Mining data with random forests: A survey and results of new tests
Pattern Recognition
Data mining for credit card fraud: A comparative study
Decision Support Systems
Assessing the severity of phishing attacks: A hybrid data mining approach
Decision Support Systems
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
Towards the reduction of data used for the classification of network flows
HAIS'12 Proceedings of the 7th international conference on Hybrid Artificial Intelligent Systems - Volume Part II
Network intrusion detection system: a machine learning approach
Intelligent Decision Technologies
HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier
Expert Systems with Applications: An International Journal
Journal of Network and Computer Applications
A hybrid intelligent system for medical data classification
Expert Systems with Applications: An International Journal
| Hi-index | 0.00 |
Prevention of security breaches completely using the existing security technologies is unrealistic. As a result, intrusion detection is an important component in network security. However, many current intrusion detection systems (IDSs) are rule-based systems, which have limitations to detect novel intrusions. Moreover, encoding rules is time-consuming and highly depends on the knowledge of known intrusions. Therefore, we propose new systematic frameworks that apply a data mining algorithm called random forests in misuse, anomaly, and hybrid-network-based IDSs. In misuse detection, patterns of intrusions are built automatically by the random forests algorithm over training data. After that, intrusions are detected by matching network activities against the patterns. In anomaly detection, novel intrusions are detected by the outlier detection mechanism of the random forests algorithm. After building the patterns of network services by the random forests algorithm, outliers related to the patterns are determined by the outlier detection algorithm. The hybrid detection system improves the detection performance by combining the advantages of the misuse and anomaly detection. We evaluate our approaches over the knowledge discovery and data mining 1999 (KDDpsila99) dataset. The experimental results demonstrate that the performance provided by the proposed misuse approach is better than the best KDDpsila99 result; compared to other reported unsupervised anomaly detection approaches, our anomaly detection approach achieves higher detection rate when the false positive rate is low; and the presented hybrid system can improve the overall performance of the aforementioned IDSs.