A Hybrid Intrusion Detection System for Contemporary Network Intrusion Dataset

  • Jheng-Mo Liao
  • Jui-Sheng Liu
  • Sheng-De Wang
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 733)


We propose a hybrid intrusion detection approach to detect network anomalies. The proposed approach uses a feature discrete method and a cluster analysis algorithm to separate the training samples into two groups, normal and anomaly groups, and then a new classification model is built to improve the performance of the sub group classification. We discretize the features of training samples by the method considering the interdependence between features and labels. Class information is added into the attributes to enhance the clustering results. For the anomaly group, several representative features are selected to construct a classification model to improve the overall classification performance. Two efficient machine learning algorithms, the Decision Tree algorithm and the Bayesian Network algorithm, are adopted in our experiment. The experiment results show that our method can increase both the normal and anomaly detection rate, precision and accuracy. For the classification of new types of modern attacks, our approach also can improve the overall accuracy.


Intrusion detection system Machine learning Contemporary attack detection 


  1. 1.
    García, S., Luengo, J., Sáez, J.A., López, V., Herrera, F.: A survey of discretization techniques: taxonomy and empirical analysis in supervised learning. IEEE Trans. Knowl. Data Eng. 25, 734–750 (2013)CrossRefGoogle Scholar
  2. 2.
    García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28, 18–28 (2009)CrossRefGoogle Scholar
  3. 3.
    Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18, 1153–1176 (2015)CrossRefGoogle Scholar
  4. 4.
    Guo, C., Ping, Y., Liu, N., Luo, S.-S.: A two level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)CrossRefGoogle Scholar
  5. 5.
    Kurgan, L.A., Cios, K.J.: CAIM discretization algorithm. IEEE Trans. Knowl. Data Eng. 16, 145–153 (2004)CrossRefGoogle Scholar
  6. 6.
    Lin, W.-C., Ke, S.-W., Tsai, C.-F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based Syst. 78, 13–21 (2015)CrossRefGoogle Scholar
  7. 7.
    Yin, C., Zhang, S., Wang. J., Kim, J.-U.: An improved K-means using in anomaly detection. In: Computational Intelligence Theory, Systems and Applications (CCITSA) (2015)Google Scholar
  8. 8.
    Om, H., Kundu, A.: A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In: Recent Advances in Information Technology (RAIT) (2012)Google Scholar
  9. 9.
    Al-Yaseen, W.L., Othman, Z.A., Zakree, M., Nazri, A.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. In: Expert Systems with Applications, vol. 67, pp. 296–303, January 2017Google Scholar
  10. 10.
    Chordia Anita, S., Gupta, S.: An effective model for anomaly IDS to improve the efficiency. In: Green Computing and Internet of Things (ICGCIoT) (2015)Google Scholar
  11. 11.
    Aissa, N.B., Guerroumi, M.: A genetic clustering technique for anomaly based intrusion detection systems. In: Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) (2015)Google Scholar
  12. 12.
    Liu, L., Wan, P., Wang, Y., Liu, S.: Clustering and hybrid genetic algorithm based intrusion detection strategy. Indonesian J. Electr. Eng. 12 (2014). TELKOMNIKAGoogle Scholar
  13. 13.
    Eslamnezhad, M., Varjani, A.Y.: Intrusion detection based on MinMax K-means clustering. In: Telecommunications (IST) (2014)Google Scholar
  14. 14.
    Varuna, S., Natesan, P.: An integration of K-Means clustering and Naïve Bayes classifier for intrusion detection. In: Signal Processing, Communication and Networking (ICSCN) (2015)Google Scholar
  15. 15.
    Hall, M.A.: Correlation-based Feature Selection for Machine Learning, Ph.D. dissertation, University of Waikato, New Zealand, April 1999Google Scholar
  16. 16.
    Kaur, R., Kumar, G., Kumar, K.: A comparative study of feature selection techniques for intrusion detection. In: Computing for Sustainable Global Development (INDIACom) (2015)Google Scholar
  17. 17.
    Haq, N.F., Onik, A.R., Shah, F.M.: An ensemble framework of anomaly detection using Hybridized Feature Selection Approach (HFSA). In: SAI Intelligent Systems Conference (IntelliSys) (2015)Google Scholar
  18. 18.
    Desale, K.S., Ade, R.: Genetic algorithm based feature selection approach for effective intrusion detection system. In: Computer Communication and Informatics (ICCCI) (2015)Google Scholar
  19. 19.
    Pervez, M.S., Farid, D.M.: Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: Software, Knowledge, Information Management and Applications (SKIMA) (2014)Google Scholar
  20. 20.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Glob. Perspect. 25, 18–31 (2016)CrossRefGoogle Scholar
  21. 21.
    Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: central points and association rules. In: Australian Information Warfare Conference, December 2015Google Scholar
  22. 22.
    Moustafa, N., Slay, J.: The significant feature of the UNSW-NB15 and the KDD99 datasets for network intrusion detection systems. In: Proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015), November 2015Google Scholar
  23. 23.
    Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27, 861–874 (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Electrical EngineeringNational Taiwan UniversityTaipeiTaiwan

Personalised recommendations