MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a review


Network security plays an essential role in secure communication and avoids financial loss and crippled services due to network intrusions. Intruders generally exploit the flaws of popular software to mount a variety of attacks against network computer systems. The damage caused in the network attacks may vary from a little disruption in service to on developing financial loss. Recently, intrusion detection systems (IDSs) comprising machine learning techniques have emerged for handling unauthorized usage and access to network resources. With the passage of time, a wide variety of machine learning techniques have been designed and integrated with IDSs. Still, most of the IDSs reported poor intrusion detection results using false positive rate and detection rate. For solving these issues, researchers focused on the development of ensemble classifiers involving the integration of predictions by multiple individual classifiers. The ensemble classifiers enable to compensate for the weakness of individual classifiers and use their combined knowledge to enhance its performance. This study presents motivation and comprehensive review of intrusion detection systems based on ensembles in machine learning as an extension of our previous work in the field. Particularly, different ensemble methods in the field are analysed, taking into consideration different types of ensembles, and various approaches for integrating the predictions of individual classifiers for an ensemble classifier. The representative studies are compared in chronological order for systematic and critical analysis, understanding the current challenges and status of research in the field. Finally, the study presents essential future research directions for the development of effective IDSs.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6


  1. 1.

    Abraham A, Thomas J (2005) Distributed intrusion detection systems: a computational intelligence approach. In: Abbass HA, Essam D (eds) Applications of information systems to homeland security and defense. Idea Group Inc. Publishers, Hershey, pp 105–35

    Google Scholar 

  2. 2.

    Aburomman AA, Reaz MBI (2016) A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl Soft Comput 38:360–372

    Google Scholar 

  3. 3.

    Aburomman AA, Reaz MBI (2017) A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput Secur 65:135–152

    Google Scholar 

  4. 4.

    Aha D, Kibler D, Albert M (1991) Instance-based learning algorithms. Mach Learn 6(1):37–66

    Google Scholar 

  5. 5.

    Ahmadian Ramaki A, Rasoolzadegan A, Javan Jafari A (2018) A systematic review on intrusion detection based on the hidden markov model. Stat Anal Data Min ASA Data Sci J 11(3):111–134

    MathSciNet  Google Scholar 

  6. 6.

    Anand R, Mehrotra K, Mohan C, Ranka S (1995) Efficient classification for multiclass problems using modular neural networks. IEEE Trans Neural Netw 6(1):117–124

    Google Scholar 

  7. 7.

    Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Tech. rep., Technical report

  8. 8.

    Bahri E, Harbi N, Huu HN (2011) Approach based ensemble methods for better and faster intrusion detection. In: Computational Intelligence in Security for Information Systems. Springer, pp 17–24

  9. 9.

    Breiman L (1996) Bias, variance, and arcing classifiers (technical report 460). Department of Statistics. University of California at Berkeley

  10. 10.

    Breiman L (2001) Random forests. Mach Learn 45(1):5–32

    MATH  Google Scholar 

  11. 11.

    Breiman L (2017) Classification and regression trees. Routledge, London

    Google Scholar 

  12. 12.

    Brown G, Wyatt J, Harris R, Yao X (2005) Diversity creation methods: a survey and categorisation. Inf Fusion 6(1):5–20

    Google Scholar 

  13. 13.

    Bukhtoyarov V, Zhukov V (2014) Ensemble-distributed approach in classification problem solution for intrusion detection systems. In: International Conference on Intelligent Data Engineering and Automated Learning. Springer, pp 255–265

  14. 14.

    Chebrolu S, Abraham A, Thomas J (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307

    Google Scholar 

  15. 15.

    Chen Y, Abraham A, Yang B (2007) Hybrid flexible neural-tree-based intrusion detection systems. Int J Intell Syst 22(4):337–352

    MATH  Google Scholar 

  16. 16.

    Chiba Z, Abghour N, Moussaid K, El Omri A, Rida M (2016) A survey of intrusion detection systems for cloud computing environment. In: 2016 International Conference on Engineering & MIS (ICEMIS). IEEE, pp 1–13

  17. 17.

    Cho S, Kim J (1995) Combining multiple neural networks by fuzzy integral for robust classification. IEEE Trans Syst Man Cybern 25(2):380–384

    Google Scholar 

  18. 18.

    Corona I, Ariu D, Giacinto G (2009) Hmm-web: a framework for the detection of attacks against web applications. In: Proc. of IEEE International Conference on Communications (ICC). IEEE, pp 1–6

  19. 19.

    Creech G, Hu J (2013) A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans Comput 63(4):807–819

    MATH  Google Scholar 

  20. 20.

    Cretu G, Stavrou A, Locasto M, Stolfo S, Keromytis A (2008) Casting out demons: sanitizing training data for anomaly sensors. In: Proc. of IEEE Symposium on Security and Privacy. IEEE, pp 81–95

  21. 21.

    DARPA: intrusion detection evaluation (2012). Accessed 2 Feb 2020

  22. 22.

    Deb K et al (1999) Evolutionary algorithms for multi-criterion optimization in engineering design. In: Miettinen K, Makela MM, Neittaanmaki P, Periaux J (eds) Evolutionary algorithms in engineering and computer science. Wiley, Chichester, pp 135–161

    Google Scholar 

  23. 23.

    Demšar J (2006) Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res 7:1–30

    MathSciNet  MATH  Google Scholar 

  24. 24.

    Didaci L, Giacinto G, Roli F (2002) Ensemble learning for intrusion detection in computer networks. In: Proc. of Workshop Machine Learning Methods Applications, Siena. Citeseer

  25. 25.

    Dietterich T (2000) Ensemble methods in machine learning. In: Multiple Classifier Systems, pp 1–15

  26. 26.

    Dietterich T (2000) An experimental comparison of three methods for constructing ensembles of decision trees: bagging, boosting, and randomization. Mach. Learn. 40(2):139–157

    Google Scholar 

  27. 27.

    Dietterich T, Bakiri G (1994) Error-correcting output codes: a general method for improving multiclass inductive learning programs. In: Proc. of Santa fe Institute Studies in the Sciences of Complexity, vol 20. Citeseer, pp 395–395

  28. 28.

    Domingos P, Pazzani M (1997) On the optimality of the simple bayesian classifier under zero-one loss. Mach. Learn. 29(2):103–130

    MATH  Google Scholar 

  29. 29.

    Dos Santos EM (2008) Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms. Ph.D. thesis, Montreal

  30. 30.

    Duda R, Hart P, Stork D (2001) Pattern classification. A wiley-interscience publication. Wiley, New York

    Google Scholar 

  31. 31.

    Eid HF, Darwish A, Hassanien AE, Kim T (2011) Intelligent hybrid anomaly network intrusion detection system. In: International Conference on Future Generation Communication and Networking. Springer, pp 209–218

  32. 32.

    Elhag S, Fernandez A, Alshomrani S, Herrera F (2019) Evolutionary fuzzy systems: a case study for intrusion detection systems. In: Bansal J, Singh P, Pal N (eds) Evolutionary and swarm intelligence algorithms. Springer, Cham, pp 169–190

    Google Scholar 

  33. 33.

    Elhag S, Fernández A, Altalhi A, Alshomrani S, Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23(4):1321–1336

    Google Scholar 

  34. 34.

    Enache AC, Patriciu VV (2014) Intrusions detection based on support vector machine optimized with swarm intelligence. In: 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI). IEEE, pp 153–158

  35. 35.

    Engen V (2010) Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the kdd cup’99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data. Ph.D. thesis, Bournemouth University

  36. 36.

    Etalle S (2017) From intrusion detection to software design. In: European Symposium on Research in Computer Security. Springer, pp 1–10

  37. 37.

    Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102–419

    Google Scholar 

  38. 38.

    Ferreira AJ, Figueiredo MA (2012) Boosting algorithms: a review of methods, theory, and applications. In: Zhang C, Ma Y (eds) Ensemble machine learning. Springer, Boston, pp 35–85

    Google Scholar 

  39. 39.

    Folino G, Pizzuti C, Spezzano G (2010) An ensemble-based evolutionary framework for coping with distributed intrusion detection. Genet Program Evolvable Mach 11(2):131–146

    Google Scholar 

  40. 40.

    Freund Y, Schapire R (1996) Experiments with a new boosting algorithm. In: Proc. of Machine Learning-international Workshop Then Conference. Morgan Kaufmann Publishers, Inc, pp 148–156

  41. 41.

    Freund Y, Schapire RE (1997) A decision-theoretic generalization of on-line learning and an application to boosting. J Comput Syst Sci 55(1):119–139

    MathSciNet  MATH  Google Scholar 

  42. 42.

    Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29(2):131–163

    MATH  Google Scholar 

  43. 43.

    Gaikwad D, Thool RC (2015) Intrusion detection system using bagging with partial decision treebase classifier. Procedia Comput Sci 49:92–98

    Google Scholar 

  44. 44.

    Garg S, Kaur K, Batra S, Aujla GS, Morgan G, Kumar N, Zomaya AY, Ranjan R (2020) En-abc: an ensemble artificial bee colony based anomaly detection scheme for cloud environment. J Parallel Distrib Comput 135:219–233.

    Article  Google Scholar 

  45. 45.

    Giacinto G, Roli F (2001) An approach to the automatic design of multiple classifier systems. Pattern Recognit Lett 22(1):25–33

    MATH  Google Scholar 

  46. 46.

    Govindarajan M, Chandrasekaran R (2011) Intrusion detection using neural based hybrid classification methods. Comput Netw 55(8):1662–1671

    Google Scholar 

  47. 47.

    Gu S, Jin Y (2012) Heterogeneous classifier ensembles for EEG-based motor imaginary detection. In: 2012 12th UK Workshop on Computational Intelligence (UKCI). IEEE, pp 1–8

  48. 48.

    Gu Y, Zhou B, Zhao J (2008) PCA-ICA ensembled intrusion detection system by pareto-optimal optimization. Inf Technol J 7(3):510–515

    Google Scholar 

  49. 49.

    Guan Y, Myers C, Hess D, Barutcuoglu Z, Caudy A, Troyanskaya O et al (2008) Predicting gene function in a hierarchical context with an ensemble of classifiers. Genome Biol 9(Suppl 1):S3

    Google Scholar 

  50. 50.

    Gudadhe M, Prasad P, Wankhade LK (2010) A new data mining based network intrusion detection model. In: 2010 International Conference on Computer and Communication Technology (ICCCT). IEEE, pp 731–735

  51. 51.

    Hamamoto AH, Carvalho LF, Sampaio LDH, Abrao T, Proenca ML Jr (2018) Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst Appl 92:390–402

    Google Scholar 

  52. 52.

    Hansen L, Salamon P (1990) Neural network ensembles. IEEE Trans Pattern Anal Mach Intell 12(10):993–1001

    Google Scholar 

  53. 53.

    Haq NF, Onik AR, Shah FM (2015) An ensemble framework of anomaly detection using hybridized feature selection approach (hfsa). In: 2015 SAI Intelligent Systems Conference (IntelliSys). IEEE, pp 989–995

  54. 54.

    Holte R (1993) Very simple classification rules perform well on most commonly used datasets. Mach Learn 11(1):63–90

    MATH  Google Scholar 

  55. 55.

    Hota H, Shrivas AK (2014) Data mining approach for developing various models based on types of attack and feature selection as intrusion detection systems (IDS). In: Intelligent Computing, Networking, and Informatics. Springer, pp 845–851

  56. 56.

    Hu R, Damper R (2008) A no panacea theorem for classifier combination. Pattern Recognit 41(8):2665–2673

    MATH  Google Scholar 

  57. 57.

    Hu W, Hu W, Maybank S (2008) Adaboost-based algorithm for network intrusion detection. IEEE Trans Syst Man Cybern Part B Cybern 38(2):577–583

    Google Scholar 

  58. 58.

    Hwang T, Lee T, Lee Y (2007) A three-tier ids via data mining approach. In: Proc. of the 3rd Annual ACM Workshop on Mining Network Data. ACM, pp 1–6

  59. 59.

    Ibrl (2006) Ibrl: Intel berkeley research lab. Accessed 2 Feb 2020

  60. 60.

    Illy P, Kaddoum G, Moreira CM, Kaur K, Garg S (2019) Securing fog-to-things environment using intrusion detection system based on ensemble learning. arXiv preprint arXiv:1901.10933

  61. 61.

    Jain A, Duin R, Mao J (2000) Statistical pattern recognition: a review. IEEE Trans Pattern Anal Mach Intell 22(1):4–37.

    Article  Google Scholar 

  62. 62.

    John G, Langley P (1995) Estimating continuous distributions in Bayesian classifiers. In: Proc. of the Eleventh Conference on Uncertainty in Artificial Intelligence. Morgan Kaufmann Publishers Inc, pp 338–345

  63. 63.

    Kanakarajan NK, Muniasamy K (2016) Improving the accuracy of intrusion detection using gar-forest with feature selection. In: Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. Springer, pp 539–547

  64. 64.

    KDD: KDD cup 1999 dataset (1999). Accessed 2 Feb 2020

  65. 65.

    Khammassi C, Krichen S (2017) A GA-LR wrapper approach for feature selection in network intrusion detection. Comput Secur 70:255–277

    Google Scholar 

  66. 66.

    Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J Int J Very Large Data Bases 16(4):507–521

    Google Scholar 

  67. 67.

    Khraisat A, Gondal I, Vamplew P, Kamruzzaman J, Alazab A (2020) Hybrid intrusion detection system based on the stacking ensemble of c5 decision tree classifier and one class support vector machine. Electronics 9(1):173

    Google Scholar 

  68. 68.

    Khreich W, Granger E, Miri A, Sabourin R (2010) Iterative boolean combination of classifiers in the roc space: an application to anomaly detection with hmms. Pattern Recognit 43(8):2732–2752

    MATH  Google Scholar 

  69. 69.

    Khreich W, Granger E, Miri A, Sabourin R (2012) Adaptive roc-based ensembles of hmms applied to anomaly detection. Pattern Recognit 45(1):208–230

    MATH  Google Scholar 

  70. 70.

    Kotsiantis SB, Zaharakis I, Pintelas P (2007) Supervised machine learning: a review of classification techniques. Emerg Artif Intell Appl Comput Eng 160:3–24

    Google Scholar 

  71. 71.

    Kruegel C, Vigna G, Robertson W (2005) A multi-model approach to the detection of web-based attacks. Comput Netw 48(5):717–738

    Google Scholar 

  72. 72.

    Kumar G, Kumar K (2012) The use of artificial-intelligence-based ensembles for intrusion detection: a review. Appl Comput Intell Soft Comput 2012:1–20.

    Article  Google Scholar 

  73. 73.

    Kumar G, Kumar K (2012) The use of multi-objective genetic algorithm based approach to create ensemble of ann for intrusion detection. Int J Intell Sci 2(24):115–127.

    Article  Google Scholar 

  74. 74.

    Kumar G, Kumar K (2014) Network security—an updated perspective. Syst Sci Control Eng Open Access J.

    Article  Google Scholar 

  75. 75.

    Kumar G, Kumar K, Sachdeva M (2010) The use of artificial intelligence based techniques for intrusion detection: a review. Artif Intell Rev 34(4):369–387

    Google Scholar 

  76. 76.

    Kuncheva L, Whitaker C (2003) Measures of diversity in classifier ensembles and their relationship with the ensemble accuracy. Mach Learn 51(2):181–207

    MATH  Google Scholar 

  77. 77.

    Kuncheva LI (2007) Combining pattern classifiers: methods and algorithms (kuncheva, li; 2004) [book review]. IEEE Trans Neural Netw 18(3):964–964

    Google Scholar 

  78. 78.

    Kwon D, Kim H, Kim J et al (2019) A survey of deep learning-based network anomaly detection. Cluster Comput 22:949–961.

    Article  Google Scholar 

  79. 79.

    Lam L, Suen S (1997) Application of majority voting to pattern recognition: an analysis of its behavior and performance. IEEE Trans Syst Man Cybern Part A Syst Hum 27(5):553–568

    Google Scholar 

  80. 80.

    Lavin A, Ahmad S (2015) Evaluating real-time anomaly detection algorithms–the numenta anomaly benchmark. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE, pp 38–44

  81. 81.

    Lee W, Stolfo S, Mok K (1999) A data mining framework for building intrusion detection models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, pp 120–132

  82. 82.

    Lee W, Stolfo S, Mok K (2000) Adaptive intrusion detection: a data mining approach. Artif Intell Rev 14(6):533–567

    MATH  Google Scholar 

  83. 83.

    Lin D, Tang X (2006) Conditional infomax learning: an integrated framework for feature extraction and fusion. In: Computer Vision–ECCV, pp 68–82

  84. 84.

    Liu J, He J, Zhang W, Ma T, Tang Z, Niyoyita JP, Gui W (2019) ANID-SEoKELM: adaptive network intrusion detection based on selective ensemble of kernel ELMs with random features. Knowl Based Syst 177:104–116

    Google Scholar 

  85. 85.

    Macia-Fernandez G, Camacho J, Magan-Carrion R, Garcia-Teodoro P, Theron R (2018) UGR 16: a new dataset for the evaluation of cyclostationarity-based network idss. Comput Secur 73:411–424

    Google Scholar 

  86. 86.

    Malik AJ, Shahzad W, Khan FA (2011) Binary PSO and random forests algorithm for probe attacks detection in a network. In: 2011 IEEE Congress of Evolutionary Computation (CEC). IEEE, pp 662–668

  87. 87.

    Masarat S, Taheri H, Sharifian S (2014) A novel framework, based on fuzzy ensemble of classifiers for intrusion detection systems. In: 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE). IEEE, pp 165–170

  88. 88.

    Mayoraz E, Moreira M (1997) On the decomposition of polychotomies into dichotomies. In: Proc. of Machine Learning-international Workshop Then Conference. Morgan kaufmann publishers, inc, pp 219–226

  89. 89.

    McKay R, Pendleton B, Britt J, Nakhavanit B (2019) Machine learning algorithms on botnet traffic: ensemble and simple algorithms. In: Proceedings of the 2019 3rd International Conference on Compute and Data Analysis. ACM, pp 31–35

  90. 90.

    Menahem E, Rokach L, Elovici Y (2009) Troika—an improved stacking schema for classification tasks. Inf Sci 179(24):4097–4122

    Google Scholar 

  91. 91.

    Menahem E, Shabtai A, Rokach L, Elovici Y (2009) Improving malware detection by applying multi-inducer ensemble. Comput Stat Data Anal 53(4):1483–1494

    MathSciNet  MATH  Google Scholar 

  92. 92.

    Meng Y, Kwok LF (2013) Enhancing false alarm reduction using voted ensemble selection in intrusion detection. Int J Computl Intell Syst 6(4):626–638

    Google Scholar 

  93. 93.

    Moreira M, Mayoraz E (1998) Improved pairwise coupling classification with correcting classifiers. In: Machine Learning: ECML-98, pp 160–171

  94. 94.

    Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J Glob Perspect 25(1–3):18–31

    Google Scholar 

  95. 95.

    Muda Z, Yassin W, Sulaiman M, Udzir N et al (2011) A k-means and naive bayes learning approach for better intrusion detection. Inf Technol J 10(3):648–655

    Google Scholar 

  96. 96.

    Mukkamala S, Sung A, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182

    Google Scholar 

  97. 97.

    Obozinski G, Lanckriet G, Grant C, Jordan M, Noble W et al (2008) Consistent probabilistic outputs for protein function prediction. Genome Biol 9(Suppl 1):S6

    Google Scholar 

  98. 98.

    Panda M, Patra M (2008) A comparative study of data mining algorithms for network intrusion detection. In: Proc. of First International Conference on Emerging Trends in Engineering and Technology (ICETET). IEEE, pp 504–507

  99. 99.

    Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470.

    Article  Google Scholar 

  100. 100.

    Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132

    Google Scholar 

  101. 101.

    Perdisci R, Giacinto G, Roli F (2006) Alarm clustering for intrusion detection systems in computer networks. Eng Appl Artif Intell 19(4):429–438

    Google Scholar 

  102. 102.

    Pervez MS, Farid DM (2014) Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014). IEEE, pp 1–6

  103. 103.

    Quinlan J (1996) Bagging, boosting, and c4.5. In: Proc. of the National Conference on Artificial Intelligence, pp 725–730 (1996)

  104. 104.

    Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. In: Security and Communication Networks 2020

  105. 105.

    Re M, Valentini G (2010) Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines. Neurocomputing 73(7–9):1533–1537

    Google Scholar 

  106. 106.

    Ring M, Wunderlich S, Scheuring D, Landes D, Hotho A (2019) A survey of network-based intrusion detection data sets. Comput Secur 86:147–167.

    Article  Google Scholar 

  107. 107.

    Rodrigues D, Papa JP, Adeli H (2017) Meta-heuristic multi-and many-objective optimization techniques for solution of machine learning problems. Expert Syst 34(6):e12,255

    Google Scholar 

  108. 108.

    Rokach L (2010) Ensemble-based classifiers. Artif Intell Rev 33(1):1–39

    MathSciNet  Google Scholar 

  109. 109.

    Sabhnani M, Serpen G (2003) Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context. In: Proc. of International Conference on Machine Learning: Models, Technologies, and Applications, vol 1, pp 2009–215

  110. 110.

    Sahu SK, Katiyar A, Kumari KM, Kumar G, Mohapatra DP (2019) An SVM-based ensemble approach for intrusion detection. Int J Inf Technol Web Eng (IJITWE) 14(1):66–84

    Google Scholar 

  111. 111.

    Schapire RE (1990) The strength of weak learnability. Mach Learn 5(2):197–227

    Google Scholar 

  112. 112.

    Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374

    Google Scholar 

  113. 113.

    Suman C, Tripathy S, Saha S (2019) Building an effective intrusion detection system using unsupervised feature selection in multi-objective optimization framework. arXiv preprint arXiv:1905.06562

  114. 114.

    Syarif I, Zaluska E, Prugel-Bennett A, Wills G (2012) Application of bagging, boosting and stacking to intrusion detection. In: International Workshop on Machine Learning and Data Mining in Pattern Recognition. Springer, pp 593–602

  115. 115.

    Tama BA, Rhee KH (2015) A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems. In: Advances in Computer Science and Ubiquitous Computing. Springer, pp 489–495

  116. 116.

    Tang E, Suganthan P, Yao X (2006) An analysis of diversity measures. Mach Learn 65(1):247–271

    Google Scholar 

  117. 117.

    Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212.

    Article  Google Scholar 

  118. 118.

    Tsoumakas G, Katakis I, Vlahavas I (2004) Effective voting of heterogeneous classifiers. In: European Conference on Machine Learning. Springer, pp 465–476

  119. 119.

    Tsoumakas G, Partalas I, Vlahavas I (2008) A taxonomy and short review of ensemble selection. In: Workshop on Supervised and Unsupervised Ensemble Methods and Their Applications, pp 1–6

  120. 120.

    UNM: UNM dataset (2012). Accessed 2 Feb 2020

  121. 121.

    Valentini G (2003) Ensemble methods based on bias-variance analysis. Ph.D. thesis, University of Genova, DISI-TH-2003-June

  122. 122.

    Verikas A, Lipnickas A, Malmqvist K, Bacauskiene M, Gelzinis A (1999) Soft combination of neural classifiers: a comparative study. Pattern Recognit Lett 20(4):429–444.

    Article  Google Scholar 

  123. 123.

    Vimala S, Khanaa V, Nalini C (2019) A study on supervised machine learning algorithm to improvise intrusion detection systems for mobile ad hoc networks. Cluster Comput 22:4065–4074.

    Article  Google Scholar 

  124. 124.

    Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232

    Google Scholar 

  125. 125.

    Wolpert D (1992) Stacked generalization. Neural Netw 5(2):241–259

    Google Scholar 

  126. 126.

    Xiang C, Yong P, Meng L (2008) Design of multiple-level hybrid classifier for intrusion detection system using bayesian clustering and decision trees. Pattern Recognit Lett 29(7):918–924

    Google Scholar 

  127. 127.

    Xu L, Krzyzak A, Suen C (1992) Methods of combining multiple classifiers and their applications to handwriting recognition. IEEE Trans Syst Man Cybern 22(3):418–435

    Google Scholar 

  128. 128.

    Yan Y, H H (2007) An ensemble approach to intrusion detection based on improved multi-objective genetic algorithm. J Softw 18(6):1369–1378

    Google Scholar 

  129. 129.

    Yao X, Islam M (2008) Evolving artificial neural network ensembles. IEEE Comput Intell Mag 3(1):31–42

    Google Scholar 

  130. 130.

    Zainal A, Maarof M, Shamsuddin S et al (2009) Ensemble classifiers for network intrusion detection system. J Inf Assur Secur 4:217–225

    Google Scholar 

  131. 131.

    Zhou J, Peng H, Suen C (2008) Data-driven decomposition for multi-class classification. Pattern Recognit 41(1):67–76

    MATH  Google Scholar 

  132. 132.

    Zouhair C, Abghour N, Moussaid K, El Omri A, Rida M (2018) A review of intrusion detection systems in cloud computing. In: Security and Privacy in Smart Sensor Networks. IGI Global, pp 253–283

Download references

Author information



Corresponding author

Correspondence to Gulshan Kumar.

Ethics declarations

Conflict of interest

Authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kumar, G., Thakur, K. & Ayyagari, M.R. MLEsIDSs: machine learning-based ensembles for intrusion detection systems—a review. J Supercomput 76, 8938–8971 (2020).

Download citation


  • Artificial intelligence
  • Ensemble
  • Hybrid classifiers
  • Intrusion detection
  • Machine learning