Turkish Journal of Electrical Engineering and Computer Sciences
DOI
10.3906/elk-1702-279
Abstract
Detecting intrusions in a network traffic has remained an issue for researchers over the years. Advances in the area of machine learning provide opportunities to researchers to detect network intrusion without using a signature database. We studied and analyzed the performance of a stacking technique, which is an ensemble method that is used to combine different classification models to create a better classifier, on the KDD'99 dataset. In this study, the stacking method is improved by modifying the model generation and selection techniques and by using different classifications algorithms as a combiner method. Model generation is performed using subsets of the dataset with randomly selected features and not all of these models are used as input for the combiner. Various metrics are used in model selection and only selected models are used as input for the combiner method. In our experiments, the stacking technique provided higher accuracy results all the time compared to pure machine learning techniques. The second important result in our experiments was obtaining the highest detection rate for user-to-root attacks compared to other studies.
Keywords
Classification, ensemble, machine learning, stacking
First Page
418
Last Page
433
Recommended Citation
DEMİR, NECATİ and DALKILIÇ, GÖKHAN
(2018)
"Modified stacking ensemble approach to detect network intrusion,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 26:
No.
1, Article 35.
https://doi.org/10.3906/elk-1702-279
Available at:
https://journals.tubitak.gov.tr/elektrik/vol26/iss1/35
Included in
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons