A Semi-Boosted Nested Model With Sensitivity-Based Weighted Binarization for Multi-Domain Network Intrusion Detection

Abstract

Effective network intrusion detection techniques are required to thwart evolving cybersecurity threats. Historically, traditional enterprise networks have been researched extensively in this regard. However, the cyber threat landscape has grown to include wireless networks. In this article, the authors present a novel model that can be trained on completely different feature sets and applied to two distinct intrusion detection applications: traditional enterprise networks and 802.11 wireless networks. This is the first method that demonstrates superior performance in both aforementioned applications. The model is based on a one-versus-all binary framework comprising multiple nested sub-ensembles. To provide good generalization ability, each sub-ensemble contains a collection of sub-learners, and only a portion of the sub-learners implement boosting. A class weight based on the sensitivity metric (true-positive rate), learned from the training data only, is assigned to the sub-ensembles of each class. The use of pruning to remove sub-learners that do not contribute to or have an adverse effect on overall system performance is investigated as well. The results demonstrate that the proposed system can achieve exceptional performance in applications to both traditional enterprise intrusion detection and 802.11 wireless intrusion detection.