A new hierarchical intrusion detection system based on a binary tree of classifiers. (9th March 2015)
- Record Type:
- Journal Article
- Title:
- A new hierarchical intrusion detection system based on a binary tree of classifiers. (9th March 2015)
- Main Title:
- A new hierarchical intrusion detection system based on a binary tree of classifiers
- Authors:
- Ahmim, Ahmed
Ghoualmi Zine, Nacira - Abstract:
- Abstract : Purpose: – The purpose of this paper is to build a new hierarchical intrusion detection system (IDS) based on a binary tree of different types of classifiers. The proposed IDS model must possess the following characteristics: combine a high detection rate and a low false alarm rate, and classify any connection in a specific category of network connection. Design/methodology/approach: – To build the binary tree, the authors cluster the different categories of network connections hierarchically based on the proportion of false-positives and false-negatives generated between each of the two categories. The built model is a binary tree with multi-levels. At first, the authors use the best classifier in the classification of the network connections in category A and category G2 that clusters the rest of the categories. Then, in the second level, they use the best classifier in the classification of G2 network connections in category B and category G3 that represents the different categories clustered in G2 without category B. This process is repeated until the last two categories of network connections. Note that one of these categories represents the normal connection, and the rest represent the different types of abnormal connections. Findings: – The experimentation on the labeled data set for flow-based intrusion detection, NSL-KDD and KDD'99 shows the high performance of the authors' model compared to the results obtained by some well-known classifiers and recentAbstract : Purpose: – The purpose of this paper is to build a new hierarchical intrusion detection system (IDS) based on a binary tree of different types of classifiers. The proposed IDS model must possess the following characteristics: combine a high detection rate and a low false alarm rate, and classify any connection in a specific category of network connection. Design/methodology/approach: – To build the binary tree, the authors cluster the different categories of network connections hierarchically based on the proportion of false-positives and false-negatives generated between each of the two categories. The built model is a binary tree with multi-levels. At first, the authors use the best classifier in the classification of the network connections in category A and category G2 that clusters the rest of the categories. Then, in the second level, they use the best classifier in the classification of G2 network connections in category B and category G3 that represents the different categories clustered in G2 without category B. This process is repeated until the last two categories of network connections. Note that one of these categories represents the normal connection, and the rest represent the different types of abnormal connections. Findings: – The experimentation on the labeled data set for flow-based intrusion detection, NSL-KDD and KDD'99 shows the high performance of the authors' model compared to the results obtained by some well-known classifiers and recent IDS models. The experiments' results show that the authors' model gives a low false alarm rate and the highest detection rate. Moreover, the model is more accurate than some well-known classifiers like SVM, C4.5 decision tree, MLP neural network and naïve Bayes with accuracy equal to 83.26 per cent on NSL-KDD and equal to 99.92 per cent on the labeled data set for flow-based intrusion detection. As well, it is more accurate than the best of related works and recent IDS models with accuracy equal to 95.72 per cent on KDD'99. Originality/value: – This paper proposes a novel hierarchical IDS based on a binary tree of classifiers, where different types of classifiers are used to create a high-performance model. Therefore, it confirms the capacity of the hierarchical model to combine a high detection rate and a low false alarm rate. … (more)
- Is Part Of:
- Information and computer security. Volume 23:Number 1(2015)
- Journal:
- Information and computer security
- Issue:
- Volume 23:Number 1(2015)
- Issue Display:
- Volume 23, Issue 1 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 1
- Issue Sort Value:
- 2015-0023-0001-0000
- Page Start:
- 31
- Page End:
- 57
- Publication Date:
- 2015-03-09
- Subjects:
- Information security -- Computer security -- Hierarchical IDS -- Hybrid IDS -- IDS -- Intrusion detection system
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-04-2013-0031 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8327.xml