Intrusion detection in computer networks using a cost sensitive ensemble classifier

Document Type : Research Paper

Authors

1 Technical Instructors Training Institute, Middle Technical University, Baghdad, Iraq.

2 Administration Directorate, Ministry of Defense, Baghdad, Iraq

Abstract

The growing use of Internet technology and the attack on computer networks have made intrusion detection systems an essential part of computer security. Conventional intrusion control methods such as firewalls or access control systems are no longer alone able to withstand attacks. Therefore, the need to detect new attacks and anomalies is inevitable. The dataset used in this paper is called NSL-KDD which includes 5 classes: one of them is normal and the other four classes are attacks. In the presented work, an ensemble classifier based on the mean probability of attacks is adopted. The true detection rate of the proposed system is $99.89\%$ which is more than other competing methods. Moreover, the ensemble classifier achieved an F1-measure of $92.48\%$. To improve the F1 measure, we used a meta-classifier called meta-cost which incorporates a cost matrix to transform the original classifier into a cost-sensitive classifier. By this idea, we achieved an F1-measure of $94.1\%$ which outperforms than non-cost sensitive ensemble classifier. These results show that the proposed system can be used as a suitable defence tool to detect intrusion against cyber-attacks.