Multi-Layer Intrusion Detection System by Machine Learning Approaches

Increased attacks on networks propel the use of techniques such as machine learning and data mining in intrusion detection systems to raise accuracy and detection rate of recognizing attack events from normal traffic. Recent systems are efficient for some special classes of attacks yet suffer from low detection rate for others. We used F-measure criteria to evaluate system performance as an average of precision and recall for a class. In this paper by using performances of algorithms to detect types of attacks, a new multi-layer model is proposed and a sample with two layers is implemented. In each layer of the proposed model, an independent pre-processing algorithm is applied and the result of the classification of each layer is utilized to the original data. For selecting and evaluating classification algorithms for the layers of the model, results of seven classification algorithms with different pre-processing types for the first layer and seven different binary classification algorithms with other pre-processing types in the second layer of the model are investigated. In all steps of the model, different combinations of the KDD’99 dataset are used to evaluate, learn, and test. Considering the low frequency of attack events to normal, we were able to significantly raise F-measure criteria for all classes of attacks. Increasing overall system performance depends on the overlap detection rate of classification algorithms, and the number of layers.