Abstract:
With the enormous growth of computer
networks, network security is gaining increasing
importance. Therefore, the role of Intrusion
Detection Systems (IDSs) is becoming more
important. There are many techniques available
for intrusion detection. In this paper, a hybrid
intrusion detection method that integrates an
anomaly detection model and a misuse detection
model using the one-class SVM and C4.5
decision tree is proposed. Despite the inherent
potential of hybrid detection, there are many
issues that highly affect the performance of the
hybrid systems such as detection rate, false
positive rate, memory overhead, time overhead
and so on. Moreover, most of the existing IDSs
use all of the features available in the dataset to
detect the attack while some of the features are
redundant. It is time-consuming and may
degrade the performance of IDSs. Therefore,
rough set theory is used in the proposed hybrid
intrusion detection system to select the most
significant features. The experimentation is
implemented in ROSETTA and WEKA tools
using NSL-KDD dataset.