Toward an Online Network Intrusion Detection System Based on Ensemble Learning

With information technology growing and rapidly increasing, ubiquitous networking technology generates a massive amount of data and is integrated into our daily life. Network intrusion detection systems (NIDS) are essential for organizations to ensure the safety and security of their communication and information. In general, there are two types of NIDS: signature-based (SNIDS) and anomaly-based (ANDIS). Most modern NIDS solutions are signature-based techniques, which require a routine signature update and cannot detect unknown types of attacks. However, ANDIS has been extensively studied and is considered a better alternative to NIDS. In this paper, we present a stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models. To show the overall applicability of our approach, we demonstrate our work through two well-known NIDS benchmark datasets: NSL-KDD and UNSW-NB15 and a real campus network log, which includes about 300 million daily records. We compare our method to three different machine learning classical models and two other reported study results. Our test result implies that our proposed method can also limit both false positive and false negative predictions.