Abstract

A stacked ensemble machine learning framework using supervised machine learning method is presented to detect the different attack types. This paper deals with the development of supervised machine learning algorithms to detect network traffic intrusion from the CICIDS2017 and NSLKDD datasets. The detection of network traffic intrusion using a supervised machine learning approach comprises of five phases. Phase 1 is Data Acquisition. Phase 2 is the Data pre-processing method, which transforms the dataset and resamples the minority of attacks on the datasets (CIC- IDS2017 and NSLKDD).Wrapper- based feature selection methods are used to select the important Features in phase 3.The supervised machine learning models are developed with stacked ensemble learning methods such as Random Forest, Decision Tree, K Nearest Neighbors and Extreme Gradient Boosting algorithms. The developed models are then validated with appropriate performance evaluation metrics. The output of the different algorithms is then evaluated in phase 5 with metrics such as precision, recall, F1 Score, accuracy and ROC curve. With the proposed framework in CICIDS2017 dataset, the highest accuracy is attained by the K Nearest Neighbor model with 93.06% and the weighted average score of the stacked model is 97.83%. In NSLKDD Dataset, the highest accuracy is attained by the Extreme Gradient Boosting Model is 92.63% and the weighted average score of the stacked model is 97.24%