Cascading of C4.5 Decision Tree and Support Vector Machine for Rule Based Intrusion Detection System

Full Text (PDF, 1414KB), PP.8-20

Views: 0 Downloads: 0

Author(s)

Jashan Koshal 1,* Monark Bag 1

1. Indian Institute of Information Technology Allahabad, Uttar Pradesh-211012, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.08.02

Received: 13 Dec. 2011 / Revised: 9 Mar. 2012 / Accepted: 17 Apr. 2012 / Published: 8 Aug. 2012

Index Terms

Intrusion Detection System, Data Mining, Decision Tree, Support Vector Machine, Hybrid Algorithm

Abstract

Main reason for the attack being introduced to the system is because of popularity of the internet. Information security has now become a vital subject. Hence, there is an immediate need to recognize and detect the attacks. Intrusion Detection is defined as a method of diagnosing the attack and the sign of malicious activity in a computer network by evaluating the system continuously. The software that performs such task can be defined as Intrusion Detection Systems (IDS). System developed with the individual algorithms like classification, neural networks, clustering etc. gives good detection rate and less false alarm rate. Recent studies show that the cascading of multiple algorithm yields much better performance than the system developed with the single algorithm. Intrusion detection systems that uses single algorithm, the accuracy and detection rate were not up to mark. Rise in the false alarm rate was also encountered. Cascading of algorithm is performed to solve this problem. This paper represents two hybrid algorithms for developing the intrusion detection system. C4.5 decision tree and Support Vector Machine (SVM) are combined to maximize the accuracy, which is the advantage of C4.5 and diminish the wrong alarm rate which is the advantage of SVM. Results show the increase in the accuracy and detection rate and less false alarm rate.

Cite This Paper

Jashan Koshal, Monark Bag, "Cascading of C4.5 Decision Tree and Support Vector Machine for Rule Based Intrusion Detection System", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.8, pp.8-20, 2012. DOI:10.5815/ijcnis.2012.08.02

Reference

[1]R. Heady, G. Luger, A. Maccabe, M. Servilla, "The architecture of a network level intrusion detection system", Technical report, Computer Science Department, University of New Mexico, August 1990
[2]M. Mahoney, Computer security: A survey of attacks and defences, 2000, http://www.cs.fit.edu/~mmahoney/ids.html (Accessed on 9th February 2012).
[3]S. L. Scott, "A Bayesian paradigm for designing Intrusion Detection Systems", Computational Statistics & Data Analysis, 2004, 45: p. 69–83.
[4]G. Giacinto, F. Roli, L. Didaci, "Fusion of multiple classifiers for intrusion detection in computer networks", Pattern Recognition Letters, 2003, 24: p. 1795–1803.
[5]G. Kou, Y. Peng, Z. Chen, Y. Shi, "Multiple criteria mathematical programming for multi-class classification and application in network intrusion detection", Information Sciences, 2009, 179: p. 371–381.
[6]I. Kang, M. K. Jeong, D. Kong, "A differentiated one-class classification method with applications to intrusion detection", Expert Systems with Applications, 2012, 39: p. 3899-3905.
[7]S. Jiang, X. Song, H. Wang, J. Han, Q. Li," A clustering-based method for unsupervised intrusion detections", Pattern Recognition Letters, 2006, 27: p 802–810.
[8]S. Lee, G. Kim, S. Kim, "Self-adaptive and dynamic clustering for online anomaly detection", Expert Systems with Applications, 2011, 38: p. 14891–14898.
[9]V. Nikulin, "Threshold-based clustering with merging and regularization in application to network intrusion detection", Computational Statistics & Data Analysis, 2006, 51: p. 1184 – 1196.
[10]A. Tajbakhsh, M. Rahmati, A. Mirzaei, "Intrusion detection using fuzzy association rules", Applied Soft Computing, 2009, 9: p. 462–469.
[11]J. E. Dickerson and J. A. Dickerson, "Fuzzy Network Profiling for Intrusion Detection", Proceedings of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta, 2000, 3: p 301-306.
[12]Y. Liu, K. Chen, X. Liao, W. Zhang," A genetic clustering method for intrusion detection", Pattern Recognition, 2004, 5: p. 927–942.
[13]A. N. Toosi, M. Kahani, "A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers", Computer Communications, 2007, 30: p. 2201–2212.
[14]K. Shafi, H. A. Abbass, "An adaptive genetic-based signature learning system for intrusion detection", Expert Systems with Applications, 2009, 36: p. 12036–12043.
[15]M. S. Abadeh, H. Mohamadi, J. Habibi, "Design and analysis of genetic fuzzy systems for intrusion detection in computer networks", Expert Systems with Applications, 2011, 38: p. 7067–7075.
[16]C. Tsang, S. Kwong, H. Wang, "Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection", Pattern Recognition, 2007 40: p. 2373 – 2391.
[17]P. Sangkatsanee, N. Wattanapongsakorn, C. Charnsripinyo," Practical real-time intrusion detection using machine learning approaches", Computer Communications, 2011, 34: p. 2227-2235.
[18]Y. Yi, J. Wu, W. Xu, "Incremental SVM based on reserved set for network intrusion detection", Expert Systems with Applications, 2011, 38: p. 7698–7707.
[19]E. Eskin, A. Arnold, M. Prerau, L. Portnoy, S. Stolfo, "A geometric framework for unsupervised anomaly detection: Detecting intrusion in unlabelled data", Data Mining for Security Applications, Kluwer, 2002.
[20]A. K. Ghosh, A. Schwartzbard, M. Schatz," Learning program behaviour profiles for intrusion detection", Proceedings of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA, 1999, p: 9-12.
[21]C. Zhang, J. Jiang, M. Kamel, "Intrusion detection using hierarchical neural networks", Pattern Recognition Letters, 2005, 26: p. 779–791.
[22]J. Li, G. Zhang, G. Gu, "The research and implement of intelligent intrusion detection system based on artificial neural network" , Proceedings of the Third International Conference on Machine Laming and Cybernetics, Shanghai, 2004, p. 26-29.
[23]Mohammed Theeb Alotaibi, "Intelligent U2R Attack Detection Using Neural Network", M.Tech Dessertation King Saud University College of Computer and Information Sciences, 2006.
[24]D. Farid, N. Harbi, E. Bahri, M. Z. Rahman, C. M. Rahman, "Attacks Classification in Adaptive Intrusion Detection using Decision Tree", Proceeding of the International Conference on Computer Science (ICCS), Rio De Janeiro, Brazil, 2010, 63: p. 86-90.
[25]W. Lee, S. J. Stolfo et al, "A data mining and CIDF based approach for detecting novel and distributed intrusions", Lecture Notes in Computer Science, 2000, 1907: p. 49-65.
[26]Li Hanguang, Ni Yu, "Intrusion Detection Technology Research Based on Apriori Algorithm", 2012, 24: p., 1615-1620.
[27]G. Wang, J. Hao, J. Ma, L. Huang," A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering", Expert Systems with Applications, 2010, 37: p. 6225–6232.
[28]S. Horng, M. Su, Y. Chen, T. Kao, R. Chen, J. Lai, C. Perkasa, "A novel intrusion detection system based on hierarchical clustering and support vector machines", Expert Systems with Applications, 2011, 38: p. 306–313.
[29]Y. Li, J. Xia, S. Zhang, J. Yan, X. Ai, K. Dai, "An efficient intrusion detection system based on support vector machines and gradually feature removal method", Expert Systems with Applications, 2011, 39: p. 424-430.
[30]O.Depren, M. Topallar, E. Anarim, M. K. Ciliz," An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks", Expert Systems with Applications, 2005, 29: p. 713–722.
[31]T. Pietraszek, A. Tanner, "Data mining and machine learning dTowards reducing false positives in intrusion detection", Information Security Technical Report, 2005, 10: p. 169-183.
[32]S. Wu, E.Yen, "Data mining-based intrusion detectors", Expert Systems with Applications, 2009, 36: p. 5605-5612.
[33]T. Ozyer, R. Alhajj, Ken Barker," Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening", Journal of Network and Computer Applications, 2007, 30: p. 99 – 113.
[34]S. Peddabachigaria, A. Abrahamb, C. G. J. Thomas, "Modeling intrusion detection system using hybrid intelligent systems", Journal of Network and Computer Applications, 2007, 30, 114-132.
[35]M. Ali Aydın, A. H. Zaim, K. G. Ceylan, "A hybrid intrusion detection system design for computer network security", Computers and Electrical Engineering, 2009, 35: p. 517–526.
[36]S. S. S. Sindhu, S. Geetha, A. Kannan, "Decision tree based light weight intrusion detection using a wrapper approach", Expert Systems with Applications, 2012, 39: p. 129–141.
[37]S. lakhina, S.Joseph, B. Verma, "Feature Reduction using Principal Component Analysis for Effective Anomaly–Based Intrusion Detection on NSL-KDD", International Journal of Engineering Science and Technology, 2010, 2(6): p. 1790-1799.
[38]Z. Pan, S. Chen, G. Hu, D. Zhang, "Hybrid neural network and C4.5 for misuse detection", The 2nd International Conference on Machine Learning and Cybernetics, Xi'an, 2003, 4: p. 2463–2467.
[39]A. Chittur,"Model generation for an intrusion detection system using genetic algorithms", High School Honors Thesis, Ossining High School, in cooperation with Columbia Univ, 2001.
[40]M. Su, "Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbour classifiers", Expert Systems with Applications, 2011, 38: p. 3492–3498.
[41]M. Jiang, "Combining Multiple Techniques for Intrusion Detection", International Journal of Computer Science and Network Security, 2006, 6: p. 208-218.
[42]M. Panda, A. Abraham, M.R. Patra, "Discriminative multinomial Naïve Bayes for network intrusion detection", Proceedings of the 6th International Conference on Information Assurance and Security (IAS), 2010, p. 5-10.
[43]A. P. Muniyandi, R. Rajeswari, R. Rajaram, "Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm", Procedia Engineering, 2012, 30:p. 174-182.
[44]I.H. Witten, E. Frank, L. Trigg, M. Hall, G. Holmes, S. J. Cunningham, "Weka: Practical Machine Learning Tools and Techniques with Java Implementations", Proceedings of the ICONIP/ANZIIS/ANNES'99 Workshop on Emerging Knowledge Engineering and Connectionist-Based Information Systems, Dunedin, New Zealand, 1999, p. 192-196.
[45]M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set", Proceedings of the 2009 IEEE Symposium on Computational Intelligence, Ottawa, Canada, 2009, p. 53-58.