International Journal of Computational Intelligence Systems

<Previous Article In Issue
Next Article In Issue>
Volume 9, Issue 5, September 2016, Pages 863 - 875

A two-stage hybrid classification technique for network intrusion detection system

Authors
Jamal Hussain*, 1, jamal.mzu@gmail.com, Samuel Lalmuanawma, 2, samuellalmuanawma@mzu.edu.in, Lalrinfela Chhakchhuak, 3, rinfelc@gmail.com
1,2Mathematics & Computer Science Department, Mizoram University, Aizawl, Mizoram, Tanhril, 796004, India
3Department of Computing, Uiversity of York, Heslington, York, YO10 5DD, United Kingdom
*

Aizawl, Mizoram, Tanhril, 796004, India: E-mail: jamal.mzu@gmail.com

E-mail: rinfelc@gmail.com.

Corresponding author: E-mail address: samuellalmuanawma@mzu.edu.in. Tel:+919436353048.
Corresponding Author
Received 17 April 2015, Accepted 19 May 2016, Available Online 1 September 2016.
DOI
10.1080/18756891.2016.1237186How to use a DOI?
Keywords
Intrusion Detection Systems; Support Vector Machine; Artificial Neural Network; Machine Learning; NSL-KDD
Abstract

Conventional Network intrusion detection system (NIDS) mostly uses individual classification techniques, such system fails to provide the best possible attack detection rate. In this paper, we propose a new two-stage hybrid classification method using Support Vector Machine (SVM) as anomaly detection in the first stage, and Artificial Neural Network (ANN) as misuse detection in the second. The key idea is to combine the advantages of each technique to ameliorate classification accuracy along with a low probability of false positive. The first stage (Anomaly) detects abnormal activities that could be an intrusion. The second stage (Misuse) further analyze if there is a known attack and classifies the type of attack into four classes namely, Denial of Service (DoS), Remote to Local (R2L), User to Root (U2R) and Probe. Simulation results demonstrate that the proposed algorithm outperforms conventional model including individual classification of SVM and ANN algorithm. The empirical results demonstrate that the proposed system has a reliable degree of detecting anomaly activity over the network data. Simulation results of both stages are based on NSL-KDD datasets which is an enhanced version of KDD99 intrusion dataset.

Copyright
© 2016. the authors. Co-published by Atlantis Press and Taylor & Francis
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Download article (PDF)
View full text (HTML)

<Previous Article In Issue
Next Article In Issue>
Journal
International Journal of Computational Intelligence Systems
Volume-Issue
9 - 5
Pages
863 - 875
Publication Date
2016/09/01
ISSN (Online)
1875-6883
ISSN (Print)
1875-6891
DOI
10.1080/18756891.2016.1237186How to use a DOI?
Copyright
© 2016. the authors. Co-published by Atlantis Press and Taylor & Francis
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Cite this article

risenwbib
TY  - JOUR
AU  - Jamal Hussain
AU  - Samuel Lalmuanawma
AU  - Lalrinfela Chhakchhuak
PY  - 2016
DA  - 2016/09/01
TI  - A two-stage hybrid classification technique for network intrusion detection system
JO  - International Journal of Computational Intelligence Systems
SP  - 863
EP  - 875
VL  - 9
IS  - 5
SN  - 1875-6883
UR  - https://doi.org/10.1080/18756891.2016.1237186
DO  - 10.1080/18756891.2016.1237186
ID  - Hussain2016
ER  -