SEARCH

SEARCH BY CITATION

Keywords:

  • intrusion detection;
  • hybrid intelligent systems;
  • Bayesian networks;
  • decision trees;
  • rule-based classifiers;
  • clustering

ABSTRACT

This paper intends to develop some novel hybrid intelligent systems by combining naïve Bayes with decision trees (NBDT) and by combining non-nested generalized exemplar (NNge) and extended repeated incremental pruning (JRip) rule-based classifiers (NNJR) to construct a multiple classifier system to efficiently detect network intrusions. We also use ensemble design using AdaBoost to enhance the detection rate of the proposed hybrid system. Further, to have a better overall detection, we propose to combine farthest first traversal (FFT) clustering with classification techniques to obtain another two hybrid methods such as DTFF (DT + FFT) and FFNN (NNge + FFT). Finally, we use Bayesian belief network with Tabu search combined with NNge for better detection rate. Because most of the anomaly detection uses binary labels, that is, anomaly or normal, without discussing more details about the attack types, we perform two-class classification for our proposed methodologies in this paper. Substantial experiments are conducted using NSL-KDD dataset, which is a modified version of KDD99 intrusion dataset. Finally, empirical results with a detailed analysis for all the approaches show that hybrid classification with clustering DTFF provides the best anomaly detection rate among all others. Copyright © 2012 John Wiley & Sons, Ltd.