An Investigation of Anomaly-based Ensemble Models for Multi-Domain Intrusion Detection Open Access
Downloadable ContentDownload PDF
Although the traditional intrusion detection problem has been well studied with the release of the KDD’99 and NSL-KDD datasets, recent intrusion detection has expanded to include wireless 802.11 networks and Industrial Control Systems & Supervisory Control and Data Acquisition (ICS/SCADA) systems. This research investigates the application of two novel models to multi-domain intrusion detection. The first model is hybrid ensemble that uses complementary-based diversity measures in an efficient greedy search pruning process. The proposed hybrid ensemble is constructed from a heterogeneous combination of decision tree and Naive Bayes classifiers and evaluated for intrusion detection performance on an 802.11 wireless system, a power generation system, and a gas pipeline system. The second model is based on a one-versus-all (OVA) binary framework comprising multiple nested sub-ensembles. To provide good generalization ability, each sub-ensemble contains a collection of sub-learners, and only a portion of the sub-learners implement boosting. A class weight based on the sensitivity metric (true positive rate), learned from the training data only, is assigned to the sub-ensembles of each class. The second model is applied to traditional and 802.11 wireless network intrusion detection. Overall, the proposed models achieve higher detection rates and good overall false positive performance when evaluating the model compared to state-of-the-art methods for effective multi-domain intrusion detection.