Title :
A hybrid network intrusion detection technique using random forests
Author :
Zhang, Jiong ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´´s Univ., Kingston, Ont., Canada
Abstract :
Intrusion detection is important in network security. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually has high false positive rate. To overcome the limitations of both techniques, we incorporate both anomaly and misuse detection into the NIDS. In this paper, we present our framework of the hybrid system. The system combines the misuse detection and anomaly detection components in which the random forests algorithm is applied. We discuss the advantages of the framework and also report our experimental results over the KDD´99 dataset. The results show that the proposed approach can improve the detection performance of the NIDSs, where only anomaly or misuse detection technique is used.
Keywords :
computer networks; data mining; security of data; anomaly detection; data mining; hybrid network intrusion detection technique; knowledge discovery; misuse detection; network security; random forests algorithm; Access control; Clustering algorithms; Computational complexity; Computer networks; Cryptography; Data mining; Data security; Detection algorithms; Information security; Intrusion detection; Data mining; Hybrid detection.; Intrusion detection; Network security; Random forests;
Conference_Titel :
Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on
Print_ISBN :
0-7695-2567-9
DOI :
10.1109/ARES.2006.7
