An Efficient Hybrid Approach To Improve The Intrusion Detection Rate Using Data Mining Techniques

Network security has become a key issue in computer network technology since the advanced attacking techniques and number of attackers are increasing radically.Abnormal activities or behaviors on the network systems could be identified by security systems.But,conventional security systems such as firewall and user authentication cannot achieve success in many abnormal actions.To overcome this challenge,accurate and more intelligent intrusion detection systems(IDSs)needed for protecting computers and networks from malicious network-based or host-based attacks.In last decades,various techniques and solutions have been presented to address the weakness of IDS such as high false alarm rate,low accuracy and also time-consuming.In order to improve the accuracy of the detection rate of abnormal activity and potential attacks,many researchers integrated data mining and machine learning techniques into IDS.This paper reviews current research works that implement machine learning techniques on potential network detection in IDS.Based on the literature review,k-Nearest Neighbor(k-NN)and Decision Tree(DT)are found as two effective machine learning algorithms for anomaly detection behaviors like Remote to Local Attack,User to Root Attack,Probe and Denial of Service Attack.In our research,a hybrid anomaly-based intrusion detection model is designed which combines k-NN with DT algorithms.In order to verify the advantage of the proposed model,performance experiments were conducted which different classification models like Bayesian Network,Na?ve Bayes and Random Forest are combined with k-NN.As NSL-KDD dataset is widely used in abnormal network activity detection research,it is selected as our experiment dataset.Feature selection has an important role in achieving accurate classification,so Information gain algorithm is used for selecting most relative attributes from NSL-KDD dataset.The experimental results showed that the proposed approach has achieved a positive detection rate of 99.7%,the false alarm rate of 0.2% and the accuracy of 99.6% in anomaly detection which illustrate that the proposed model performs better than other existing methods.