Hybrid Intrusion Detection: Combining Decision Tree and Gaussian Mixture Model

Nowadays, cybercrimes have become a major threat for computer networks. Many researchers considered Network Intrusion Detection System (NIDS) as a layer of defense and proposed new methods for detecting malicious network traffics. In this paper, we propose a hybrid method for detecting intrusion in networks. Using hybrid techniques exploits the strength of both misuse and anomaly detection methods. In our technique, we use decision tree for the misuse detection component and Gaussian Mixture Model (GMM) for anomaly detection. The advantage of using GMM is that it can recognize the attacks, which are similar to the normal distributions. The proposed technique’s performance is evaluated on NSL-KDD dataset. Our empirical observations indicate that the proposed technique is a method of choice by offering higher accuracy and AUC while preserving lower false positive rates.

[1]  R. M. Chandrasekaran,et al.  Intrusion detection using neural based hybrid classification methods , 2011, Comput. Networks.

[2]  Mohamed Ben Ahmed,et al.  A Framework for an Adaptive Intrusion Detection System using Bayesian Network , 2007, 2007 IEEE Intelligence and Security Informatics.

[3]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[4]  Douglas A. Reynolds Gaussian Mixture Models , 2009, Encyclopedia of Biometrics.

[5]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[6]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[7]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[8]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[9]  Shoushan Luo,et al.  Efficient intrusion detection using representative instances , 2013, Comput. Secur..

[10]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[11]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[12]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[13]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[14]  Gholamhossein Dastghaibyfard,et al.  Two-tier network anomaly detection model: a machine learning approach , 2017, Journal of Intelligent Information Systems.

[15]  J. R. Quinlan Constructing Decision Trees , 1993 .

[16]  T. Moon The expectation-maximization algorithm , 1996, IEEE Signal Process. Mag..

[17]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.