METHODOLOGY FOR USING AN ENSEMBLE CLASSIFIER TO OPTIMIZE THE CRITICAL INFRASTRUCTURE INTRUSION DETECTION SYSTEM
DOI:
https://doi.org/10.18372/2310-5461.67.20347Keywords:
bayesian network, intrusion detection system, cyberattack, critical infrastructure, classifier, cyber resilience, IBK, JRip, J48, MLP, Naive Bayes, PARTAbstract
In this article, we will look at how ensemble classifiers can significantly improve the performance of intrusion detection systems (IDS), especially in critical infrastructure environments. Due to the increasing complexity of cyberattacks, traditional protection methods are often ineffective, which jeopardizes the smooth operation of important facilities. We propose an approach that combines the results of several separate classifiers to improve threat detection accuracy and reduce the number of false positives. Various methods for creating such ensembles and their application for analyzing network traffic characteristic of critical infrastructure are being investigated. The effectiveness of these models is evaluated on data sets, demonstrating their ability to accurately identify anomalies and known types of attacks, thereby strengthening cyber resilience. Modern intrusion detection systems (IDS) must be adapted to monitor new frameworks that help distinguish and analyze system attacks.
As part of our approach, we explore various combinations of classifiers such as Bayesian Network, Naïve Bayes, JRip, MLP, IBK PART, and J48. In addition, two data preprocessing methods — normalization and discretization — will be applied to each combination. The main advantage of this approach is its ability to detect most attacks with high accuracy by optimally combining the ensemble method with the correct preprocessing technique. This will allow for the effective identification of any type of network threat. Experimental studies show that this approach significantly improves the
References
Лукова-Чуйко Н.В., Толюпа С.В., Наконечний В.С., Браіловський М.М. Системи виявлення вторгнень та функціональна стійкість розподілених інформаційних систем до кібернетичних загроз: монографія. К.: Формат, 2021. 407 с.
Євсєев С.П. та ін. Методологія синтезу моделей інтелектуальних систем управління та безпеки об’єктів критичної інфраструктури. Монографія. Харків: Вид. «Новий Світ-2000», 2024. 300 с.
Толюпа С., Шевченко А., Кулько А. Особливості забезпечення безпеки критичних інфраструктур. Безпека інформаційних систем і технологій. № 1(7) (2024). С. 11-23.
Толюпа С., Пархоменко І., Штаненко С. Модель системи протидії вторгненням в інформаційних системах. Інфокомунікаційні технології та електронна інженерія. №1. 2021. С. 86-95.
Толюпа, С., Кулько А. Нейро-нечітка системи виявлення вторгнень у інформаційну мережу критичної інфраструктури. Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка», 2025. 3(27), 233–247.
Katkar V. D., Kulkarni S. V. Experiments on detection of Denial of Service attacks using ensemble of classifiers. Green Computing, Com-munication and Conservation of Energy (ICGCE), 2013 International Conference on, Chennai, 2013, pp. 837-842.
Choudhury S., Bhowal A. Comparative analysis of machine learning algorithms along with classifiers for network intrusion detec-tion. Smart Technologies and Management for Computing, Communi-cation, Controls. Energy and Materials (ICSTM), 2015 International Conference on, Chennai, 2015, pp. 89-95.
Sornsuwit P., Jaiyen S., Intrusion detection model based ensemble learning for U2R and R2L attacks, 2015 7th International Conference on Information Technology and Electrical Engineering (ICITEE), Chiang Mai, 2015, pp. 354-359.
Elekar K., Waghmare M. M. and Priyadarshi A., Use of rule base data mining algorithm for intrusion detection, Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-5.
Garg T., Khurana S. S., Comparison of classification techniques for intrusion detection dataset using WEKA, Recent Advances and Inno-vations in Engineering (ICRAIE), 2014, Jaipur, 2014, pp. 1-5.
Chauhan H., Kumar V., Pundir S. and Pilli E. S. A Comparative Study of Classification Techniques for Intrusion Detection, Computational and Business Intelligence (ISCBI), 2013 Internation-al Symposium on, New Delhi, 2013, pp. 40-43.
Amudha P., Karthik S. and Sivakumari S., Intrusion detection based on Core Vector Machine and ensemble classification methods, 2015 International Conference on Soft-Computing and Networks Security (ICSNS), 2015.
Toliupa S., Nakonechnyi V., Uspenskyi O. Signature and statistical analyzers in the cyber attack detection system. Information technology and security. Ukrainian research papers collection, Volume 7, Issue 1 (12). с. 69-79.
Толюпа С., Плющ О., Пархоменко І. Побудова систем виявлення атак в інформаційних мережах на нейромережевих структурах. Електронне фахове наукове видання "Кібербезпека: освіта, наука, техніка". 2020. Том 2. №10. С. 169-183.
DARPA Intrusion Detection Data Sets. URL: https://www.ll.mit.edu/ideval/data/ (access data 24/06/2025).
KDD Cup 1999 Data. URL: http://kdd.ics.uci.edu/databases/kddcup99 (access data 24/06/2025).
