Hybrid network intrusion detection system using machine learning classification and rule based learning system

Abstract

One of the greatest challenges of today’s rule-based network intrusion detection system (NIDS) is the largest value of its false positive rate which makes rule-based NIDS system unreliable. To avoid large values of false positive rate, a hybrid system based on multiple intrusion detectors in series has been proposed in this research paper. The proposed system uses a rule-based learning and machine learning classification to automatically detect attacks more precisely against computer networks and systems automatically. Our approach uses two different learning styles in series to detect network intrusions. First, we use a rule-based system to identify incoming network packets as an intrusion or normal packets, and then use trained model of machine learning classifier to further validate whether the incoming packets are intruding or normal packets. For the rule-based system, we use “SNORT” and for machine learning classification we use simple logistic, J48 and Sequential Minimal Optimization (SMO). The final decision about intrusions is based on the prediction of both the learning systems, we use “OR” gate logic on the output of both the detectors to identify attack more precisely. Our experimental results show that our approach can successfully reduce the false positive and false negative rate of rule-based NIDS.