Effective Hybrid Intrusion Detection System: A Layered Approach

Although there are different techniques proposed for intrusion detection in the literature, most of them consider standalone misuse or anomaly intrusion detection systems. However, by taking the advantages of both systems a better hybrid intrusion detection system can be developed. In this paper, we present an effective hybrid layered intrusion detection system for detecting both previously known and zero-day attacks. In particular, a two layer system that combines misuse and anomaly intrusion detection systems is proposed. The first layer consists of misuse detector which can detect and block known attacks and the second layer comprises of anomaly detector which can efficiently detect and block previously unknown attacks. The misuse detector is modeled based on random forests classifier and the anomaly detector is built using bagging technique with ensemble of one-class support vector machine classifiers. Data pre-processing is done using automatic feature selection and data normalization. Experimental results show that the proposed intrusion detection system outperforms other well-known intrusion detection systems in detecting both previously known and zero-day attacks.

[1]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[2]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[3]  D. Lalitha Bhaskari,et al.  Intrusion Detection Using Random Forests Classifier with SMOTE and Feature Reduction , 2013, 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies.

[4]  Bernhard Schölkopf,et al.  Support Vector Method for Novelty Detection , 1999, NIPS.

[5]  Mohammad Zulkernine,et al.  Network Intrusion Detection using Random Forests , 2005, PST.

[6]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[8]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[9]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[10]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[11]  Li Guo,et al.  Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System , 2006, Inscrypt.

[12]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[13]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[14]  Zhang Xue-qin,et al.  Intrusion Detection System Based on Feature Selection and Support Vector Machine , 2006 .