Error-correcting Ability Based Collaborative Multi-layer Classifier Ensemble Model For Intrusion Detection

As an active defense network security technology,intrusion detection can effectively detect multiple types of attacks and has become an essential part of network security.Although many algorithms based on machine learning have been proposed in network intrusion detection problems,they have more or less problems such as low detection rate,weak generalization performance,and high false positive rate.Therefore,further improvements are still needed.Ensemble classifier can not only improve the classification accuracy of the learning system,but also can significantly improve the generalization ability by using the different deviations of each classifier.This paper proposes a two-layer intrusion detection model based on classifier ensemble(TLMCE)and an error-correcting ability based collaborative multi-layer selective classifier ensemble model for intrusion detection(MLSCEM),which aims to improve the detection rate and generalization ability of the model,make it more robust and flexible,and implement effective detection of various types of attacks.In addition,because IDS processes a large amount of network data,which usually contains redundant data and unrelated features,data preprocessing must be performed.This paper proposes a forward-backward hybrid feature selection method(FBC)to reduce training time and further improve model performance.The main contents of the research include:This paper proposes a forward-backward hybrid feature selection(FBC)method to eliminate redundant and irrelevant features.The method is suitable for a system composed of multiple classifiers,and includes two parts: a sequence forward selection component and a sequence backward selection component.In the first stage,an improved forward feature selection method was developed for constructing a forward selection component to select the most suitable feature subset for each classifier.The selection results will be fused in the second stage.In the second stage,the feature subsets selected by each classifier in the first stage are merged to obtain the union set,and then the improved backward feature selection method is used to perform secondary screening on the feature set to generate the final feature subset.A two-layer intrusion detection model based on classifier ensemble(TLMCE)is proposed.In the first layer,a JRip classifier is used to classify R2 L and U2 R,and in the second layer,an ensemble classifier is used to classify Normal,Do S,and Probe.In the second layer,J48,JRip,Random Forest,Bayes Net,and Simple Cart are used as the base classifiers,and the optimized stacking strategy is used to fuse the decision results.Aiming at the shortcomings of the TLMCE model in terms of flexibility and generalization capabilities,an error-correcting ability based collaborative multi-layer selective classifier ensemble model was further proposed to obtain better generalization capabilities and robustness.The model consists of a multi-layer structure consisting of five consecutive layers,each of which is classified as a binary classification.In each layer,use the proposed selective classifier ensemble method base on error-correcting ability(SCEM)to select the main classifier and error-correcting components from M preselected base classifiers to generate the most suitable ensemble classifier.The modified version of KDD Cup 99,named as NSL-KDD data set,is used to test the proposed model.The experimental results show that the model proposed in this paper achieves a high detection rate and low false alarm rate,and enhances generalization performance,which is significantly better than the traditional ensemble model and more effective than most other existing ensemble models of intrusion detection.