A novel hybrid anomaly based intrusion detection method

Existing misuse-based intrusion detection methods are often not sufficient in detecting zero-days attacks. As a result, anomaly or learning based intrusion detection mechanisms have been developed to cope with such attacks. Among variety of anomaly detection approaches, Support Vector Machine (SVM) and Multi Layer Perceptron (MLP) are known to be two of the best machine learning algorithms to classify normal from abnormal behaviors. In this paper a hybrid anomaly-based intrusion detection method is proposed that is based on these two methods. These methods are trained in supervised way. We use the following additional techniques to improve the performance of proposed approach: First, a feature selection technique using the entropy of features is used for extracting optimized information from KDD data set and second, a novel method is proposed to combine the results of these two learning based methods. Lastly, we demonstrate the effectiveness of proposed hybrid approach by using the KDD dataset. The simulation results show that which features of KDD are better to distinguish the normal from abnormal traffics. Also these results show the detection precision of the DoS, Probe, U2R and R2L attacks by using our method are 99%, 100%, 100% and 100% respectively.

[1]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[2]  Honoriu Valean,et al.  A novel intrusion detection method based on support vector machines , 2010, 2010 11th International Symposium on Computational Intelligence and Informatics (CINTI).

[3]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[4]  P. Werbos,et al.  Beyond Regression : "New Tools for Prediction and Analysis in the Behavioral Sciences , 1974 .

[5]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[6]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[7]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[8]  Lluís A. Belanche Muñoz,et al.  Feature selection algorithms: a survey and experimental evaluation , 2002, 2002 IEEE International Conference on Data Mining, 2002. Proceedings..

[9]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.