摘要:Traditional Network intrusion detection system (NIDS) mostly uses individual classification techniques; such system fails to provide the best possible attack detection rate. In this paper, we propose a new two-stage hybrid classification technique using Support Vector Machine (SVM) as anomaly detection in the first stage and Artificial Neural Network (ANN) as misuse detection in the second, the key idea is to combine the advantages of each algorithm to ameliorate classification accuracy along with low false positive. The first stage (Anomaly) classify the network data into two classes namely, normal and attack. The second stage (Misuse) further classify the attack data into four classes namely, Denial of Service (DoS), Remote to Local (R2L), User to Root (U2R) and Probe. Training and testing datasets are obtained from NSL-KDD datasets. Simulation results demonstrate that the proposed algorithm outperforms conventional model and individual classification of SVM and ANN algorithm. The test results showed that the proposed system has a reliable degree of detecting anomaly activity over the network data
其他摘要:Traditional Network intrusion detection system (NIDS) mostly uses individual classification techniques; such system fails to provide the best possible attack detection rate. In this paper, we propose a new two-stage hybrid classification technique using Support Vector Machine (SVM) as anomaly detection in the first stage and Artificial Neural Network (ANN) as misuse detection in the second, the key idea is to combine the advantages of each algorithm to ameliorate classification accuracy along with low false positive. The first stage (Anomaly) classify the network data into two classes namely, normal and attack. The second stage (Misuse) further classify the attack data into four classes namely, Denial of Service (DoS), Remote to Local (R2L), User to Root (U2R) and Probe. Training and testing datasets are obtained from NSL-KDD datasets. Simulation results demonstrate that the proposed algorithm outperforms conventional model and individual classification of SVM and ANN algorithm. The test results showed that the proposed system has a reliable degree of detecting anomaly activity over the network data
