Abstract
In the proposed hybrid intrusion detection process, misuse detection and anomaly detection model is integrated to detect the attack in traffic pattern. In misuse detection model, the traffic pattern is classified into known attack and not known attack. Each extracted normal data set does not have known attack and it contains small amount of varied connection patterns than overall normal data set. Anomaly detection model classifies the not known attack as normal data set and unknown attack thus improving the performance of normal traffic behavior. Experiment is carried out using NSL –KDD dataset and performance of proposed approach is compared with traditional learning approaches in terms of training time, testing time, false positive ratio and detection ratio. The proposed method detects the known attacks and unknown attacks with ratio of 99.8 % and 52% respectively.
Keyword(s)
Anomaly detection, misuse detection, Traffic pattern, hybrid approach