A Hybrid Intrusion Detection: Combining Decision Tree and Gaussian Mixture Model

Nowadays, cybercrimes have become a major threat for computer networks. Many researchers considered Network Intrusion Detection System (NIDS) as a layer of defense and proposed new methods for detecting malicious network traffics. In this paper, we propose a hybrid method for detecting intrusion in networks. Using hybrid techniques exploits the strength of both misuse and anomaly detection methods. In our technique, we use decision tree for the misuse detection component and Gaussian Mixture Model (GMM) for anomaly detection. The advantage of using GMM is that it can recognize the attacks, which are similar to the normal distributions. The proposed technique’s performance is evaluated on NSL-KDD dataset. Our empirical observations indicate that the proposed technique is a method of choice by offering higher accuracy and AUC while preserving lower false positive rates.