Intrusion detection in computer networks using a cost sensitive ensemble classifier

Document Type : Research Paper


1 Technical Instructors Training Institute, Middle Technical University, Baghdad, Iraq.

2 Administration Directorate, Ministry of Defense, Baghdad, Iraq


The growing use of Internet technology and the attack on computer networks have made intrusion detection systems an essential part of computer security. Conventional intrusion control methods such as firewalls or access control systems are no longer alone able to withstand attacks. Therefore, the need to detect new attacks and anomalies is inevitable. The dataset used in this paper is called NSL-KDD which includes 5 classes: one of them is normal and the other four classes are attacks. In the presented work, an ensemble classifier based on the mean probability of attacks is adopted. The true detection rate of the proposed system is $99.89\%$ which is more than other competing methods. Moreover, the ensemble classifier achieved an F1-measure of $92.48\%$. To improve the F1 measure, we used a meta-classifier called meta-cost which incorporates a cost matrix to transform the original classifier into a cost-sensitive classifier. By this idea, we achieved an F1-measure of $94.1\%$ which outperforms than non-cost sensitive ensemble classifier. These results show that the proposed system can be used as a suitable defence tool to detect intrusion against cyber-attacks.


[1] B. Agarwal and N. Mittal, Hybrid approach for detection of anomaly network traffic using data mining techniques,
Procedia Tech. 6 (2012) 996–1003.
[2] R.G. Bace, Intrusion Detection, Sams Paperback Publishing, 2000.
[3] W.–H. Chen, S.–H. Hsu, and H.–P. Shen, Application of SVM and ANN for intrusion detection, Comput. Oper.
Res. 32(10) (2005) 2617–2634.
[4] J. Hussain and S. Lalmuanawma, Feature analysis, evaluation and comparisons of classification algorithms based
on noisy intrusion dataset, Procedia Computer Science, 92 (2016) 188–198.
[5] R. Lippmann, J.W. Haines, D.J. Fried, J. Korba and K. Das, The 1999 DARPA off-line intrusion detection
evaluation, Comput. Networks 34(4) (2000) 579–595.
[6] J. McHugh, Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection
system evaluations as performed by Lincoln laboratory, ACM Trans. Inf. Syst. Sec. 3(4) (2000) 262–294.
[7] Z. Muda, W. Yassin, M.N. Sulaiman and N.I. Udzir, A K-means and Naive Bayes learning approach for better
intrusion detection, Inf. Tech. J. 10(3) (2011) 648–655.
[8] A.P. Muniyandi, R. Rajeswari and R. Rajaram, Network anomaly detection by cascading k-means clustering and
c4.5 decision tree algorithm, Procedia Engin. 30 (2011) 174–182.
[9] S.T. Sarasamma, Q.A. Zhu and J. Huff, Hierarchical Kohonen net for anomaly detection in network security,
IEEE Trans. Syst. Man. Cyber. Part B 35(2) (2005) 302–312.
[10] J. Stanger, and P.T. Lane, Hack Proofing Linux: A Guide to Open Source Security, 1st Edition, Elsevier, 2001.
[11] I.S. Thaseen and C.A. Kumar, Intrusion detection model using fusion of chi-square feature selection and multi
class SVM, J. King Saud Univ. Comput. Inf. Sci. 29(4) (2017) 462–472.
Volume 12, Issue 2
November 2021
Pages 2199-2206
  • Receive Date: 04 May 2021
  • Revise Date: 16 June 2021
  • Accept Date: 25 June 2021