A study of cross-validation and bootstrap for accuracy estimation and model selection
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
A hybrid artificial immune system and Self Organising Map for network intrusion detection
Information Sciences: an International Journal
Enhancing network based intrusion detection for imbalanced data
International Journal of Knowledge-based and Intelligent Engineering Systems
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
An intrusion detection based on support vector machines with a voting weight schema
IEA/AIE'07 Proceedings of the 20th international conference on Industrial, engineering, and other applications of applied intelligent systems
A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering
Expert Systems with Applications: An International Journal
Network security using growing hierarchical self-organizing maps
ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
Random effects logistic regression model for anomaly detection
Expert Systems with Applications: An International Journal
A probabilistic risk analysis for multimodal entry control
Expert Systems with Applications: An International Journal
Hybrid detection of application layer attacks using Markov models for normality and attacks
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Integrated expert system applied to the analysis of non-technical losses in power utilities
Expert Systems with Applications: An International Journal
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Expert Systems with Applications: An International Journal
An anomaly intrusion detection approach using cellular neural networks
ISCIS'06 Proceedings of the 21st international conference on Computer and Information Sciences
Network anomaly behavior detection using an adaptive multiplex detector
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Towards a multiagent-based distributed intrusion detection system using data mining approaches
ADMI'11 Proceedings of the 7th international conference on Agents and Data Mining Interaction
An Integrated Intrusion Detection System for Cluster-based Wireless Sensor Networks
Expert Systems with Applications: An International Journal
A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier
Expert Systems with Applications: An International Journal
Pulse quarantine strategy of internet worm propagation: Modeling and analysis
Computers and Electrical Engineering
A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection
Journal of Parallel and Distributed Computing
A network forensics system for information leak events
WASA'13 Proceedings of the 8th international conference on Wireless Algorithms, Systems, and Applications
A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
Expert Systems with Applications: An International Journal
| Hi-index | 12.06 |
In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection module and a decision support system combining the results of these two detection modules. The proposed anomaly detection module uses a Self-Organizing Map (SOM) structure to model normal behavior. Deviation from the normal behavior is classified as an attack. The proposed misuse detection module uses J.48 decision tree algorithm to classify various types of attacks. The principle interest of this work is to benchmark the performance of the proposed hybrid IDS architecture by using KDD Cup 99 Data Set, the benchmark dataset used by IDS researchers. A rule-based Decision Support System (DSS) is also developed for interpreting the results of both anomaly and misuse detection modules. Simulation results of both anomaly and misuse detection modules based on the KDD 99 Data Set are given. It is observed that the proposed hybrid approach gives better performance over individual approaches.