Fusion of Misuse Detection with Anomaly Detection Technique for Novel Hybrid Network Intrusion Detection System

Hussain, Jamal; Lalmuanawma, Samuel

doi:10.1007/978-981-10-3779-5_10

Jamal Hussain¹⁶ &
Samuel Lalmuanawma¹⁶

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 555))

421 Accesses
4 Citations

Abstract

Intrusion detection system (IDS) was designed to monitor the abnormal activity occurring in the computer network system. Many researchers concentrate their efforts on designing different techniques to build reliable IDS. However, individual technique such as misuse and anomaly techniques alone failed to provide the best possible detection rate. In this paper, we proposed a new hybrid IDS model with feature selection that integrates misuse detection technique and anomaly detection technique based on a decision rule structure. The key idea was to take the advantage of naïve Bayes (NB) feature selection, misuse detection technique based on decision tree (DT), and anomaly detection based on one-class support vector machine (OCSVM). First, misuse detection is built using single DT algorithm where the training data get decomposed into multiple subsets with the help of decision rules. Then, anomaly detection models are created for each decomposed subset based on multiple OCSVM. In the proposed model, NB and DT can find the best-selected features to ameliorate the detection accuracy by obtaining decision rules for known normal and attack anomalies. Then, the OCSVM can detect new attacks that result in an improvement in the detection accuracy of classification. The proposed new hybrid model was evaluated based on the NSL-KDD data sets, which is an upgraded version of KDD99 data set developed by DARPA. Simulation results demonstrate that the proposed hybrid model outperforms conventional models in terms of time complexity and detection rate with the much lower rate of false positives.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 3rd SIAM Conference on Data Mining.
Google Scholar
Lee, J. H., Sohn, S. G., Chang, B. H., Chung, T. M. (2009). PKG-VUL: Security vulnerability evaluation and patch framework for package-based systems. ETRI Journal, 31(5), 554–564.
Google Scholar
Beauquier, J., Hu, Y. (2008). Intrusion detection based on distance combination. International Journal of Computer Science, 2(3), 178–186.
Google Scholar
Kim, G., Lee, S., Kim, S. (2014). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700.
Google Scholar
Depren, O., Topallar, M., Anarim, E., Ciliz, M. K. (2005). An intelligent intrusion detection system for anomaly and misuse detection in computer networks. Expert Systems with Applications, 29(4), 713–722.
Google Scholar
Luo, B., Xia, J. (2014). A novel intrusion detection system based on feature generation with visualization strategy. Expert System with Applications, 41, 4139–4147.
Google Scholar
Lin, S. W., Lee, Z. J., Chen, S. C., Tseng, T. Y. (2008). Parameter determination of support vector machines and feature selection using simulated annealing approach. Applied Soft Computing, 8(4), 1505–1512.
Google Scholar
Mukherjee, S., Sharma, N. (2012). Intrusion detection using Naïve Bayes classifier with feature reduction. Procedia Technology, 4, 119–128.
Google Scholar
Lin, S. W., Ying, K. C., Lee, C. Y., Lee, Z. J. (2012). An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Applied Soft Computing, 12(10), 3285–3290.
Google Scholar
Wu, X., Kumar, V., Quinlan, J. R., Ghosh, J., Yang, A., Motoda, Y., McLachlan, G. J., Ng, A., Liu, B., Yu, P.S. (2008). Top 10 algorithms in data mining. Knowledge and Information System, 14(1), 1–37.
Google Scholar
Yang, J., Olafsson, S. (2006). Optimization-based feature selection with adaptive instance sampling. Computer & Operation Research, 33(11), 3088–3106.
Google Scholar
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A. (2009). A detailed analysis of the KDD Cup data sets. In Prococeedings of the 2nd IEEE Symposium on computational intelligence in security and defense applications (pp. 53–58).
Google Scholar
KDD Cup’99 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Quinlan, J. R. (1986). Introduction of decision trees. Machine Learning, 1, 81–106.
Google Scholar
Quinlan, J. R. (1987). Decision trees as probabilistic classifiers. In Proceedings of the 4th International Workshop Machine Learning (pp. 31–37).
Google Scholar
Quinlan, J. R. (1993). C 4.5: programs for machine learning. San Mateo: Morgan Kaufmann Publishers.
Google Scholar
Quinlan, J. R. (1996). Learning decision tree classifier. ACM Computing Surveys (CSUR), 28(1), 71–72.
Google Scholar
Chang, C., Lin, C. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2(3), 27:1–27:27. Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm
Vapnik, V. (1995). The Nature of Statistical Learning Theory. Springer-Verlag, New York.
Google Scholar
Schölkopf, B., Platt, J. C., Taylor, J. S., Smola, A. J., Williamson, R. C. (2001). Estimating the support of a high-dimensional distribution. Neural Computation, 13(7), 1443–1471.
Google Scholar
Perdisci, R., Gu, G., Lee, W. (2006). Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In Proceedings of the 6th International Conference on data mining (pp. 488–498).
Google Scholar
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I. H. (2009). The WEKA data mining software: An update. ACM SIGKDD Explorations Newsletter, 11(1), 10–18.
Google Scholar
Song, J., Takakura, H., Okabe, Y., Kwon, Y. (2009). Unsupervised anomaly detection based on clustering and multiple one-class SVM. IEICE Transactions on Communications, E92-B (6), 1982–1990.
Google Scholar

Download references

Author information

Authors and Affiliations

Mathematics and Computer Science Department, Mizoram University, Tanhril, Aizawl, Mizoram, 796004, India
Jamal Hussain & Samuel Lalmuanawma

Authors

Jamal Hussain
View author publications
You can also search for this author in PubMed Google Scholar
Samuel Lalmuanawma
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samuel Lalmuanawma .

Editor information

Editors and Affiliations

Department of Computer Science and Engineering, Faculty of Engineering and Technology, SOA University, Bhubaneswar, Odisha, India
Srikanta Patnaik
Romania Director of UNESCO Chair, University of Oradea, Bucharest, Oradea, Romania
Florin Popentiu-Vladicescu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hussain, J., Lalmuanawma, S. (2017). Fusion of Misuse Detection with Anomaly Detection Technique for Novel Hybrid Network Intrusion Detection System. In: Patnaik, S., Popentiu-Vladicescu, F. (eds) Recent Developments in Intelligent Computing, Communication and Devices. Advances in Intelligent Systems and Computing, vol 555. Springer, Singapore. https://doi.org/10.1007/978-981-10-3779-5_10

Download citation

DOI: https://doi.org/10.1007/978-981-10-3779-5_10
Published: 11 August 2017
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3778-8
Online ISBN: 978-981-10-3779-5
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics