This paper proposes a multilevel intrusion detection system (M‐IDS) using the KDD‐Cup‐99 Dataset to detect various types of attacks on computer networks. The IDS consists of three levels and six classifiers, targeting denial of service (DoS), probing attack (PA), remote to local (R2L), and user to root (U2R) attack categories. At level 1, the first classifier identifies DoS, PA, and a class grouping R2L, U2R, and Normal. Level 2 employs three classifiers to identify attack forms corresponding to DoS, PA, R2L, U2R, and Normal. Level 3 includes two classifiers for identifying R2L and U2R attack forms. Support vector machines (SVMs), k ‐nearest neighbors ( k ‐NNs), and semi‐supervised fuzzy c ‐means (SSFCMs) classifiers were evaluated, with SVM and k ‐NN performing best in levels 1 and 2, and SSFCM excelling in level 3. The proposed M‐IDS was tested using the UNSW‐NB15 Dataset, achieving errors lower than 1% in levels 1 and 2 and around 7% in level 3 for the KDD‐Cup‐99 Dataset.
Grajales-Bustamante et al. (Thu,) studied this question.