A Sequential Detection Method for Intrusion Detection System Based on Artificial Neural Networks

With rapidly increasing cyber attacks, network security has become an important issue. To protect ourselves against cyber attacks, the Intrusion Detection System (IDS) has been introduced. In such systems, different kinds of machine learning algorithms play a more and more important role, such as support vector machine(SVM), artificial neural network(ANN), etc. False positive rate and false negative rate, in addition to accuracy, are widely used for the evaluation of IDSs. These indices, however, are often related to each other, which makes it is difficult for us to improve all the indices at the same time. For example, when we try to make the false negative rate decrease to prevent from missing attacks, more normal communications tend to be classified into attacks and the false positive rate may increase, and vice versa. In this study, we propose an ANN based sequential classifier method to mitigate this problem. We design each subclassifier with a low false positive rate, which may lead to high false negative rate. To decrease the false negative rate, the reported negative instances from the former subclassifier are sent to the next one to further check (reclassification). In this way, it can be expected that the false negative rate can also reach an acceptable level. The results of our experiment shows that our proposed method can bring lower false negative rate and higher accuracy, in the mean time the false positive rate is kept at an acceptable level. We also investigated the effect of the number of subclassifiers on detection performance and found that the detection system performed best when using four subclassifiers.