A Study of Ensemble Methods for Cyber Security

Ensemble methods for machine learning serve to increase the predictive power of preexisting models by applying a meta-algorithm on top of the underlying workings of one or many prediction models. These ensemble models show promise for anomaly detection over the simpler prediction models they are built on-top of without much more admin work and theory, making them ideal for network intrusion detection. This study looks at the advantages of these methods when applied to the cybersecurity domain by using the widely used NSL-KDD intrusion detection dataset. The types of ensemble methods studied are voting, bagging, and boosting, specifically the algorithms experimented with are the Voting classifier, boosting, Random forest classifier, and AdaBoost classifier.