Real-Time Hybrid Intrusion Detection System Using Machine Learning Techniques

Intrusion and intrusive activities have become a bottleneck for both Internet and Intranet users. An intrusion detection system tries to take care of such activities by constantly monitoring the user systems. Although there are two basic approaches in intrusion detection, i.e., misuse detection system and anomaly detection system, respectively, however, recent research works emphasize on hybrid approach which tries to gather the advantage of both misuse and anomaly-based systems. The proposed research work is based on such a hybrid system which uses misuse detection system for known types of intrusions and anomaly detection system for novel attacks. Frequency episode extraction method is specifically used for misuse-based detection and chi-square test is used for anomaly-based detection. Experiments show that the hybrid intrusion detection system is able to consider the real-time traffic of a network as well as the standard available data set for detecting the efficiency of the system. The proposed system learns and trains itself by detecting known attacks from misuse detection system and novel attacks from anomaly detection system, thereby improving the true positive rates and diminishing false negative rates consequently.