A Hybrid Intrusion Detection System for Hierarchical Filtration of Anomalies

  • Pragma Kar
  • Soumya Banerjee
  • Kartick Chandra Mondal
  • Gautam Mahapatra
  • Samiran ChattopadhyayEmail author
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 106)


Network Intrusion Detection System (NIDS) deals with perusal of network traffics for the revelation of malicious activities and network attacks. The diversity of approaches related to NIDS, however, is commensurable with the drawbacks associated with the techniques. In this paper, an NIDS has been proposed that aims at hierarchical filtration of intrusions. The experimental analysis has been performed using KDD Cup’99 and NSL-KDD, from which, it can be clearly inferred that the proposed technique detects the attacks with high accuracy rates, high detection rates, and low false alarm. The run-time analysis of the proposed algorithm depicts the feasibility of its usage and its improvement over existing algorithms.


NIDS KDD Cup’99 NSL-KDD Feature selection Preprocessing Decision tree Isolation forest K-nearest neighbor 


  1. 1.
    Amiri, F., Yousefi, M.R., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34(4) (2011)Google Scholar
  2. 2.
    Peng, H., Fuhui L., Chris D.: Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 8, 1226–1238 (2005)Google Scholar
  3. 3.
    Deshmukh, D.H., Ghorpade, T., Padiya, P.: Intrusion detection system by improved preprocessing methods and Nave Bayes classifier using NSL-KDD’99 Dataset. In: IEEE Electronics and Communication Systems (ICECS). IEEE (2014)Google Scholar
  4. 4.
    Lin, W.-C., Ke, S.-W., Tsai, C.-F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based Syst. 78, 13–21 (2015)CrossRefGoogle Scholar
  5. 5.
    Tsai, C.-F., Lin, C.-Y.: A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit. 43(1), 222–229 (2010)CrossRefGoogle Scholar
  6. 6.
    Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Horng, S.-J., Su, M.-Y., Chen, Y.-H., Kao, T.-W. Chen, R.-J., Lai, J.-L., Perkasa, C.D.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)Google Scholar
  8. 8.
    Wang, Y., Yang, K., Jing, X., Jin, H.L.: Problems of KDD Cup’99 dataset existed and data preprocessing. In: Applied Mechanics and Materials, vol. 667, pp. 218–225. Trans Tech Publications (2014)Google Scholar
  9. 9.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP’99 data set. In: IEEE Computational Intelligence for Security and Defense Applications, CISDA, pp. 1–6. IEEE (2009)Google Scholar
  10. 10.
    Quinlan, J.: Ross, “Induction of decision trees”. Mach. Learn. 1, 81–106 (1986)Google Scholar
  11. 11.
    Mitchell, T.: Machine Learning. McGraw Hill, New York (1997)zbMATHGoogle Scholar
  12. 12.
    Liu, F.T., Ting, K.M., Zhou, Z.-H.: Isolation forest. In: Proceedings of ICDM (2008)Google Scholar
  13. 13.
    Xue-qin, Z., Chun-hua, G., Jia-jun, L.: Intrusion detection system based on feature selection and support vector machine. In Communications and Networking in China, ChinaCom’06, pp. 1–5. IEEE (2006)Google Scholar
  14. 14.
    Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)Google Scholar
  15. 15.
    Wilson, D.L.: Asymptotic properties of nearest neighbor rules using edited data. IEEE Trans. Syst. Man Cybern 2(3), 408–421 (1972)Google Scholar
  16. 16.
  17. 17.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Pragma Kar
    • 1
  • Soumya Banerjee
    • 1
  • Kartick Chandra Mondal
    • 1
  • Gautam Mahapatra
    • 2
  • Samiran Chattopadhyay
    • 1
    Email author
  1. 1.Jadavpur UniversityKolkataIndia
  2. 2.Research Centre Imarat, DRDO, Ministry of Defence, Govt of IndiaHyderabadIndia

Personalised recommendations