Cascaded intrusion detection system using machine learning
Cybercrime is becoming an increasing concern these days. In response to the growing cyberthreat, various intrusion detection systems have been developed and proposed to detect anomalies. However, most detection systems suffer from some common issues, such as a high number of false positives that cau...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-12-01
|
| Series: | Systems and Soft Computing |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S277294192400111X |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841553716455407616 |
|---|---|
| author | Md. Khabir Uddin Ahamed Abdul Karim |
| author_facet | Md. Khabir Uddin Ahamed Abdul Karim |
| author_sort | Md. Khabir Uddin Ahamed |
| collection | DOAJ |
| description | Cybercrime is becoming an increasing concern these days. In response to the growing cyberthreat, various intrusion detection systems have been developed and proposed to detect anomalies. However, most detection systems suffer from some common issues, such as a high number of false positives that cause regular behaviors to be detected as intrusions, as well as the system’s excessive complexity. Many single classifier models have accuracy issues since they are unable to detect certain anomalies caused by the attack’s polymorphic and zero-day behavior. The signature-based intrusion detection system (SIDS) is unable to identify zero-day intrusions. On the other side, the anomaly-based intrusion detection system (AIDS) generates a significant number of false-positive alarms. In this research, a cascaded intrusion detection system (CIDS) is proposed by combining the one-class support vector machine (OC-SVM)-based AIDS and the decision tree-based SIDS. OC-SVM is used in conjunction with the newly built Distance-Based Intrusion Classification System (DICS). SIDS that use decision trees can discover and classify anomalies. Because OC-SVM is a binary classifier, the intrusion type is determined by DICS. The suggested method aims to detect both popular and well-known zero-day attacks, as well as their type. The CIDS is evaluated using publicly available benchmark datasets, such as the Knowledge Discovery in Databases (KDD) Cup 1999 and the NSL-KDD dataset. The results of the proposed study show that CIDS outperformed both traditional SIDS and AIDS in terms of performance. Both anomalies and their types are detected with high accuracy. |
| format | Article |
| id | doaj-art-fa250ce39da44333bc9ea61acfe00b7b |
| institution | Kabale University |
| issn | 2772-9419 |
| language | English |
| publishDate | 2025-12-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Systems and Soft Computing |
| spelling | doaj-art-fa250ce39da44333bc9ea61acfe00b7b2025-01-09T06:17:04ZengElsevierSystems and Soft Computing2772-94192025-12-017200182Cascaded intrusion detection system using machine learningMd. Khabir Uddin Ahamed0Abdul Karim1Department of Computer Science and Engineering, Bangamata Sheikh Foilatunnesa Mujib Science and Technology University, Jamalpur, Bangladesh; Corresponding author.Senior Officer-IT (APg), Janata Bank PLC, Dhaka, BangladeshCybercrime is becoming an increasing concern these days. In response to the growing cyberthreat, various intrusion detection systems have been developed and proposed to detect anomalies. However, most detection systems suffer from some common issues, such as a high number of false positives that cause regular behaviors to be detected as intrusions, as well as the system’s excessive complexity. Many single classifier models have accuracy issues since they are unable to detect certain anomalies caused by the attack’s polymorphic and zero-day behavior. The signature-based intrusion detection system (SIDS) is unable to identify zero-day intrusions. On the other side, the anomaly-based intrusion detection system (AIDS) generates a significant number of false-positive alarms. In this research, a cascaded intrusion detection system (CIDS) is proposed by combining the one-class support vector machine (OC-SVM)-based AIDS and the decision tree-based SIDS. OC-SVM is used in conjunction with the newly built Distance-Based Intrusion Classification System (DICS). SIDS that use decision trees can discover and classify anomalies. Because OC-SVM is a binary classifier, the intrusion type is determined by DICS. The suggested method aims to detect both popular and well-known zero-day attacks, as well as their type. The CIDS is evaluated using publicly available benchmark datasets, such as the Knowledge Discovery in Databases (KDD) Cup 1999 and the NSL-KDD dataset. The results of the proposed study show that CIDS outperformed both traditional SIDS and AIDS in terms of performance. Both anomalies and their types are detected with high accuracy.http://www.sciencedirect.com/science/article/pii/S277294192400111XCyber-crimeIntrusion detection systemMachine learningSupport vector machineZero-day attacks |
| spellingShingle | Md. Khabir Uddin Ahamed Abdul Karim Cascaded intrusion detection system using machine learning Systems and Soft Computing Cyber-crime Intrusion detection system Machine learning Support vector machine Zero-day attacks |
| title | Cascaded intrusion detection system using machine learning |
| title_full | Cascaded intrusion detection system using machine learning |
| title_fullStr | Cascaded intrusion detection system using machine learning |
| title_full_unstemmed | Cascaded intrusion detection system using machine learning |
| title_short | Cascaded intrusion detection system using machine learning |
| title_sort | cascaded intrusion detection system using machine learning |
| topic | Cyber-crime Intrusion detection system Machine learning Support vector machine Zero-day attacks |
| url | http://www.sciencedirect.com/science/article/pii/S277294192400111X |
| work_keys_str_mv | AT mdkhabiruddinahamed cascadedintrusiondetectionsystemusingmachinelearning AT abdulkarim cascadedintrusiondetectionsystemusingmachinelearning |