Abstract
Intrusion detection system (IDS) was designed to monitor the abnormal activity occurring in the computer network system. Many researchers concentrate their efforts on designing different techniques to build reliable IDS. However, individual technique such as misuse and anomaly techniques alone failed to provide the best possible detection rate. In this paper, we proposed a new hybrid IDS model with feature selection that integrates misuse detection technique and anomaly detection technique based on a decision rule structure. The key idea was to take the advantage of naïve Bayes (NB) feature selection, misuse detection technique based on decision tree (DT), and anomaly detection based on one-class support vector machine (OCSVM). First, misuse detection is built using single DT algorithm where the training data get decomposed into multiple subsets with the help of decision rules. Then, anomaly detection models are created for each decomposed subset based on multiple OCSVM. In the proposed model, NB and DT can find the best-selected features to ameliorate the detection accuracy by obtaining decision rules for known normal and attack anomalies. Then, the OCSVM can detect new attacks that result in an improvement in the detection accuracy of classification. The proposed new hybrid model was evaluated based on the NSL-KDD data sets, which is an upgraded version of KDD99 data set developed by DARPA. Simulation results demonstrate that the proposed hybrid model outperforms conventional models in terms of time complexity and detection rate with the much lower rate of false positives.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 3rd SIAM Conference on Data Mining.
Lee, J. H., Sohn, S. G., Chang, B. H., Chung, T. M. (2009). PKG-VUL: Security vulnerability evaluation and patch framework for package-based systems. ETRI Journal, 31(5), 554–564.
Beauquier, J., Hu, Y. (2008). Intrusion detection based on distance combination. International Journal of Computer Science, 2(3), 178–186.
Kim, G., Lee, S., Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700.
Depren, O., Topallar, M., Anarim, E., Ciliz, M. K. (2005). An intelligent intrusion detection system for anomaly and misuse detection in computer networks. Expert Systems with Applications, 29(4), 713–722.
Luo, B., Xia, J. (2014). A novel intrusion detection system based on feature generation with visualization strategy. Expert System with Applications, 41, 4139–4147.
Lin, S. W., Lee, Z. J., Chen, S. C., Tseng, T. Y. (2008). Parameter determination of support vector machines and feature selection using simulated annealing approach. Applied Soft Computing, 8(4), 1505–1512.
Mukherjee, S., Sharma, N. (2012). Intrusion detection using Naïve Bayes classifier with feature reduction. Procedia Technology, 4, 119–128.
Lin, S. W., Ying, K. C., Lee, C. Y., Lee, Z. J. (2012). An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Applied Soft Computing, 12(10), 3285–3290.
Wu, X., Kumar, V., Quinlan, J. R., Ghosh, J., Yang, A., Motoda, Y., McLachlan, G. J., Ng, A., Liu, B., Yu, P.S. (2008). Top 10 algorithms in data mining. Knowledge and Information System, 14(1), 1–37.
Yang, J., Olafsson, S. (2006). Optimization-based feature selection with adaptive instance sampling. Computer & Operation Research, 33(11), 3088–3106.
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A. (2009). A detailed analysis of the KDD Cup data sets. In Prococeedings of the 2nd IEEE Symposium on computational intelligence in security and defense applications (pp. 53–58).
KDD Cup’99 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Quinlan, J. R. (1986). Introduction of decision trees. Machine Learning, 1, 81–106.
Quinlan, J. R. (1987). Decision trees as probabilistic classifiers. In Proceedings of the 4th International Workshop Machine Learning (pp. 31–37).
Quinlan, J. R. (1993). C 4.5: programs for machine learning. San Mateo: Morgan Kaufmann Publishers.
Quinlan, J. R. (1996). Learning decision tree classifier. ACM Computing Surveys (CSUR), 28(1), 71–72.
Chang, C., Lin, C. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2(3), 27:1–27:27. Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm
Vapnik, V. (1995). The Nature of Statistical Learning Theory. Springer-Verlag, New York.
Schölkopf, B., Platt, J. C., Taylor, J. S., Smola, A. J., Williamson, R. C. (2001). Estimating the support of a high-dimensional distribution. Neural Computation, 13(7), 1443–1471.
Perdisci, R., Gu, G., Lee, W. (2006). Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In Proceedings of the 6th International Conference on data mining (pp. 488–498).
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I. H. (2009). The WEKA data mining software: An update. ACM SIGKDD Explorations Newsletter, 11(1), 10–18.
Song, J., Takakura, H., Okabe, Y., Kwon, Y. (2009). Unsupervised anomaly detection based on clustering and multiple one-class SVM. IEICE Transactions on Communications, E92-B (6), 1982–1990.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hussain, J., Lalmuanawma, S. (2017). Fusion of Misuse Detection with Anomaly Detection Technique for Novel Hybrid Network Intrusion Detection System. In: Patnaik, S., Popentiu-Vladicescu, F. (eds) Recent Developments in Intelligent Computing, Communication and Devices. Advances in Intelligent Systems and Computing, vol 555. Springer, Singapore. https://doi.org/10.1007/978-981-10-3779-5_10
Download citation
DOI: https://doi.org/10.1007/978-981-10-3779-5_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3778-8
Online ISBN: 978-981-10-3779-5
eBook Packages: EngineeringEngineering (R0)