A N-binary Classification and Grouping-based Approach to Improve the Performance of Anomaly Detection

In today’s world, the growth of computer networks is exponential as networking is an essential part of the latest technologies like Internet of Things (IoT), cloud computing, edge computing, etc., with the adoption of new technologies; security has become an important issue for such techniques. These networks need to be saved from a wide range of available attacks. In the literature, many intrusion detection systems (IDS) are used to detect such attacks. IDS can be signature based or anomaly based. The signature-based method can only detect a well-known attack while anomaly-based methods can detect new attacks but suffers from low performance. IDS with a potential anomaly detection mechanism to improve the performance is highly desirable. For the reasons mentioned above, this paper proposed an anomaly-based IDS with novel hybrid ensemble classification method based on grouping of the network traffic. The groups are created based on the services or protocol used by the network traffic. After grouping of network traffic, wrapper-based sequential feature selection (SFS) with random forest (RF) classifier is used to select optimal features and perform classification in each group. Furthermore, to validate the performance of the proposed model for service-based and protocol-based grouping approach, UNSW-NB15 and NSL-KDD datasets are used, respectively. The result shows that the proposed approach outperforms the existing feature selection approaches with high accuracy, precision, and F-score for both the datasets.