Multi-layer hybrid machine learning techniques for anomalies detection and classification approach

Intrusion detection systems (IDS) are well-known research area for the detection of anomalous activities in a system from both inside and outside intruders. In this article, a multi-layer hybrid machine learning intrusion detection system is designed and developed to achieve high efficiency and improve the detection and classification rate accuracy inspired by immune systems with negative selection approach. In the first layer, principal component analysis (PCA) algorithm was used for feature selection. Then, genetic algorithm was applied to generate anomaly detectors, which are able to discriminate between normal and anomalous behaviors in the second layer. It is followed by applying classification using several classifiers including naive bayes, multilayer perceptron neural network, and decision trees to increase the detection accuracy and obtain more information on the detected anomalies. The selected classifiers are trained and applied to label the detected anomalies in both the normal and anomalous traffic. The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82% for DoS attacks and 65.4% for probe attacks in the anomaly traffic.