Recent advances in intrusion detection systems based on machine learning have indeed outperformed other techniques, but struggle with detecting multiple classes of attacks with high accuracy. We propose a method that works in three stages. First, the ExtraTrees classifier is used to select relevant features for each type of attack individually for each (ELM). Then, an ensemble of ELMs is used to detect each type of attack separately. Finally, the results of all ELMs are combined using a softmax layer to refine the results and increase the accuracy further. The intuition behind our system is that multi-class classification is quite difficult compared to binary classification. So, we divide the multi-class problem into multiple binary classifications. We test our method on the UNSW and KDDcup99 datasets. The results clearly show that our proposed method is able to outperform all the other methods, with a high margin. Our system is able to achieve 98.24% and 99.76% accuracy for multi-class classification on the UNSW and KDDcup99 datasets, respectively. Additionally, we use the weighted extreme learning machine to alleviate the problem of imbalance in classification of attacks, which further boosts performance. Lastly, we implement the ensemble of ELMs in parallel using GPUs to perform intrusion detection in real time.

中文翻译：

---

具有ExtraTrees功能选择，极限学习机集成和softmax聚合的多层入侵检测系统

基于机器学习的入侵检测系统的最新进展的确确实优于其他技术，但是在以高精度检测多类攻击方面存在困难。我们提出了一种可在三个阶段工作的方法。首先，ExtraTrees分类器用于针对每种攻击类型（ELM）分别选择相关功能。然后，使用一组ELM分别检测每种攻击。最后，使用softmax层将所有ELM的结果合并在一起，以优化结果并进一步提高精度。我们系统背后的直觉是，与二元分类相比，多类别分类非常困难。因此，我们将多类问题分为多个二进制分类。我们在UNSW和KDDcup99数据集上测试我们的方法。结果清楚地表明，我们提出的方法能够以较高的余量胜过所有其他方法。我们的系统在UNSW和KDDcup99数据集上进行多分类的准确性分别达到98.24％和99.76％。此外，我们使用加权极限学习机来缓解攻击分类不平衡的问题，从而进一步提高性能。最后，我们使用GPU并行实现ELM集成，以实时执行入侵检测。这进一步提高了性能。最后，我们使用GPU并行实现ELM集成，以实时执行入侵检测。这进一步提高了性能。最后，我们使用GPU并行实现ELM集成，以实时执行入侵检测。