Intrusion Detection Systems (IDS) are critical in identifying abnormal network activities and mitigating potential security threats. However, existing IDS solutions struggle with detecting rare attack types, such as Remote-to-Local (R2L) and User-to-Root (U2R), primarily due to data imbalance. To address this challenge, we propose an ensemble model combining Bidirectional Long Short-Term Memory (Bi-LSTM) networks and eXtreme Gradient Boosting (XGBoost). Our model achieves an accuracy of 98.42% on the NSL-KDD dataset, significantly reducing the false positive rates for R2L and U2R classes by approximately 90% and 67%, respectively (p-value < 0.05). Moreover, the proposed model achieves an Area Under the Receiver Operating Characteristic Curve (AUC-ROC) score of 0.89 for R2L detection, outperforming the Bi-LSTM-Random Forest baseline (0.88). For U2R detection, the AUC improved from 0.58 to 0.66. These findings highlight the model's enhanced capability for minority class detection and its potential to mitigate data imbalance issues in IDS. Future work will focus on integrating Conditional Generative Adversarial Networks (Conditional GANs) for data augmentation, optimizing hyperparameters using Particle Swarm Optimization (PSO), and validating the model's generalizability on CICIDS2017 and UNSW-NB15 datasets.
Contact Info
E-mail: editor@learning-gate.com
© 2020 Learning Gate, All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
© 2020 Learning Gate, All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
Licensed under 
a Creative Commons Attribution 4.0 International License.
a Creative Commons Attribution 4.0 International License.