As the number of networked computers grows, intrusion detection is an essential component in keeping networks secure. However, constructing and maintaining a misuse detection system is very labor-intensive since attack scenarios and patterns need to be analyzed and categorized, and the corresponding rules and patterns need to be carefully hand-coded. Thus, data mining can be used to ease this inconvenience. This paper proposes a multiple-level hybrid classifier, an intrusion detection system that uses a combination of tree classifiers and clustering algorithms to detect intrusions. Performance of this new algorithm is compared to other popular approaches such as MADAM ID and 3-level tree classifiers, and significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate
[1]
Salvatore J. Stolfo,et al.
A framework for constructing features and models for intrusion detection systems
,
2000,
TSEC.
[2]
James Kelly,et al.
AutoClass: A Bayesian Classification System
,
1993,
ML.
[3]
C. Xiang,et al.
Design of mnitiple-level tree classifiers for intrusion detection system
,
2004,
IEEE Conference on Cybernetics and Intelligent Systems, 2004..
[4]
R.K. Cunningham,et al.
Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
,
2000,
Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.