Fusion of Misuse Detection with Anomaly Detection Technique for Novel Hybrid Network Intrusion Detection System

Intrusion detection system (IDS) was designed to monitor the abnormal activity occurring in the computer network system. Many researchers concentrate their efforts on designing different techniques to build reliable IDS. However, individual technique such as misuse and anomaly techniques alone failed to provide the best possible detection rate. In this paper, we proposed a new hybrid IDS model with feature selection that integrates misuse detection technique and anomaly detection technique based on a decision rule structure. The key idea was to take the advantage of naive Bayes (NB) feature selection, misuse detection technique based on decision tree (DT), and anomaly detection based on one-class support vector machine (OCSVM). First, misuse detection is built using single DT algorithm where the training data get decomposed into multiple subsets with the help of decision rules. Then, anomaly detection models are created for each decomposed subset based on multiple OCSVM. In the proposed model, NB and DT can find the best-selected features to ameliorate the detection accuracy by obtaining decision rules for known normal and attack anomalies. Then, the OCSVM can detect new attacks that result in an improvement in the detection accuracy of classification. The proposed new hybrid model was evaluated based on the NSL-KDD data sets, which is an upgraded version of KDD99 data set developed by DARPA. Simulation results demonstrate that the proposed hybrid model outperforms conventional models in terms of time complexity and detection rate with the much lower rate of false positives.