A stack ensemble approach to intrusion detection based on decision tree and bayesian network algorithms
DOI:
https://doi.org/10.5281/zenodo.21033676Abstract
This paper provides a comprehensive overview of intrusion detection methodologies and proposes a hybrid classification algorithm utilizing an ensemble approach (stacking) that incorporates decision tree (J48) and Bayesian network as foundational classifiers, with a functional tree algorithm serving as the meta-learner. In recent years, numerous research initiatives have endeavored to apply data mining techniques to intrusion detection systems utilizing various classification algorithms. While many of these methods have achieved commendable detection rates and accuracy, they often grapple with a high false alarm rate, primarily due to the misclassification of normal traffic as attacks. Consequently, the field of intrusion detection system (IDS) research necessitates a greater focus not only on detection rates and accuracy but also on reducing false alarm rates to accurately discern intrusions. The proposed approach begins by processing the dataset through the decision tree, which generates node information. This information is generated based on the rules established by the decision tree and, when combined with the original attribute set, is then fed into the Bayesian network to yield the final classification outcome. The central premise of this study is to evaluate whether the node information derived from the decision tree enhances the performance of the Bayesian network. A performance evaluation was conducted utilizing a 10-fold cross-validation technique on the individual classifiers (Decision Tree and Bayesian Network) and the proposed hybrid classifier (DT-BN) on the KDD Cup 1999 dataset, analyzed using the WEKA tool. Experimental findings indicate that the hybrid classifier (DT-BN) outperforms its individual counterparts, achieving an accuracy of 100% for Normal traffic, 86.54% for User to Root (U2R), 99% for Denial of Service (DOS), 99.50% for Probing, and 98.76% for Remote to Local (R2L) attacks, thus demonstrating superior accuracy and efficiency
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Technoscience Journal for Community Development in Africa

This work is licensed under a Creative Commons Attribution 4.0 International License.