Network Anomaly Detection based on Late Fusion of Several Machine Learning Algorithms

Tran Hoang Hai; Le Huy Hoang; Eui-nam Huh; Tran Hoang Hai; Le Huy Hoang; Eui-nam Huh; Tran Hoang Hai; Le Huy Hoang; Eui-nam Huh

doi:10.5121/ijcnc.2020.12608

Volume 12, Number 6

Network Anomaly Detection based on Late Fusion of Several Machine Learning Algorithms

Authors

Tran Hoang Hai¹, Le Huy Hoang¹ and Eui-nam Huh², ¹Hanoi University of Science and Technology, Vietnam, ²Kyung Hee University, Korea

Abstract

Today's Internet and enterprise networks are so popular as they can easily provide multimedia and ecommerce services to millions of users over the Internet in our daily lives. Since then, security has been a challenging problem in the Internet's world. That issue is called Cyberwar, in which attackers can aim or raise Distributed Denial of Service (DDoS) to others to take down the operation of enterprises Intranet. Therefore, the need of applying an Intrusion Detection System (IDS) is very important to enterprise networks. In this paper, we propose a smarter solution to detect network anomalies in Cyberwar using Stacking techniques in which we apply three popular machine learning models: k-nearest neighbor algorithm (KNN), Adaptive Boosting (AdaBoost), and Random Decision Forests (RandomForest). Our proposed scheme uses the Logistic Regression method to automatically search for better parameters to the Stacking model. We do the performance evaluation of our proposed scheme on the latest data set NSLKDD 2019 dataset. We also compare the achieved results with individual machine learning models to show that our proposed model achieves much higher accuracy than previous works.

Keywords

Network Security, Intrusion Detection System, Anomaly Detection, Machine Learning.

Archives