A hybrid network intrusion detection technique using random forests

Author

Zhang, Jiong ; Zulkernine, Mohammad

Author_Institution

Sch. of Comput., Queen´´s Univ., Kingston, Ont., Canada

fYear

2006

fDate

20-22 April 2006

Abstract

Intrusion detection is important in network security. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually has high false positive rate. To overcome the limitations of both techniques, we incorporate both anomaly and misuse detection into the NIDS. In this paper, we present our framework of the hybrid system. The system combines the misuse detection and anomaly detection components in which the random forests algorithm is applied. We discuss the advantages of the framework and also report our experimental results over the KDD´99 dataset. The results show that the proposed approach can improve the detection performance of the NIDSs, where only anomaly or misuse detection technique is used.

Keywords

computer networks; data mining; security of data; anomaly detection; data mining; hybrid network intrusion detection technique; knowledge discovery; misuse detection; network security; random forests algorithm; Access control; Clustering algorithms; Computational complexity; Computer networks; Cryptography; Data mining; Data security; Detection algorithms; Information security; Intrusion detection; Data mining; Hybrid detection.; Intrusion detection; Network security; Random forests;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on

Print_ISBN

0-7695-2567-9

Type

conf

DOI

10.1109/ARES.2006.7

Filename

1625319