A Hybrid Intelligent Approach for Network Intrusion Detection

Intrusion detection is an emerging area of research in the computer security and networks with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behaviour or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper, we propose to use a hybrid intelligent approach using combination of classifiers in order to make the decision intelligently, so that the overall performance of the resultant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or clusterer first on the whole training dataset and then the output is applied to another classifier to classify the data. We use 2-class classification strategy along with 10-fold cross validation method to produce the final classification results in terms of normal or intrusion. Experimental results on NSL-KDD dataset, an improved version of KDDCup 1999 dataset show that our proposed approach is efficient with high detection rate and low false alarm rate. © 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD 2011

[1]  Lisa Talbot,et al.  Data Mining for Improving Intrusion Detection , 2000 .

[2]  Wenying Feng,et al.  Network Intrusion Detection by Support Vectors and Ant Colony , 2009 .

[3]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[4]  Klaus Julisch,et al.  Data Mining for Intrusion Detection , 2002, Applications of Data Mining in Computer Security.

[5]  Aleksandar Lazarevic Data Mining for Intrusion Detection , 2005 .

[6]  Robert P. W. Duin,et al.  Combining Feature Subsets in Feature Selection , 2005, Multiple Classifier Systems.

[7]  Yoram Singer,et al.  Pegasos: primal estimated sub-gradient solver for SVM , 2011, Math. Program..

[8]  Manas Ranjan Patra,et al.  Semi-Naïve Bayesian Method for Network Intrusion Detection System , 2009, ICONIP.

[9]  Ali A. Ghorbani,et al.  IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS 1 Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods , 2022 .

[10]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[11]  Hui Wang,et al.  Mining Association Rules for Intrusion Detection , 2009, 2009 Fourth International Conference on Frontier of Computer Science and Technology.

[12]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[13]  Elsayed Radwan,et al.  Intrusion Detection Using Rough Sets based Parallel Genetic Algorithm Hybrid Model , 2009 .

[14]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[15]  Pat Langley,et al.  Editorial: On Machine Learning , 1986, Machine Learning.

[16]  Andrew H. Sung,et al.  Feature Selection for Intrusion Detection with Neural Networks and Support Vector Machines , 2003 .

[17]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[18]  Tung-Shou Chen,et al.  Building an Intrusion Detection System Based on Support Vector Machine and Genetic Algorithm , 2005, ISNN.

[19]  T. S. Chou,et al.  Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms , 2008 .

[20]  Siti Zaiton Mohd Hashim,et al.  A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis , 2009 .

[21]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[22]  Manas Ranjan Patra,et al.  A Hybrid Clustering Approach for Network Intrusion Detection Using Cobweb and FFT , 2009 .

[23]  Johannes Fürnkranz,et al.  An Evaluation of Grading Classifiers , 2001, IDA.

[24]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[25]  Bertrand Portier Froment-Curtil Data Mining Techniques for Intrusion Detection , 2000 .

[26]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[27]  Stefan Kramer,et al.  Ensembles of Balanced Nested Dichotomies for Multi-class Problems , 2005, PKDD.

[28]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).