An Intrusion Detection System Based on Multiple Level Hybrid Classifier using Enhanced C4.5

2008 International Conference on Signal Processing, Communications and Networking Pub Date : 2008-02-07 DOI:10.1109/ICSCN.2008.4447164

L. Rajeswari, A. Kannan

{"title":"An Intrusion Detection System Based on Multiple Level Hybrid Classifier using Enhanced C4.5","authors":"L. Rajeswari, A. Kannan","doi":"10.1109/ICSCN.2008.4447164","DOIUrl":null,"url":null,"abstract":"Intrusion Detection System (IDS) has recently emerged as an important component for enhancing information system security. However, constructing and maintaining a misuse intrusion detection system for a network is labor ¿ intensive, since attack scenarios and patterns need to be analyzed and categorized. Moreover, the rules corresponding to the scenarios and patterns need to be carefully hand-coded. In such situations, data mining can be used to ease this inconvenience. This paper proposes a multiple level hybrid classifier for an intrusion detection system that uses a combination of tree classifiers which uses Enhanced C4.5 which rely on labeled training data and an Enhanced Fast Heuristic Clustering Algorithm for mixed data (EFHCAM). The main advantage of this approach is that the system can be trained with unlabelled data and is capable of detecting previously \"unseen\" attacks. Verification tests have been carried out by using the 1999 KDD Cup data set. From this work, it is observed that significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate.","PeriodicalId":158011,"journal":{"name":"2008 International Conference on Signal Processing, Communications and Networking","volume":"193 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Signal Processing, Communications and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSCN.2008.4447164","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

Intrusion Detection System (IDS) has recently emerged as an important component for enhancing information system security. However, constructing and maintaining a misuse intrusion detection system for a network is labor ¿ intensive, since attack scenarios and patterns need to be analyzed and categorized. Moreover, the rules corresponding to the scenarios and patterns need to be carefully hand-coded. In such situations, data mining can be used to ease this inconvenience. This paper proposes a multiple level hybrid classifier for an intrusion detection system that uses a combination of tree classifiers which uses Enhanced C4.5 which rely on labeled training data and an Enhanced Fast Heuristic Clustering Algorithm for mixed data (EFHCAM). The main advantage of this approach is that the system can be trained with unlabelled data and is capable of detecting previously "unseen" attacks. Verification tests have been carried out by using the 1999 KDD Cup data set. From this work, it is observed that significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于增强C4.5的多级混合分类器入侵检测系统

入侵检测系统(IDS)是近年来增强信息系统安全性的重要组成部分。然而，为网络构建和维护误用入侵检测系统是一项劳动密集型工作，因为需要对攻击场景和模式进行分析和分类。此外，与场景和模式相对应的规则需要仔细地手工编码。在这种情况下，可以使用数据挖掘来缓解这种不便。本文提出了一种用于入侵检测系统的多级混合分类器，该分类器采用基于标记训练数据的增强C4.5树分类器和基于混合数据的增强快速启发式聚类算法(EFHCAM)相结合的方法。这种方法的主要优点是系统可以用未标记的数据进行训练，并且能够检测到以前“看不见的”攻击。利用1999年KDD杯数据集进行了验证试验。从研究结果来看，无论是从较高的入侵检测率还是较低的虚警率来看，该方法都取得了显著的改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2008 International Conference on Signal Processing, Communications and Networking

自引率

0.00%

发文量