An Alternative Approach For Hybrid Intrusion Detection System
Nowadays, intrusion detection system is the most important thing for network security. There are two techniques for intrusion detection: misuse detection and anomaly detection. Most of the intrusion detection system uses all the features available in the network packet. There are many issues in intrusion detection system such as false positive rate, detection rate, memory overhead and time overhead. In this paper, a new hybrid intrusion detection system that integrates a misuse detection model and an anomaly detection model is proposed. First, a rough set based feature reduction is used to select the most significant features and then a misuse detection model is built based on the C4.5 decision tree algorithm not only to detect the known attacks but also to decompose the normal training data into smaller subsets using the model. Next, multiple one-class support vector machines models are created for each decomposed subsets. The proposed hybrid model is evaluated using the NSL-KDD data set.
Keywords- Intrusion Detection System, C4.5 algorithm, Rough set theory, One-class support vector machine.