M.A. Thesis:

Using ensemble classification for network intrusion detection

The growth of computer networks has been concomitant with a dramatic rise in computer attacks and intrusion. It is clear that today's basic security measures such as firewalls or anti-virus are not sufficiently effective in providing a decent level of security for organizational networks, and in preventing the infiltration of malicious users in the system. One way to preclude the intrusion and mitigate malicious activity is using network intrusion detection systems. In this paper, based on input data of user in the network and the possibility of their infiltration on the processing systems, a solution called the auto-infiltration detection method is proposed that employs a set of machine learning strategies for identification. An integrated algorithm set consists of data pre-processing, feature selection, and ensembling classification. In the pre-processing stage, the lost values are recovered, data are normalized, and to achieve a reliable bias of the output and increase the stability level, the clustering is implemented using the Expectation-Maximization (EM) method. In the next step, the particle swarm optimization algorithm is utilized to reduce the dimensions of the feature vector in order to enhance the accuracy of intrusion detection and reduce the processing level of information. Ensemble learning is a method composed of three algorithms of Feed Foeward neural network (FFNN), Probabilistic neural network (PNN) model, and Cascade-forward neural network (CFNN) model that combine the results through Voting learning. Sample data is a 40000-connection subset of the KDD99 infiltration detection data received from the UCI that contains 42 distinct features. The results of algorithm implementation indicated an accuracy of above 98.5% as well as significant improvement of false positive in diagnosis. By repeating the experiment, the dispersion rate of responses in the predictive stage was minimal, indicating that the uncertainty was resolved. It is suggested that the proposed set of solutions be used as an intrusion detection tool by selecting the attribute and classification bonding as the infiltration detection device

Keywords: Intrusion detection, Pre-processing, Clustering, Feature selection and Ensamble learning.