inconsistency of attack distribution and lack of attack scenarios
when used today [15]. For example, in the UNSW-NB15
dataset (modern dataset) there are several types of attacks that
are not present in the NSL-KDD dataset (old dataset). Mean-
while, modern datasets still contain many redundant attributes,
high dimensionality data [16], redundant and irrelevant [17].
For example, in the CSE-IDS-2018 dataset, there are very
significant imbalance data [18]. Thus, data reduction and
feature selection in datasets are particularly important things
to consider in machine learning.
Most of the IDS proposed in previous studies are based
on outdated datasets [14]. Thus experiencing problems of
the inconsistency of attack distribution and lack of attack
scenarios when used today [15]. For example, in the UNSW-
NB15 dataset (modern dataset), several types of attacks are
not present in the NSL-KDD dataset (old dataset). Meanwhile,
current datasets still contain many redundant attributes, high
dimensionality data [16], redundant and irrelevant [17]. For
example, in the CSE-IDS-2018 dataset, there are very signif-
icant imbalanced data [18]. Thus, data reduction and feature
selection in datasets are essential in machine learning.
Based on the intrusion detection method used, several stud-
ies related to IDS have applied a machine learning approach
[14], [19], [20], [21]. C.R.Wang et al. [22] study’s found that
applying machine learning techniques to IDS has a number of
benefits over using more conventional techniques. However,
applying machine learning based on a single classifier still
has a problem for existing intrusion detection to achieve good
performance. The issue with the single classifier is it may
not perform well when detecting of each type of attacks [23].
For this reason, the our motivation is to find the best perform
technique and to proven superiority of the ensemble classifier.
The main contributions of this research are summarized as
follows:
• To increase the single classifier performance for applied
to the intrusion detection system.
• Introduce an ensemble approach (Bagging-SDN) using
the bagging technique and three base learner classifiers
(SVM, DT, and NB).
• Experimental results show that the proposed method
surpasses basic methods (single classifier) in terms of
Accuracy (ACC), Precision (PC), Recall (RC), F1-Score
(F1), and Kappa Score (KS) metrics.
This article’s structure is divided into five sections. Section
I describes the introduction, Section II the relevant work, Sec-
tion III the methodology, Section IV the results and discussion,
and Section V the conclusion and future studies.
II. RELATED WORK
Many previous studies have been done to detect intrusions
on IDS. Comparing previous studies related to IDS can be
grouped based on the classification techniques and evaluation
metrics used.
The method applied in several previous studies mostly used
a classification approach [24] and clustering [25]. The classi-
fication technique is widely used in several machine learning
techniques (classification, clustering, estimation, association,
prediction, and statistical analysis) [26]. Classification tech-
niques are genuinely relevant to use in IDS if the approach
used is supervised learning. However, the clustering technique
is more appropriate for classifying intrusions if the system is
unsupervised. In addition, several previous studies still build
models using a single classifier, for example, Support Vector
Machine (SVM) [27], Neural Network (NN) [28], Decision
Tree (DT) [29], Naïve Bayes (NB) [30], or Random Forest
(RF) [31], and others. However, from some of these studies,
classification results are still found with performance that is
not optimal when applied to several different datasets.
Model evaluation techniques can be conducted with various
types of evaluation metrics. From several previous studies
[14], [22], [23], evaluation metrics that are often used to
evaluate models include accuracy, precision, detection rate,
false alarm rate, f-measure, ROC Curve, and others. However,
most use accuracy, precision, and recall to evaluate the built
model. Several previous studies [24], [25], [32] explained
that the calculation of accuracy, detection rate, and false
alarm rate was based only on the values obtained from the
classification results carried out on the NSL-KDD dataset.
Meanwhile, the type of intrusion currently developing is more
complex than the type listed in the NSL-KDD dataset. Thus,
this results in the quality of intrusion detection accuracy not
being guaranteed if the model that has been built is applied to
detect new types of intrusion.
Thaseen et al. [19] have developed an intrusion classi-
fication model on IDS with a chi-square feature selection
technique and multi-class support vector machine (SVM) to
overcome this problem. However, in that study, only one
computer-based feature selection method was used: a single
classifier in the form of SVM. And that research has not
been developed with several other algorithms, so it does
not supply information regarding using other better feature
selection methods.
Neha et al. [17] have built a classification model on IDS
with the feature selection technique of intelligent water drops
(IWD) combined with a classification technique using a sup-
port vector machine (SVM). The experimental results show
that the proposed model performs better and has a higher
detection rate, lower false alarm rate, and better accuracy than
the previous approach.
Mohammadi et al. [33] have built a model for feature
selection based on the feature grouping linear correlation
coefficient (FGLCC) algorithm and the cuttlefish algorithm
(CFA). The performance of the proposed method is confirmed
using the KDD Cup’99 dataset. The validation results show
an accuracy of 95.03% and a detection rate of 95.23%, with a
lower false positive rate (1.65%) than the previous literature
methods.
Then Boahen et al. [34], in their research, developed a new
model called ’PSOGSARFC.’ Then the model was validated
using two datasets, namely NSL-KDD and UNSW-NB15. The
evaluation showed an increase in accuracy in the classification
of NSL-KDD dataset by 98.56% and in the UNSW-NB15