An alternative approach for hybrid intrusion Detection system
Nowadays, intrusion detection system is the most important thing for network security. There are two techniques
for intrusion detection: misuse detection and anomaly detection. Most of the intrusion detection system uses all the features
available in the network packet. There are many issues in intrusion detection system such as false positive rate, detection
rate, memory overhead and time overhead. In this paper, a new hybrid intrusion detection system that integrates a misuse
detection model and an anomaly detection model is proposed. First, a rough set based feature reduction is used to select the
most significant features and then a misuse detection model is built based on the C4.5 decision tree algorithm not only to
detect the known attacks but also to decompose the normal training data into smaller subsets using the model. Next, multiple
one-class support vector machines models are created for each decomposed subsets. The proposed hybrid model is evaluated
using the NSL-KDD data set.
Keywords- Intrusion Detection System, C4.5 algorithm, Rough set theory, One-class support vector machine.