An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Building intrusion pattern miner for Snort network intrusion detection system
Journal of Systems and Software
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
Mining data with random forests: A survey and results of new tests
Pattern Recognition
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Going-concern prediction using hybrid random forests and rough set approach
Information Sciences: an International Journal
A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
Expert Systems with Applications: An International Journal
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
| Hi-index | 0.00 |
Intrusion detection is important in network security. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually has high false positive rate. To overcome the limitations of both techniques, we incorporate both anomaly and misuse detection into the NIDS. In this paper, we present our framework of the hybrid system. The system combines the misuse detection and anomaly detection components in which the random forests algorithm is applied. We discuss the advantages of the framework and also report our experimental results over the KDD'99 dataset. The results show that the proposed approach can improve the detection performance of the NIDSs, where only anomaly or misuse detection technique is used.