Skip to main content
placeholder image

A two-stage classifier approach for network intrusion detection

Journal Article


Abstract


  • Network Intrusion Detection Systems (NIDS) are essential to combat security threats in network environments. These systems monitor and detect malicious behavior to provide automated methods of identifying and dealing with attacks or security breaches in a network. Machine learning is a promising approach in the development of effective NIDS. One of the problems faced in the development of such systems is that the datasets used in the construction of classifiers are typically imbalanced. This is because the classification categories do not have relatively equal representation in the datasets. This study investigates a two-stage classifier approach to NIDS based on imbalanced intrusion detection datasets by separating the training and detection of minority and majority intrusion classes. The purpose of this is to allow flexibility in the classification process, for example, two different classifiers can be used for detecting minority and majority classes respectively. In this paper, we performed experiments using the random forests classifier and the contemporary UNSW-NB15 dataset was used to evaluate the effectiveness of the proposed approach.

Publication Date


  • 2018

Citation


  • Zong, W., Chow, Y. & Susilo, W. (2018). A two-stage classifier approach for network intrusion detection. Lecture Notes in Computer Science, 11125 329-340. Tokyo, Japan Information Security Practice and Experience: 14th International Conference, ISPEC 2018

Scopus Eid


  • 2-s2.0-85054418184

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/2157

Number Of Pages


  • 11

Start Page


  • 329

End Page


  • 340

Volume


  • 11125

Place Of Publication


  • Germany

Abstract


  • Network Intrusion Detection Systems (NIDS) are essential to combat security threats in network environments. These systems monitor and detect malicious behavior to provide automated methods of identifying and dealing with attacks or security breaches in a network. Machine learning is a promising approach in the development of effective NIDS. One of the problems faced in the development of such systems is that the datasets used in the construction of classifiers are typically imbalanced. This is because the classification categories do not have relatively equal representation in the datasets. This study investigates a two-stage classifier approach to NIDS based on imbalanced intrusion detection datasets by separating the training and detection of minority and majority intrusion classes. The purpose of this is to allow flexibility in the classification process, for example, two different classifiers can be used for detecting minority and majority classes respectively. In this paper, we performed experiments using the random forests classifier and the contemporary UNSW-NB15 dataset was used to evaluate the effectiveness of the proposed approach.

Publication Date


  • 2018

Citation


  • Zong, W., Chow, Y. & Susilo, W. (2018). A two-stage classifier approach for network intrusion detection. Lecture Notes in Computer Science, 11125 329-340. Tokyo, Japan Information Security Practice and Experience: 14th International Conference, ISPEC 2018

Scopus Eid


  • 2-s2.0-85054418184

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/2157

Number Of Pages


  • 11

Start Page


  • 329

End Page


  • 340

Volume


  • 11125

Place Of Publication


  • Germany