A Class-Specific Intrusion Detection Model: Hierarchical Multi-class IDS Model

Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are requ...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:SN computer science 2020-07, Vol.1 (4), p.202, Article 202
Hauptverfasser: Sarıkaya, Alper, Kılıç, Banu Günel
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Nowadays, cyberattacks are occurring continuously. There are many kinds of attack types, which are malicious and harmful for our networks, resources and privacy. Along with this, diversity, size and density of the cyberattacks are increasing. Therefore, strong and solid detection mechanisms are required to prevent the cyberattacks. Previously, many intrusion detection mechanisms are proposed, but many of them are suffered to detect some attack classes. In this paper, an up-to-date and realistic dataset called UNSW-NB15 was used for training of an intrusion detection system. The dataset contains network data under nine different attack scenarios as well as normal operation. Firstly, wrapper feature selection was applied to the dataset, which reduced the number of features to 19 features from 43. Secondly, a decision tree classifier was trained with reduced dataset. The confusion matrix was tabulated and classes with low detection rates were identified. Finally, to achieve better detection rates for Dos, Exploit and Fuzzers classes which were low detected classes, a hierarchical multi-class classifier was proposed. As the basis of the model, random forest classifier was selected, where each classifier at a different stage of the hierarchy has a specific attack detection purpose. The proposed system achieved better overall classification accuracy of 80.78% than the baseline random forest classifier. The detection rates for DoS, Exploit and Fuzzers attacks were also increased.
ISSN:2662-995X
2661-8907
DOI:10.1007/s42979-020-00213-z