Three layer hybrid learning to improve intrusion detection system performance

Ruki Harwahyu, Fajar Henri Erasmus Ndolu, Marlinda Vasty Overbeek

Research output: Contribution to journalArticlepeer-review

Abstract

In imbalanced network traffic, malicious cyberattacks can be hidden in a large amount of normal traffic, making it difficult for intrusion detection systems (IDS) to detect them. Therefore, anomaly-based IDS with machine learning is the solution. However, a single machine learning cannot accurately detect all types of attacks. Therefore, a hybrid model that combines long short-term memory (LSTM) and random forest (RF) in three layers is proposed. Building the hybrid model starts with Nearmiss-2 class balancing, which reduces normal samples without increasing minority samples. Then, feature selection is performed using chi-square and RF. Next, hyperparameter tuning is performed to obtain the optimal model. In the first and second layers, LSTM and RF are used for binary classification to detect normal data and attack data. While the third layer model uses RF for multiclass classification. The hybrid model verified using the CSE-CIC-IDS2018 dataset, showed better performance compared to the single algorithm. For multiclass classification, the hybrid model achieved 99.76% accuracy, 99.76% precision, 99.76% recall, and 99.75% F1-score.

Original languageEnglish
Pages (from-to)1691-1699
Number of pages9
JournalInternational Journal of Electrical and Computer Engineering
Volume14
Issue number2
DOIs
Publication statusPublished - 2024

Keywords

  • CSE-CIC-IDS2018
  • Hybrid learning
  • Intrusion detection system
  • Long short-term memory
  • Random forest

Fingerprint

Dive into the research topics of 'Three layer hybrid learning to improve intrusion detection system performance'. Together they form a unique fingerprint.

Cite this