Implementation of two class classifiers for hybrid intrusion detection

摘要

Most intrusion detection systems (IDSs) are based on a single algorithm that is designed to either model normal behavior patterns or attack signatures in network data traffic. Most often, these systems fail to provide adequate alarm capability that reduces false positive and false negative rates. We had proposed multi-stages approaches to enhance the overall performance of IDSs. All models implemented in this paper, must have a perfect 2-classes classifier to differentiate between attacks & normal patterns, so we grant to detect attacks at first stage of IDS and secure the protected system, through other stages we tried to identify the name of intrusion to increase the efficiency of IDS. The first stage is highly capable in detecting normal signature and diverse what-else to attacks category, so it is capable in detecting unseen or unknown attacks. The results of the proposed techniques had shown that a very high increase in the performance of IDS systems. The practical results showed that the multistage system composed of MLP and improved hybrid J48-DT provided the best results among all discussed systems.