Research On Hybrid Classification Algorithm Based On Decision Tree And Na?ve-bayes In Intrusion Detection

In recent years, network technology has been rapidly developed, and at the same time, the security problems are getting more and more seriously. However, the traditional firewall technologies cannot defend networks efficiently, so the research of Intrusion Detection System(Intrusion Detection System) is getting more and more important. The traditional IDS not only consume large amounts of resources, but also with the increasingly complicated network system and the diversity of network attacks, they have great limitations in time and space and also high false positive rate and false negative rate.Research shows that, the machine learning(Machine Learning, ML) method applied to intrusion detection is feasible and efficient. Intrusion detection method based on machine learning not only reduces the false positive rate and false negative rate, but also enhance the learning ability and the real-time performance of the system. In machine learning algorithms, the decision tree method and the na?ve-bayes method have their unique advantages as dealing with different sample data sets. Besides, for both the decision tree and na?ve-bayes, their principles are simple, their training processes are fast, and their processed results are intuitive and easy to explain and understand. Therefore, this dissertation mainly studies intrusion detection algorithm based on decision tree and na?ve-bayes.Firstly, in this dissertation, the basic principles of Decision Tree(Decision Tree, DT) and Naive Bayes(Na?ve-Bayes, NB) are introduced, and the NB algorithm and the classic ID3 algorithm and its extended C4.5 algorithm in decision tree are analyzed in detail. Then through a comprehensive set of analysis and summary on the characteristics of their performance, according to the deficiency of C4.5 algorithm and NB algorithm, a hybrid classification method based on the combination of the two methods(H-C4.5-NB) is proposed to implement the intrusion detection. H-C4.5-NB is mainly a mixed classification model composed by C4.5 and NB, which the local decision tree classifier and na?ve-bayes classifier were built on the dataset. The distribution of decision classes is described in the form of probability, and the final decision results are given by the weighted sum of the probabilities which are the outcomes of C4.5 and NB. Thus, the accuracy of decision of the system is enhanced. The classic KDD CUP 99 dataset is selected to valid at the proposed algorithm. The experimental results have shown that, the detection rate of DOS, U2 R, and R2 L has been increased, the accuracy of the system has been improved, and the false alarm rate of the system has been reduced in H-C4.5-NB.