An Efficient NIDS Using Ensemble Techniques for Multinominal Classification

Abstract

Ensuring robust network security is a critical priority in modern network administration, as systems are constantly exposed to both known vulnerabilities and emerging threats. Intrusion detection plays a vital role in safeguarding these systems by identifying malicious activities that compromise confidentiality, integrity, or availability. To address these challenges, this work presents the development of a Network Intrusion Detection System (NIDS) capable of accurately detecting and classifying multiple categories of cyberattacks, including Denial of Service (DoS), Probe, User to Root (U2R), and Remote to Local (R2L), while maintaining a low false alarm rate, even under high network traffic. The proposed system leverages ensemble learning and advanced data mining classification techniques to enhance detection accuracy and efficiency. Using the benchmark NSL-KDD dataset, which includes attack-type labels and difficulty levels, the model is trained to recognize diverse attack patterns and determine their specific categories. Comprehensive parameter tuning further optimizes performance, enabling the NIDS to serve as a reliable and scalable security solution for real-world network environments.

Introduction

With the growing importance of network security, Intrusion Detection Systems (IDS) play a vital role in identifying and mitigating unauthorized access, malicious activities, and policy violations in computer networks. IDS can be categorized as:

• Host-based (HIDS): Monitors activity on individual devices.

• Network-based (NIDS): Monitors entire network traffic.

Types of NIDS:

1. Signature-based: Detects known attack patterns.

2. Anomaly-based: Flags deviations from normal behavior.

3. Hybrid: Combines both approaches for improved accuracy.

The paper emphasizes the use of Machine Learning (ML) and Deep Learning (DL) to enhance IDS performance. Various algorithms are explored, including:

• Logistic Regression

• K-Nearest Neighbors (KNN)

• Discriminant Analysis

• Decision Tree

• Neural Networks

• AdaBoost (Ensemble Method)

Data Source:
The NSL-KDD dataset (an improved version of KDDCUP’99) is used for training and evaluation.

Methodology:

1. Data Preprocessing: Handling outliers and missing values, feature selection using K-Best.

2. Model Building: Multiple ML models are trained and validated using cross-validation.

3. Parameter Tuning: Hyperparameter optimization improves accuracy.

4. Intrusion Detection: Models predict attacks based on traffic patterns.

Architecture Overview:

• Input data is preprocessed and split into training and testing sets.

• Models are trained on the training data using different ML algorithms.

• Final predictions are made on test data, and intrusions are detected based on anomalies or predefined patterns.

Common Intrusion Types Detected:

• PROBE

• DoS (Denial of Service)

• R2L (Remote to Local)

• U2R (User to Root)

Conclusion

As part of the proposed NIDS, a dataset is taken, preprocessed, and analysed. ML models are built using different algorithms based on the training data. Classifier algorithms such as Decision Trees, Logistic Regression are used and ensemble techniques such as AdaBoost Voting Classifier are employed. The model is designed to classify whether there is an attack in the network. Additionally, it specifies the type of attack among Probe, DoS, R2L, and U2R attacks. In order to achieve optimal accuracy, learning models were trained and parameter-tuned according to network traffic details and configuration parameters. Some models have achieved a higher level of accuracy than others. The model is limited to intrusion detection. Further, the model can be developed and employed for other websites where networking is crucial. It can be made to notify users directly while communication is going on. In that case, not only detection, but prevention can be made so that the data does not lose its integrity and confidentiality, availability.

References

[1] Network Intrusion Detection Using Improved Genetic k-means Algorithm. S. McElwee, \"Active learning intrusion detection using k-means clustering selection\", Conf. Proc. - IEEE SOUTHEASTCON, 2017 [2] Intrusion Detection Using Tree-Based Classifiers. Ahmim, M. Derdour, and M. A. Ferrag. An intrusion detection system based on combining probability predictions of a tree of classifiers, International Journal of Communication System, vol. 31, pp.1–14, 2018. [3] A Survey of Intrusion Detection Models based on NSL-KDD Data Set. M. R. Parsaei, S. M. Rostami, and R. Javidan, “A Hybrid Data Mining Approach for Intrusion Detection on Imbalanced NSL-KDD Dataset,” Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 6, pp. 20–25, 2016. [4] Intrusion Detection Using Unsupervised Approach. Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv Preprint. [5] Arindam Sarkar, Hanjabam Saratchandra Sharma & Moirangthem Marjit Singh. A supervised machine learning-based solution for efficient network intrusion detection using ensemble learning based on hyperparameter optimization International Journal of Information Technology volume 15, pages423–434 (2023) [6] Abdulsalam O. Alzahrani and Mohammed J. F. Alenazi. Designing a Network Intrusion Detection System Based on Machine Learning for Software Defined Networks. Future Internet 2021, 13,111. [7] Zeeshan Ahmad, Adnan Shahid Khan, CheahWai Shiang, Johari Abdullah, Farhan Ahmad. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. [8] J. Olamantanmi Mebawondu, OlufunsoD. Alowolodu , JacobO. Mebawondu , Adebayo O. Adetunmbi. Practical real-time intrusion detection using machine learning approaches. [9] Tavallaee M, Bagheri E, Lu W, Ghorbani AA. Deep Neural network and Real-Time Intrusion detection system. [10] Abdullah B, Abd-Alghafar I, Salama GI. The Machine Learning and Deep learning methods for intrusion detection system. [11] Rong Wang, Yuansheng Dong, Juan He, P.R China. The Real-Time network intrusion detection using deferred decision and hybrid classifier. [12] Valerio Morfino and Salvotore Ranpone, department of law, Economics, University of Sannio, I-82100 Benevento, Italy. [13] Wang Peng, Xiangwei Kong, Guojin Peng, Xiaoya Li, Zhongjie Wang. Network Intrusion Detection Based on Deep Learning. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE). [14] Marzia Zaman,Chung-Horng. Evaluation of machine learning techniques for network Intrusion detection. [15] Wathig Laftah AL-Yasena, Zulaiha Ali Othmana Mohd Zakree Ahmad. Multi-level Hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system.

Copyright

Copyright © 2025 Kundarapu Viveka, Dr. M. Dhanalakshmi. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.