Per-Instance Selection of Machine Learning Classifiers for IDS and IPS

PhD Thesis


Al-Khuzaei, N. 2025. Per-Instance Selection of Machine Learning Classifiers for IDS and IPS. PhD Thesis University of East London School of Architecture, Computing and Engineering https://doi.org/10.15123/uel.8zv82
AuthorsAl-Khuzaei, N.
TypePhD Thesis
Abstract

Generally, malicious attacks on a network or server can be detected and counteracted using various techniques. The intrusion detection systems (IDS) and intrusion prevention systems (IPS) are two of the most common application systems in detecting and preventing cyber threats. Despite the ability of each of these systems to help organizations overcome various types of threats to their networks, additional decisions are required to ensure that they operate effectively. Even IDS and IPS remain vulnerable to conditions that render them less efficient and incapable of meeting the required operational targets. Consequently, it is imperative that organizations make decisions and take actions that tend to optimize the efficiency with which the cybersecurity applications operate.

Most organizations have IT infrastructure nowadays, and they differ in their requirements and sizes, but there is a common problem that is managing the flood of alerts coming from the IDS(Simone, 2009). The IDS creates a huge number of alerts. Not all the threats detected are true, but it means that the IDS has found a matching signature or pattern. These types of alarms are considered false positives and a result of misclassification. They can be a real pain for organizations to determine if these alarms are actionable or not. Because of the issues with the current IDS, there is a need for continued research to solve the classification issues, and for that, a per-instance multi-classifier is proposed.

This research will discuss the importance of researching a new algorithm that is a portfolio of multiple classifiers for intrusion detection systems in the cyber-security space. There is already much research in this field, and many classifiers have been proposed, but the fact there is no single classifier that can cover all threats with high accuracy. The intention is to have a portfolio of classifiers. Each classifier will be tested and trained on the dataset. The idea of having multiple classifiers that each classifier can complement and contribute to the classification. A Master classifier will determine the fitness of each classifier, depending on the presented instance, and all the fit classifiers will contribute to the classification by voting. The vote will determine if the instance is benign or an anomaly, and if it is an anomaly, it will determine the type of attack.

Year2025
PublisherUniversity of East London
Digital Object Identifier (DOI)https://doi.org/10.15123/uel.8zv82
File
License
File Access Level
Anyone
Publication dates
Online16 Jun 2025
Publication process dates
Completed10 Jun 2025
Deposited16 Jun 2025
Copyright holder© 2025 The Author. Original content in this thesis is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) Licence (https://creativecommons.org/licenses/by-nc-nd/4.0). Any third-party copyright material present remains the property of its respective owner(s).
Permalink -

https://repository.uel.ac.uk/item/8zv82

Download files


File
2025_PhD_Al-Khuzaei.pdf
License: CC BY-NC-ND 4.0
File access level: Anyone

  • 20
    total views
  • 22
    total downloads
  • 7
    views this month
  • 7
    downloads this month

Export as