casa 19(19): e5

Research Article

Use the ensemble methods when detecting DoS attacks in Network Intrusion Detection Systems

Download545 downloads
  • @ARTICLE{10.4108/eai.29-11-2019.163484,
        author={Hoang Ngoc Thanh and Tran Van Lang},
        title={Use the ensemble methods when detecting DoS attacks in Network Intrusion Detection Systems},
        journal={EAI Endorsed Transactions on Context-aware Systems and Applications},
        volume={6},
        number={19},
        publisher={EAI},
        journal_a={CASA},
        year={2019},
        month={11},
        keywords={Machine Learning, Ensemble Classifier, Stacking, DoS, UNSW-NB15 dataset},
        doi={10.4108/eai.29-11-2019.163484}
    }
    
  • Hoang Ngoc Thanh
    Tran Van Lang
    Year: 2019
    Use the ensemble methods when detecting DoS attacks in Network Intrusion Detection Systems
    CASA
    EAI
    DOI: 10.4108/eai.29-11-2019.163484
Hoang Ngoc Thanh1,*, Tran Van Lang2
  • 1: Lac Hong University, Vietnam
  • 2: Institute of Applied Mechanics and Informatics, VAST, Vietnam
*Contact email: thanhhn@bvu.edu.vn

Abstract

Building a good IDS model from a certain dataset is one of the main tasks in machine learning. Training multiple classifiers at the same time to solve the same problem and then combining their outputs to improve classification quality, called ensemble method. This paper analyzes and evaluates the performance of using known ensemble techniques such as Bagging, AdaBoost, Stacking, Decorate, Random Forest and Voting to detect DoS attacks on UNSW-NB15 dataset, created by the Australian Cyber Security Center 2015. The experimental results show that the Stacking technique with heterogeneous classifiers for the best classification quality with F − Measure is 99.28% compared to 98.61%, which is the best result are obtained by using single classifiers and 99.02% by using the Random Forest technique.