An Intrusion Detection System Based on Multiple Level Hybrid Classifier using Enhanced C4.5

Intrusion Detection System (IDS) has recently emerged as an important component for enhancing information system security. However, constructing and maintaining a misuse intrusion detection system for a network is labor ¿ intensive, since attack scenarios and patterns need to be analyzed and categorized. Moreover, the rules corresponding to the scenarios and patterns need to be carefully hand-coded. In such situations, data mining can be used to ease this inconvenience. This paper proposes a multiple level hybrid classifier for an intrusion detection system that uses a combination of tree classifiers which uses Enhanced C4.5 which rely on labeled training data and an Enhanced Fast Heuristic Clustering Algorithm for mixed data (EFHCAM). The main advantage of this approach is that the system can be trained with unlabelled data and is capable of detecting previously "unseen" attacks. Verification tests have been carried out by using the 1999 KDD Cup data set. From this work, it is observed that significant improvement has been achieved from the viewpoint of both high intrusion detection rate and reasonably low false alarm rate.