B-DT Model: A Derivative Ensemble Method to Improve Performance of Intrusion Detection System

In cyber security, system security must be prioritized. Therefore, to improve system security, a system device called an Intrusion Detection System (IDS) is needed. IDS is a system that can detect suspicious activity on a system or network. The constraint of IDS is many types of attacks appear now, making it difficult to detect them. Therefore, many IDS based on machine learning have been applied to overcome this constraint. And machine learning has been widely adopted to improve IDS performance. However, false detection occurs frequently. The problem raised in this study is the large number of false detections that still occur. The main objective of this study is to reduce the occurrence of false detection in IDS. Then, to achieve this objective, this paper proposes a model called the B-DT model. The Bagging-DT (B-DT) model combines the Bagging technique ensemble-base and Decision Tree (DT) classifier. The B-DT model was trained and evaluated on NSL-KDD and UNSW-NB15 datasets. The results showed that it can reduce false detection from 11,305 data to 243 data in the NSL-KDD dataset. Besides that, the B-DT model can reduce false detection from 2,504 data to 871 in the UNSW-NB15 dataset. In addition, model performance has increased in accuracy, precision, recall, f1-score, and kappa-score. Based on the results, the B-DT model’s performance can achieve an accuracy of 99.45 on the NSL-KDD dataset and 79.67 on the UNSW-NB15 dataset. This model can work well not only on binary-class data but also on multi-class labeled data. The statistical evaluation shows this model has increased significantly compared to other models. These results suggest that the proposed B-DT model can effectively enhance the performance of IDS and be a promising solution for practical applications. © 2024, Engineering and Technology Publishing. All rights reserved.