A Hybrid Approach for Real-Time Network Intrusion Detection Systems

This paper proposes a hybrid approach for real- time Network Intrusion Detection Systems (NIDS). We adopt Random Forest (RF) for feature selection and Minimax Probability Machine (MPM) for intrusion detection. RF provides the variable importance by numeric values so that the irrelevant features can be eliminated. However, the NIDS based on RF is slow to build intrusion detection model. We employ MPM, since MPM has been shown a better performance, compared with RF in terms of model building time. To validate the feasibility, we carry out several times of experiments with KDD 1999 intrusion detection dataset. The experimental results show the proposed approach is faster and more lightweight than the previous approaches while guaranteeing high detection rates so that it is suitable for real-time NIDS.