An ensemble approach for cyber attack detection system: A generic framework

Abstract

Cyber attack detection is based on assumption that intrusive activities are noticeably different from normal system activities and thus detectable. A cyber attack would cause loss of integrity, confidentiality, denial of resources. The fact is that no single classifier is able to give maximum accuracy for all the five classes (Normal, Probe, DOS, U2R and R2L). We have proposed a Cyber Attack Detection System (CADS) and its generic framework, which performs well for all the classes. This is based on Generalized Discriminant Analysis (GDA) algorithm for feature reduction of the cyber attack dataset and an ensemble approach of classifiers for classification of cyber attacks. The ensemble approach of classifiers classifies cyber attack based on the union of the subsets of features. Thus, it can detect a wider range of attacks. The C4.5 and improved Support Vector Machine (iSVM) classifiers are combined as a hierarchical hybrid classifier (C4.5-iSVM) and an ensemble approach combining the individual base classifiers and hybrid classifier for best classification of cyber attacks. The experimental results illustrate that the proposed Cyber Attack Detection System is having higher detection accuracy for the all classes of attacks with minimize training, testing times and false positive alarm.