Intrusion detection systems are increasingly a key part of systems defense. Various approaches to intrusion detection are currently being used, but they are relatively ineffective. Constructing and maintaining a misuse detection system is very labor-intensive since attack scenarios and patterns need to be analyzed and categorized, and the corresponding rules and patterns need to be carefully hand-coded. Thus data mining can be used to ease this inconvenience. This paper proposes a multiple level hybrid classifier for an intrusion detection system that uses a combination of tree classifiers which rely on labeled training data and applies an Ant colony clustering algorithm for mixed data. The main advantage of this approach is that the system can be trained with unlabelled data and is capable of detecting previously "unseen" attacks. Verification tests have been carried out by using the 1999 KDD Cup data set. From this work, it is observed that significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate.
[1]
Stefan Axelsson,et al.
Intrusion Detection Systems: A Survey and Taxonomy
,
2002
.
[2]
Ling Chen,et al.
An adaptive ant colony clustering algorithm
,
2004,
Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).
[3]
Zhi-Xin Yu,et al.
A novel adaptive intrusion detection system based on data mining
,
2005,
2005 International Conference on Machine Learning and Cybernetics.
[4]
Dorothy E. Denning,et al.
An Intrusion-Detection Model
,
1987,
IEEE Transactions on Software Engineering.
[5]
C. Xiang,et al.
Design of mnitiple-level tree classifiers for intrusion detection system
,
2004,
IEEE Conference on Cybernetics and Intelligent Systems, 2004..