Dual-stage intrusion detection for class imbalance scenarios

Abstract

In the early morning of 12 May 2017, WannaCry, a class of self-propagating malware, attacked the UK's National Health Service (NHS) hospital network. 1 It was estimated that a total of 50,000 NHS systems were affected. 2 WannaCry ransomware and other threats of this type are generally propagated through the Internet or networks. The lethal behaviour of these threats is visible once they start controlling the entire system. This is where the role of an intrusion detection system (IDS) comes into the picture. An effective IDS acts as a second line of defence and comes into action when a firewall fails to detect a threat. The deficiency of firewalls clearly indicates why IDS solutions are progressively more important in the context of hosts in a network of systems. An intrusion detection system (IDS) encounters many challenges when trying to identify dangerous activity. One of these is the high class imbalance nature of class labels. Classification and detection models based on high class imbalance datasets tend to be biased to the classes having the majority of instances. Ranjit Panigrahi and Samarjeet Borah of Sikkim Manipal University propose a dual-stage intrusion detection framework that will remain stable even with such a high class imbalance dataset.