A double-layer detection and classification approach for network attacks

Network intrusion detection system (NIDS) plays a crucial role in maintaining network security. In this paper, we propose a novel double-layer detection and classification technique for network attacks. The advantage of our proposed method is that our two-layer hybird detection combines the advantage of multiple techniques, especially stacking ensemble method, and has better generalization performance. The first layer contains a GBDT classifier which is responsible for identifying DoS (Denial of Service) attacks. The second layer consists of KNN classifier and stacking ensemble classifier. KNN classifier is used to classify the DoS data from the first layer as more subtypes, such as, smurf, pod, neptune, teardrop, back and other DoS attack subtypes. Stacking ensemble classifier optimized by FOA (Fly Optimization Algorithm) is applied to divide the non-DoS data from the first layer to Normal, Probe, R2L (Remote to Local) and U2L (User to Root). The simulation and analysis are done based on KDD99 dataset and we use accuracy, precision rate and recall rate to evaluate our method. The experimental results suggest that our proposed method is a more robust and reliable model and can achieve higher accuracy than other previous methods.