{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:33:04Z","timestamp":1771065184003,"version":"3.50.1"},"reference-count":30,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2020,2,1]],"date-time":"2020-02-01T00:00:00Z","timestamp":1580515200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100005357","name":"Agent\u00fara na Podporu V\u00fdskumu a V\u00fdvoja","doi-asserted-by":"publisher","award":["APVV-16-0213"],"award-info":[{"award-number":["APVV-16-0213"]}],"id":[{"id":"10.13039\/501100005357","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006109","name":"Vedeck\u00e1 Grantov\u00e1 Agent\u00fara M\u0160VVa\u0160 SR a SAV","doi-asserted-by":"publisher","award":["1\/0493\/16"],"award-info":[{"award-number":["1\/0493\/16"]}],"id":[{"id":"10.13039\/501100006109","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Intrusion detection systems (IDS) present a critical component of network infrastructures. Machine learning models are widely used in the IDS to learn the patterns in the network data and to detect the possible attacks in the network traffic. Ensemble models combining a variety of different machine learning models proved to be efficient in this domain. On the other hand, knowledge models have been explicitly designed for the description of the attacks and used in ontology-based IDS. In this paper, we propose a hierarchical IDS based on the original symmetrical combination of machine learning approach with knowledge-based approach to support detection of existing types and severity of new types of network attacks. Multi-stage hierarchical prediction consists of the predictive models able to distinguish the normal connections from the attacks and then to predict the attack classes and concrete attack types. The knowledge model enables to navigate through the attack taxonomy and to select the appropriate model to perform a prediction on the selected level. Designed IDS was evaluated on a widely used KDD 99 dataset and compared to similar approaches.<\/jats:p>","DOI":"10.3390\/sym12020203","type":"journal-article","created":{"date-parts":[[2020,2,3]],"date-time":"2020-02-03T01:25:51Z","timestamp":1580693151000},"page":"203","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":52,"title":["Hierarchical Intrusion Detection Using Machine Learning and Knowledge Model"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3019-8364","authenticated-orcid":false,"given":"Martin","family":"Sarnovsky","sequence":"first","affiliation":[{"name":"Department of Cybernetics and Artificial Intelligence, Faculty of Electrical Engineering and Informatics, Technical University of Ko\u0161ice, Letna 9, 040 01 Ko\u0161ice, Slovakia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4603-0411","authenticated-orcid":false,"given":"Jan","family":"Paralic","sequence":"additional","affiliation":[{"name":"Department of Cybernetics and Artificial Intelligence, Faculty of Electrical Engineering and Informatics, Technical University of Ko\u0161ice, Letna 9, 040 01 Ko\u0161ice, Slovakia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,1]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Park, J. (2019). Advances in Future Internet and the Industrial Internet of Things. Symmetry, 11.","DOI":"10.3390\/sym11020244"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Javaid, A., Niyaz, Q., Sun, W., and Alam, M. (2016, January 3\u20135). A Deep Learning Approach for Network Intrusion Detection System. Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), New York, NY, USA.","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Khan, M.A., Karim, M.d.R., and Kim, Y. (2019). A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network. Symmetry, 11.","DOI":"10.3390\/sym11040583"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1108\/ICS-04-2013-0031","article-title":"A new hierarchical intrusion detection system based on a binary tree of classifiers","volume":"23","author":"Ahmim","year":"2015","journal-title":"Inf. Comput. Secur."},{"key":"ref_5","first-page":"67","article-title":"A New Fast and High Performance Intrusion Detection System","volume":"7","author":"Ahmim","year":"2013","journal-title":"Int. J. Secur. Appl."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1051","DOI":"10.1007\/s00521-016-2418-1","article-title":"An effective combining classifier approach using tree algorithms for network intrusion detection","volume":"28","author":"Kevric","year":"2017","journal-title":"Neural Comput. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Srivastav, N., and Challa, R.K. (2013, January 22\u201323). Novel intrusion detection system integrating layered framework with neural network. Proceedings of the 2013 3rd IEEE International Advance Computing Conference (IACC), Ghaziabad, India.","DOI":"10.1109\/IAdCC.2013.6514309"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1016\/j.jocs.2017.03.006","article-title":"Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model","volume":"25","author":"Aljawarneh","year":"2018","journal-title":"J. Comput. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Samrin, R., and Vasumathi, D. (2017, January 15\u201316). Review on anomaly based network intrusion detection system. Proceedings of the 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), Mysuru, India.","DOI":"10.1109\/ICEECCOT.2017.8284655"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Arunadevi, M., and Perumal, S.K. (2016, January 25\u201327). Ontology based approach for network security. Proceedings of the 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, India.","DOI":"10.1109\/ICACCCT.2016.7831705"},{"key":"ref_11","unstructured":"Salahi, A., and Ansarinia, M. (2013). Predicting network attacks using ontology-driven inference. arXiv."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., and Janicke, H. (2018). A novel hierarchical intrusion detection system based on decision tree and rules-based models. arXiv.","DOI":"10.1109\/DCOSS.2019.00059"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"913","DOI":"10.1016\/j.protcy.2012.10.111","article-title":"A Novel Multi-Classifier Layered Approach to Improve Minority Attack Detection in IDS","volume":"6","author":"Sharma","year":"2012","journal-title":"Procedia Technol."},{"key":"ref_14","unstructured":"Ibrahim, H.E., Badr, S.M., and Shaheen, M.A. (2012). Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/TDSC.2008.20","article-title":"Layered Approach Using Conditional Random Fields for Intrusion Detection","volume":"7","author":"Gupta","year":"2010","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Cheng, G., Jiang, S., and Dai, M. (2019). An efficient intrusion detection system based on feature selection and ensemble classifier. arXiv.","DOI":"10.1016\/j.comnet.2020.107247"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Sobh, T. (2010). An Attacks Ontology for computer and networks attack. Innovations and Advances in Computer Sciences and Engineering, Springer.","DOI":"10.1007\/978-90-481-3658-2"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2014.05.005","article-title":"Ontology for attack detection: An intelligent approach to web application security","volume":"45","author":"Razzaq","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Zhu, L., Zhang, Z., Xia, G., and Jiang, C. (2019, January 24\u201326). Research on Vulnerability Ontology Model. Proceedings of the 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China.","DOI":"10.1109\/ITAIC.2019.8785783"},{"key":"ref_20","unstructured":"Syed, Z., Padia, A., Finin, T., Matthews, L., and Anupam, J. (2016, January 12\u201313). UCO: Unified Cybersecurity Ontology. Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security, Phoenix, Arizona."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Hung, S.-S., and Liu, D.S.-M. (2006, January 8\u20139). A User-centric Intrusion Detection System by Using Ontology Approach. Proceedings of the 9th Joint Conference on Information Sciences (JCIS), Kaohsiung, Taiwan.","DOI":"10.2991\/jcis.2006.118"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Abdoli, F., and Kahani, M. (2009, January 20\u201321). Ontology-based distributed intrusion detection system. Proceedings of the 2009 14th International CSI Computer Conference, Tehran, Iran.","DOI":"10.1109\/CSICC.2009.5349372"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Sobh, T. (2008). Using Attacks Ontology in Distributed Intrusion Detection System. Advances in Computer and Information Sciences and Engineering, Springer.","DOI":"10.1007\/978-1-4020-8741-7"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"More, S., Matthews, M., Joshi, A., and Finin, T. (2012, January 24\u201325). A Knowledge-Based Approach to Intrusion Detection Modeling. Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, San Francisco, CA, USA.","DOI":"10.1109\/SPW.2012.26"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Karande, H.A., and Gupta, S.S. (2015, January 19\u201321). Ontology based intrusion detection system for web application security. Proceedings of the 2015 International Conference on Communication Networks (ICCN), Gwalior, India.","DOI":"10.1109\/ICCN.2015.44"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1504\/IJMSO.2018.096455","article-title":"A semantic web enabled host intrusion detection system","volume":"13","author":"Can","year":"2018","journal-title":"Int. J. Metadata Semant. Ontol."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Divekar, A., Parekh, M., Savla, V., Mishra, R., and Shirole, M. (2018, January 25\u201327). Benchmarking datasets for Anomaly-based Network Intrusion Detection: KDD CUP 99 alternatives. Proceedings of the 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS), Kathmandu, Nepal.","DOI":"10.1109\/CCCS.2018.8586840"},{"key":"ref_28","first-page":"e1954v1","article-title":"A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015","volume":"4","author":"Erdem","year":"2016","journal-title":"PeerJ Preprints"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Mavroeidis, V., and Bromander, S. (2017, January 11\u201313). Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. Proceedings of the 2017 European Intelligence and Security Informatics Conference (EISIC), Athens, Greece.","DOI":"10.1109\/EISIC.2017.20"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A.A. (2009, January 8\u201310). A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada.","DOI":"10.1109\/CISDA.2009.5356528"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/2\/203\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:53:39Z","timestamp":1760172819000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/2\/203"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,1]]},"references-count":30,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["sym12020203"],"URL":"https:\/\/doi.org\/10.3390\/sym12020203","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,1]]}}}