TY - GEN
T1 - A double-layer detection and classification approach for network attacks
AU - Sun, Chong
AU - Lv, Kun
AU - Hu, Changzhen
AU - Xie, Hui
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/10/9
Y1 - 2018/10/9
N2 - Network intrusion detection system (NIDS) plays a crucial role in maintaining network security. In this paper, we propose a novel double-layer detection and classification technique for network attacks. The advantage of our proposed method is that our two-layer hybird detection combines the advantage of multiple techniques, especially stacking ensemble method, and has better generalization performance. The first layer contains a GBDT classifier which is responsible for identifying DoS (Denial of Service) attacks. The second layer consists of KNN classifier and stacking ensemble classifier. KNN classifier is used to classify the DoS data from the first layer as more subtypes, such as, smurf, pod, neptune, teardrop, back and other DoS attack subtypes. Stacking ensemble classifier optimized by FOA (Fly Optimization Algorithm) is applied to divide the nonDoS data from the first layer to Normal, Probe, R2L (Remote to Local) and U2L (User to Root). The simulation and analysis are done based on KDD99 dataset and we use accuracy, precision rate and recall rate to evaluate our method. The experimental results suggest that our proposed method is a more robust and reliable model and can achieve higher accuracy than other previous methods.
AB - Network intrusion detection system (NIDS) plays a crucial role in maintaining network security. In this paper, we propose a novel double-layer detection and classification technique for network attacks. The advantage of our proposed method is that our two-layer hybird detection combines the advantage of multiple techniques, especially stacking ensemble method, and has better generalization performance. The first layer contains a GBDT classifier which is responsible for identifying DoS (Denial of Service) attacks. The second layer consists of KNN classifier and stacking ensemble classifier. KNN classifier is used to classify the DoS data from the first layer as more subtypes, such as, smurf, pod, neptune, teardrop, back and other DoS attack subtypes. Stacking ensemble classifier optimized by FOA (Fly Optimization Algorithm) is applied to divide the nonDoS data from the first layer to Normal, Probe, R2L (Remote to Local) and U2L (User to Root). The simulation and analysis are done based on KDD99 dataset and we use accuracy, precision rate and recall rate to evaluate our method. The experimental results suggest that our proposed method is a more robust and reliable model and can achieve higher accuracy than other previous methods.
KW - GBDT
KW - KDD99
KW - Network intrusion detection system
KW - Stacking ensemble model
UR - http://www.scopus.com/inward/record.url?scp=85060471408&partnerID=8YFLogxK
U2 - 10.1109/ICCCN.2018.8487460
DO - 10.1109/ICCCN.2018.8487460
M3 - Conference contribution
AN - SCOPUS:85060471408
T3 - Proceedings - International Conference on Computer Communications and Networks, ICCCN
BT - ICCCN 2018 - 27th International Conference on Computer Communications and Networks
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 27th International Conference on Computer Communications and Networks, ICCCN 2018
Y2 - 30 July 2018 through 2 August 2018
ER -