Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques

Anomaly based Intrusion Detection System (IDS) is getting popularity due to its adaptability to the changes in the behavior of network traffic as it has the ability to detect the new attacks. As it is very difficult to set any predefined rule for identifying correctly attack traffic since there is no major difference between normal and attack traffic. In this paper, Anomaly traffic detection system based on the Entropy of network features and Support Vector Machine (SVM) are compared. Further, a hybrid technique that is combination of both entropy of network features and support vector machine is compared with individual methods. DARPA Intrusion Detection Evaluation dataset is used in order to evaluate the methods. It is proved that entropy based detection technique is capable of identifying anomalies in network better than support vector machine based detection system. In addition, hybrid approach outperforms entropy and SVM based techniques. (C) 2012 The Authors. Published by Elsevier Ltd. Selection and/or peer-review under responsibility of the Department of Computer Science & Engineering, National Institute of Technology Rourkela