Propose HMNIDS Hybrid Multilevel Network Intrusion Detection System

This research present a proposal Hybrid Multilevel Network Intrusion Detection System (HMNIDS) which is a "hybrid multilevel IDS", is hybrid because use misuse and anomaly techniques in intrusion detection, and is multilevel since it apply the two detection techniques hierarchal in two levels. First level applies anomaly ID technique using Support Vector Machine (SVM) for detecting the traffics either normal or intrusions, if normal then passes it else the system input the intrusion traffic to the second level to detect the class of intrusion where this level apply Misuse ID technique using Artificial Neural Networks (ANN). The proposal depend on Data mining is a DM-based HMNIDS since mining provide iterative process so if results are not satisfied with optimal solution, the mining steps will continue to be carried out until mining results are corresponding intention results. For training and testing of MHNIDS in our experiment, we used NSL-KDD data set. It has solved some of the inherent problems of the KDD’99. NSL-KDD similar to KDD99 their connections contains 41 features and is labeled as either normal or attack type, many of these features are irrelative in classification process. In our proposal we used Principle Component Analysis (PCA) as feature extraction to reduce no. of features to avoid time consuming in training and real-time detecting. PCA introduce 8 features as subset of correlated intrinsic features present the basic point in classification. The sets of features that have been resulted from PCA and the all features set will be the feeding of HMNIDS. The results obtained from HMNIDS showing that accuracy rate of SVM and ANN classifiers separately are both high but they are higher with PCA (8) features than all (41) features. Confusion matrix of HMNIDS gives high detection rates and less false alarm rate, also they are higher with (8) PCA than all (41).

[1]  Nacira Ghoualmi Zine,et al.  A New Approach for Adaptive Intrusion Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[2]  Palanisamy,et al.  Modernized Intrusion Detection Using Enhanced Apriori Algorithm , 2013 .

[3]  Risto Vaarandi Real-time classification of IDS alerts with data mining techniques , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[4]  Yilin Zhao,et al.  The Design and Implementation of Intrusion Detection System based on Data Mining Technology , 2013 .

[5]  Muhammad Hussain,et al.  Feature Subset Selection for Network Intrusion Detection Mechanism Using Genetic Eigen Vectors , .

[6]  Cao Yonghui Study of intrusion detection systems , 2013 .

[7]  Sufyan T. Faraj Al-Janabi,et al.  A Neural Network Based Anomaly Intrusion Detection System , 2011, 2011 Developments in E-systems Engineering.

[8]  E. K. Reddy,et al.  A Study of Intrusion Detection in Data Mining , 2011 .

[9]  Ben Boubaker Implementation of an Intrusion Detection System , 2012 .

[10]  Norrozila Sulaiman,et al.  A novel intrusion detection system by using intelligent data mining in weka environment , 2011, WCIT.

[11]  Muhammad Abulaish,et al.  An Activity Pattern Based Wireless Intrusion Detection System , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[12]  Nualsawat Hiransakolwong,et al.  Euclidean-based Feature Selection for Network Intrusion Detection , 2011 .

[13]  Moses Garuba,et al.  Intrusion Techniques: Comparative Study of Network Intrusion Detection Systems , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[14]  Huang,et al.  Study of Intrusion Detection Systems , 2012 .

[15]  Risto Vaarandi,et al.  Network IDS alert classification with frequent itemset mining and data clustering , 2010, 2010 International Conference on Network and Service Management.