intell Syst, 6 (2013) 626-638.

[49]

Mikolov T., Chen K., Corrado G., Dean J. Efficient estimation of word representations in vector space, arXiv preprint arXiv:1301.3781.

[50]

E. Miranda Dos Santos, Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms, Ecole de Technologie Superieure, Canada, 2008.

[51]

S. Mukkamala, A.H. Sung, A. Abraham, Intrusion detection using an ensemble of intelligent paradigms, J Netw Comput Appl, 28 (2005) 167-182.

Digital Library

[52]

H.H. Pajouh, G. Dastghaibyfard, S. Hashemi, Two-tier network anomaly detection model: a machine learning approach, J Intell Inf Syst (2015) 1-14.

Digital Library

[53]

M.S. Pervez, D.M. Farid, Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMS, in: 2014 8th international conference on software, knowledge, information management and applications (SKIMA), 2014, pp. 1-6.

[54]

B. Pfahringer, Winning the kdd99 classification cup: bagged boosting, SIGKDD Explor, 1 (2000) 65-66.

Digital Library

[55]

S. Rastegari, P. Hingston, C.-P. Lam, Evolving statistical rulesets for network intrusion detection, Appl Soft Comput, 33 (2015) 348-359.

Digital Library

[56]

J. Read, B. Pfahringer, G. Holmes, E. Frank, Classifier chains for multi-label classification, Mach Learn, 85 (2011) 333-359.

Digital Library

[57]

K. Remya, J. Ramya, Using weighted majority voting classifier combination for relation classification in biomedical texts, in: 2014 international conference on control, instrumentation, communication and computational technologies (ICCICCT), IEEE, 2014, pp. 1205-1209.

[58]

J. Richiardi, A. Drygajlo, Reliability-based voting schemes using modality-independent features in multi-classifier biometric authentication, in: Multiple classifier systems, Springer, 2007, pp. 377-386.

Digital Library

[59]

G. Rogova, Combining the results of several neural network classifiers, Neural Netw, 7 (1994) 777-781.

Digital Library

[60]

R.E. Schapire, The strength of weak learnability, Mach Learn, 5 (1990) 197-227.

Digital Library

[61]

L. Shi, L. Xi, X. Ma, M. Weng, X. Hu, A novel ensemble algorithm for biomedical classification based on ant colony optimization, Appl Soft Comput, 11 (2011) 5674-5683.

Digital Library

[62]

R. Singh, H. Kumar, R. Singla, An intrusion detection system using network traffic profiling and online sequential extreme learning machine, Exp Syst Appl, 42 (2015) 8609-8624.

Digital Library

[63]

I. Syarif, E. Zaluska, A. Prugel-Bennett, G. Wills, Application of bagging, boosting and stacking to intrusion detection, in: Machine learning and data mining in pattern recognition, Springer, 2012, pp. 593-602.

Digital Library

[64]

M.A. Tahir, J. Kittler, A. Bouridane, Multilabel classification using heterogeneous ensemble of multi-label classifiers, Pattern Recognit Lett, 33 (2012) 513-523.

Digital Library

[65]

B.A. Tama, K.H. Rhee, A combination of pso-based feature selection and tree-based classifiers ensemble for intrusion detection systems, in: Advances in computer science and ubiquitous computing, Springer, 2015, pp. 489-495.

[66]

M. Tavallaee, E. Bagheri, W. Lu, A.-A. Ghorbani, A detailed analysis of the KDD cup 99 data set, in: 2009, 2009, pp. 1-6.

[67]

H. Toman, L. Kovacs, A. Jonas, L. Hajdu, A. Hajdu, Generalized weighted majority voting with an application to algorithms having spatial output, in: International conference on hybrid artificial intelligence systems, Springer, 2012, pp. 56-67.

Digital Library

[68]

G. Tsoumakas, I. Katakis, I. Vlahavas, Effective voting of heterogeneous classifiers, in: European conference on machine learning, Springer, 2004, pp. 465-476.

[69]

G. Tsoumakas, I. Katakis, I. Vlahavas, Mining multi-label data, in: Data mining and knowledge discovery handbook, Springer, 2009, pp. 667-685.

[70]

R.M. Valdovinos, J.S. Snchez, Combining multiple classifiers with dynamic weighted voting, in: International conference on hybrid artificial intelligence systems, Springer, 2009, pp. 510-516.

Digital Library

[71]

M. Van Erp, L. Schomaker, Variants of the Borda count method for combining ranked classifier hypotheses, in: In the seventh international workshop on frontiers in handwriting recognition. 2000. Amsterdam learning methodology inspired by human's intelligence Bo Zhang, Dayong Ding, and Ling Zhang, Citeseer, 2000, pp. 443-452.

[72]

D.H. Wolpert, Stacked generalization, Neural Netw, 5 (1992) 241-259.

Digital Library

[73]

F. Ye, Z. Zhang, K. Chakrabarty, X. Gu, Board-level functional fault diagnosis using artificial neural networks, support-vector machines, and weighted-majority voting, IEEE Trans Comput Aided Des Integ Circ Syst, 32 (2013) 723-736.

Digital Library

[74]

M.-L. Zhang, Z.-H. Zhou, ML-KNN: a lazy learning approach to multi-label learning, Pattern Recognit, 40 (2007) 2038-2048.

Digital Library

[75]

X. Zhang, P. Wang, L. Du, H. Liu, New method for radar HRRP recognition and rejection based on weighted majority voting combination of multiple classifiers, in: 2011 IEEE international conference on signal processing, communications and computing (ICSPCC), IEEE, 2011, pp. 1-4.

Cited By

MOULAY HDJEBBAR ADEHRI BBESSEGHIER M(2024)Dendrogram-based Heterogeneous Learners for Automatic Modulation Classification in DSTBC-OFDM SystemsPhysical Communication10.1016/j.phycom.2023.10224162:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.phycom.2023.102241
Zhang JChen RZhang YHan WGu ZYang SFu Y(2024)MF2POSEKnowledge-Based Systems10.1016/j.knosys.2023.111110283:COnline publication date: 11-Jan-2024
https://dl.acm.org/doi/10.1016/j.knosys.2023.111110
Azimjonov JKim T(2024)Stochastic gradient descent classifier-based lightweight intrusion detection systems using the efficient feature subsets of datasetsExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121493237:PBOnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121493
Show More Cited By

A survey of intrusion detection systems based on ensemble and hybrid classifiers
1. Computing methodologies
  1. Machine learning

Recommendations

Comparison of ensemble learning methods applied to network intrusion detection
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

This paper investigates the possibility of using ensemble learning methods to improve the performance of intrusion detection systems. We compare an ensemble of three ensemble learning methods, boosting, bagging and stacking in order to improve the ...
MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a review
Abstract
Network security plays an essential role in secure communication and avoids financial loss and crippled services due to network intrusions. Intruders generally exploit the flaws of popular software to mount a variety of attacks against network ...
Network intrusion detection using Machine Learning approach
ICICM '22: Proceedings of the 12th International Conference on Information Communication and Management

Abstract. Today, intrusion detection has become an active research area. Due to the rapidly increasing number of intrusion variants, intrusion detection system analyses and notifies the activities of users as normal (or) anomaly. In our paper, we built ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 65, Issue C

March 2017

432 pages

ISSN:0167-4048

Issue’s Table of Contents

Copyright © Elsevier Ltd.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 March 2017

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

MOULAY HDJEBBAR ADEHRI BBESSEGHIER M(2024)Dendrogram-based Heterogeneous Learners for Automatic Modulation Classification in DSTBC-OFDM SystemsPhysical Communication10.1016/j.phycom.2023.10224162:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.phycom.2023.102241
Zhang JChen RZhang YHan WGu ZYang SFu Y(2024)MF2POSEKnowledge-Based Systems10.1016/j.knosys.2023.111110283:COnline publication date: 11-Jan-2024
https://dl.acm.org/doi/10.1016/j.knosys.2023.111110
Azimjonov JKim T(2024)Stochastic gradient descent classifier-based lightweight intrusion detection systems using the efficient feature subsets of datasetsExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121493237:PBOnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121493
Louati FKtata FAmous I(2024)Enhancing Intrusion Detection Systems with Reinforcement Learning: A Comprehensive Survey of RL-based Approaches and TechniquesSN Computer Science10.1007/s42979-024-03001-15:6Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1007/s42979-024-03001-1
Dong JZhang QHuang XTan QZha DZihao ZChua TLauw HSi LTerzi ETsaparas P(2023)Active Ensemble Learning for Knowledge Graph Error DetectionProceedings of the Sixteenth ACM International Conference on Web Search and Data Mining10.1145/3539597.3570368(877-885)Online publication date: 27-Feb-2023
https://dl.acm.org/doi/10.1145/3539597.3570368
Liu YLiu YYu BZhong SHu Z(2023)Noise-robust oversampling for imbalanced data classificationPattern Recognition10.1016/j.patcog.2022.109008133:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.patcog.2022.109008
Khan MIqbal NImran Jamil HKim D(2023)An optimized ensemble prediction model using AutoML based on soft voting classifier for network intrusion detectionJournal of Network and Computer Applications10.1016/j.jnca.2022.103560212:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jnca.2022.103560
Chakir ORehaimi ASadqi YAbdellaoui Alaoui EKrichen MGaba GGurtov A(2023)An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 5.0Journal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.02.00935:3(103-119)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jksuci.2023.02.009
Gupta NJindal VBedi P(2023)A Survey on Intrusion Detection and Prevention SystemsSN Computer Science10.1007/s42979-023-01926-74:5Online publication date: 10-Jun-2023
https://dl.acm.org/doi/10.1007/s42979-023-01926-7
Debnath CAishwaryaprajna Hait SGuha DChakraborty D(2023)Evolutionary ensembles based on prioritized aggregation operatorSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-023-09289-027:24(18469-18488)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s00500-023-09289-0
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents