A Novel Hierarchical Intrusion Detection System Based on Decision Tree and Rules-Based Models

This paper proposes a novel intrusion detection system (IDS) that combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset, attest their superiority in terms of accuracy, detection rate, false alarm rate and time overhead as compared to state of the art existing schemes.

[1]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[2]  Leandros A. Maglaras,et al.  A Cybersecurity Detection Framework for Supervisory Control and Data Acquisition Systems , 2016, IEEE Transactions on Industrial Informatics.

[3]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[4]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[5]  Ian H. Witten,et al.  Reduced-error pruning with significance tests , 1999 .

[6]  Mohammad Javad Golkar,et al.  A hybrid method consisting of GA and SVM for intrusion detection system , 2016, Neural Computing and Applications.

[7]  Md Zahidul Islam,et al.  Forest PA: Constructing a decision forest by penalizing attributes used in previous trees , 2017, Expert Syst. Appl..

[8]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[9]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[10]  Olatz Arbelaitz,et al.  Coverage-based resampling: Building robust consolidated decision trees , 2015, Knowl. Based Syst..

[11]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[12]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[13]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[14]  Mohamed Amine Ferrag,et al.  Cyber security of critical infrastructures , 2018, ICT Express.

[15]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[16]  Massimo De Gregorio,et al.  An experimental evaluation of weightless neural networks for multi-class classification , 2018, Appl. Soft Comput..

[17]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[18]  Ahmed Ahmim,et al.  An intrusion detection system based on combining probability predictions of a tree of classifiers , 2018, Int. J. Commun. Syst..

[19]  Hong Li,et al.  A survey of intrusion detection on industrial control systems , 2018, Int. J. Distributed Sens. Networks.

[20]  Jasmin Kevric,et al.  An effective combining classifier approach using tree algorithms for network intrusion detection , 2017, Neural Computing and Applications.

[21]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .

[22]  Ali A. Ghorbani,et al.  An Evaluation Framework for Intrusion Detection Dataset , 2016, 2016 International Conference on Information Science and Security (ICISS).

[23]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[24]  R. M. Chandrasekaran,et al.  Intrusion detection using neural based hybrid classification methods , 2011, Comput. Networks.

[25]  Eyke Hüllermeier,et al.  FURIA: an algorithm for unordered fuzzy rule induction , 2009, Data Mining and Knowledge Discovery.