Design of Multiple-Level Hybrid Classifier for Intrusion Detection System

As the number of networked computers grows, intrusion detection is an essential component in keeping networks secure. However, constructing and maintaining a misuse detection system is very labor-intensive since attack scenarios and patterns need to be analyzed and categorized, and the corresponding rules and patterns need to be carefully hand-coded. Thus, data mining can be used to ease this inconvenience. This paper proposes a multiple-level hybrid classifier, an intrusion detection system that uses a combination of tree classifiers and clustering algorithms to detect intrusions. Performance of this new algorithm is compared to other popular approaches such as MADAM ID and 3-level tree classifiers, and significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate

[1]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[2]  James Kelly,et al.  AutoClass: A Bayesian Classification System , 1993, ML.

[3]  C. Xiang,et al.  Design of mnitiple-level tree classifiers for intrusion detection system , 2004, IEEE Conference on Cybernetics and Intelligent Systems, 2004..

[4]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.