Researching on Multiple Machine Learning for Anomaly Detection

Firstly, we introduce intrusion detection system and anomaly detection. And then we do some research on machine learning techniques for anomaly detection by network dataset NSL-KDD. The machine learning algorithms such as J48, Random forest, SVM, Vote, Stacking are selected. Random Forest, Vote and stacking are ensemble learning methods. We try to test and verify performance of multiple machine learning methods on a 20 per cent NSL-KDD dataset by experiment. The experiment data has two parts. First, the 20 per cent NSL-KDD dataset is classified into normal and anomaly. Second, the feature of attack type is added to the 20 per cent NSL-KDD dataset, and then a new dataset is generated. It is classified into normal and other four classes of attack. The experiment is accomplished by WEKA. The result is compared on the basis of typical indexes and confusion matrix. At last,we can draw a conclusion that an appropriate ensemble classifier can achieve better classification performance than a single classifier for anomaly detection.