Heterogeneous Ensemble Approach in Intrusion Detection using Stacking Technique

Abstract

The proliferating cutting-edge technologies have given rise to massive data generation and numerous prospects of cyber-attacks on transgressors. The myriad attack landscapes in the cyber world jeopardize confidential data ranging from personal to industry level. To defend massive computer systems and preserve not only the integrity but also the confidentiality of digital data, the vitalness of intrusion detection systems (IDS) is irrefutable. The enormous and heterogeneous network traffic has rendered intrusion detection mechanisms based upon traditional machine learning techniques inadequate. Rather, a hybrid or ensemble of multiple classifiers can be a felicitous solution in elevating system performance by classifying network intrusions precisely. This study proposes a heterogeneous ensemble scheme for intrusion detection based on the stacking technique that incorporated three base estimators such as a k nearest neighbor (KNN), feedforward neural network (FNN), decision tree (DT), and one meta-classifier i.e. random forest (RF). The benchmark dataset NSL-KDD, UNSW-NB15 dataset, and CSE-CIC-IDS2018 dataset were used in the experiment and comprehensive empir-ical analyses were conducted for binary as well as multiclass classifications on various subsets of the datasets to calibrate the stacking ensemble method based on several evaluation metrics. The proposed approach manifested significant improvement in the detection rate of various network instances in multiclass classification while minimizing the false positive rate.