EURASIP Journal on Advances in Signal Processing (May 2022)

Intrusion detection system combined enhanced random forest with SMOTE algorithm

  • Tao Wu,
  • Honghui Fan,
  • Hongjin Zhu,
  • Congzhe You,
  • Hongyan Zhou,
  • Xianzhen Huang

DOI
https://doi.org/10.1186/s13634-022-00871-6
Journal volume & issue
Vol. 2022, no. 1
pp. 1 – 20

Abstract

Read online

Abstract Network security is subject to malicious attacks from multiple sources, and intrusion detection systems play a key role in maintaining network security. During the training of intrusion detection models, the detection results generally have relatively large false detection rates due to the shortage of training data caused by data imbalance. To address the existing sample imbalance problem, this paper proposes a network intrusion detection algorithm based on the enhanced random forest and synthetic minority oversampling technique (SMOTE) algorithm. First, the method used a hybrid algorithm combining the K-means clustering algorithm with the SMOTE sampling algorithm to increase the number of minor samples and thus achieved a balanced dataset, by which the sample features of minor samples could be learned more effectively. Second, preliminary prediction results were obtained by using enhanced random forest, and then the similarity matrix of network attacks was used to correct the prediction results of voting processing by analyzing the type of network attacks. In this paper, the performance was tested using the NSL-KDD dataset with a classification accuracy of 99.72% on the training set and 78.47% on the test set. Compared with other related papers, our method has some improvement in the classification accuracy of detection.

Keywords