Abstract

The main task of an intrusion detection system (IDS) is to detect anomalous behaviors from both within and outside the network system, and there have been increasing studies applying machine learning in this area. The limitations of using a single classifier in the classification of normal traffic and anomalies (attacks) led to the idea of building hybrid or ensemble models which are more complicated but provide higher accuracy and lower false alarm rate (FAR). The aim of this paper is to improve the performance of IDS by using ensemble methods and feature selection. The ensemble models were built based on the two ensemble techniques, Bagging and Boosting, with the tree-based algorithms as the base classifier. The proposed models were then evaluated using NSL-KDD datasets. The experimental results showed that the bagging ensemble model with J48 as the base classifier produced the best performance in terms of both classification accuracy and FAR when working with the subset of 35 selected features.