Effective Hybrid Intrusion Detection System: A Layered Approach

Full Text (PDF, 469KB), PP.35-41

Views: 0 Downloads: 0

Author(s)

Abebe Tesfahun 1,* D. Lalitha Bhaskari 1

1. AUCE (A), Andhra University, Visakhapatnam, AP, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2015.03.05

Received: 11 Jul. 2014 / Revised: 26 Oct. 2014 / Accepted: 15 Dec. 2014 / Published: 8 Feb. 2015

Index Terms

Intrusion, Hybrid, Misuse, Anomaly, Random Forests, Performance

Abstract

Although there are different techniques proposed for intrusion detection in the literature, most of them consider standalone misuse or anomaly intrusion detection systems. However, by taking the advantages of both systems a better hybrid intrusion detection system can be developed. In this paper, we present an effective hybrid layered intrusion detection system for detecting both previously known and zero-day attacks. In particular, a two layer system that combines misuse and anomaly intrusion detection systems is proposed. The first layer consists of misuse detector which can detect and block known attacks and the second layer comprises of anomaly detector which can efficiently detect and block previously unknown attacks. The misuse detector is modeled based on random forests classifier and the anomaly detector is built using bagging technique with ensemble of one-class support vector machine classifiers. Data pre-processing is done using automatic feature selection and data normalization. Experimental results show that the proposed intrusion detection system outperforms other well-known intrusion detection systems in detecting both previously known and zero-day attacks.

Cite This Paper

Abebe Tesfahun, D. Lalitha Bhaskari, "Effective Hybrid Intrusion Detection System: A Layered Approach", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.3, pp.35-41, 2015. DOI:10.5815/ijcnis.2015.03.05

Reference

[1]Scarfone, K., Mell, P., Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94, 2007.
[2]M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network Anomaly Detection: Methods, Systems and Tools,” Communications Surveys & Tutorials, IEEE press, vol. 16, no. 1, pp. 303 – 336, 2013.
[3]H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion Detection System: A Comprehensive Review,” Journal of Network and Computer Applications, vol. 36, Issue 1, pp. 16-24, 2013.
[4]M. A. Ayd?n, A. H. Zaim, and K. G. Ceylan, “A Hybrid Intrusion Detection System Design for Computer Network Security,” Computers and Electrical Engineering, vol. 35, no. 3, pp.517-526, 2009.
[5]O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, “An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks,” Expert Systems with Applications, pp. 713–722, 2005.
[6]L. Breiman, “Random Forests”, Machine Learning, vol. 45, no. 1, pp. 5–32, 2001.
[7]A. Tesfahun, and D. L. Bhaskari, “Intrusion Detection Using Random Forests Classifier with SMOTE and Feature Reduction,” in Proc. of 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies, pp.127-132, 2013.
[8]S. Theodoridis, and K. Koutroumbas, “Pattern Recognition”, Academic press, 2009.
[9]B. Scholkopf , R. Williamson, A. Smola , J. Shawe-Taylor, and J. Platt, “Support Vector Method for Novelty Detection,” NIPS, vol. 12, pp. 582-588, 1999.
[10]Z. Xue-qin, G. Chun-hua, and L. Jia-jin, “Intrusion Detection System Based on Feature Selection and Support Vector machine”, in Proc. of First International Conference on Communications and Networking in China, pp. 1-5, Oct. 2006.
[11]Hsu, Chih-Wei, Chang, Chih-Chung, and Chih-Jen, “A Practical Guide to Support Vector Classification”, National Taiwan University, 2003.
[12]Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani “A Detailed Analysis of the KDD CUP 99 Data Set”, in proc. of IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1-6, 2009.
[13]Zhang and M. Zulkernine, “Network Intrusion Detection using Random Forests”, School of Computing Queen’s University, Kingston Ontario, 2006.
[14]W. Lee, S. Stolfo, P. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, and J. Zhang, “Real Time Data Mining-based Intrusion Detection”, The 2001 DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
[15]Y. Chen, Y. Li, X. Q. Cheng, and L. Guo, “Survey and taxonomy of feature selection algorithms in intrusion detection system,” in Proc. of the 2nd SKLOIS conference on Information Security and Cryptology, pp. 153–167, 2006.