Modified stacking ensemble approach to detect network intrusion

Detecting intrusions in a network traffic has remained an issue for researchers over the years. Advances in the area of machine learning provide opportunities to researchers to detect network intrusion without using a signature database. We studied and analyzed the performance of a stacking technique, which is an ensemble method that is used to combine different classification models to create a better classifier, on the KDD’99 dataset. In this study, the stacking method is improved by modifying the model generation and selection techniques and by using different classifications algorithms as a combiner method. Model generation is performed using subsets of the dataset with randomly selected features and not all of these models are used as input for the combiner. Various metrics are used in model selection and only selected models are used as input for the combiner method. In our experiments, the stacking technique provided higher accuracy results all the time compared to pure machine learning techniques. The second important result in our experiments was obtaining the highest detection rate for user-to-root attacks compared to other studies.