Ensemble Design for Intrusion Detection Systems

Intrusion Detection problem is one of the most promising research issues of Information Security. The problem provides excellent opportunities in terms of providing host and network security. Intrusion detection is divided into two categories with respect to the type of detection. Misuse detection and Anomaly detection. Intrusion detection is done using rule based, Statistical, and Soft computing techniques. The rule based measures provides better results but the extensibility of the approach is still a question. The statistical measures are lagging in identifying the new types of attacks. Soft Computing Techniques offers good results since learning is done using the training, and during testing the new pattern of attacks was also recognized appreciably. This paper aims at detecting Intruders using both Misuse and Anomaly detection by applying Ensemble of soft Computing Techniques. Neural networks, Support Vector Machines and Naïve Bayes Classifiers are trained and tested individually and the classification rates for different classes are observed. Then threshold values are set for all the classes. Based on this threshold value the ensemble approach produces result for various classes. The standard kddcup’99 dataset is used in this research for Misuse detection. Shonlau dataset of truncated UNIX commands is used for Anomaly detection. The detection rate and false alarm rates are notified. Multilayer Perceptrons, Naïve Bayes classifiers and Support vector machines with three kernel functions are used for detecting intruders. The Precision, Recall and FMeasure for all the techniques are calculated. The cost of the techniques is estimated using the cost measures. The Receiver Operating Characteristic (ROC) curves are drawn for all the techniques. The results show that Support Vector Machines and Ensemble approach provides better detection rate of 99% than the other algorithms.