Intrusion Detection System Based on Hybrid Hierarchical Classifiers

According to this research work, the updated KDD-99 database is considered for the enlargement of hybrid hierarchical intrusion detection system (IDS). A total set of 4,898,431 testing instances comprising of 972,781 testing instances of normal type class and 3,925,650 testing instances of attack type class are used. The attack class consists of four distinct type of malicious activities named as DOS, U2R, R2L, and probing. The complete set of instances are further bifurcated into training and testing instance set in the ratio of 50–50. In hierarchical classifier structure, level-1 classifier is used for classification between normal and attack class. Attack class test samples are passed to level-2 classifier, which is used to identify the input test samples into DoS and additional type class. After that, other type test samples are passed to level-3 classifier, which is capable of classifying the tests into R2L and remaining class. Once again remaining class test samples are passed to level-4 classifier, which has the ability to classify the test samples into U2R and probing type of attack. Then, the most excellent performing classifiers at one and all level are again arranged in required hierarchical order to get hybrid hierarchical classifier, so that overall detection ratio is high at each level. After the validation of the proposed work on KDD-99 dataset, the highest detection rate is achieved with the help of hierarchical structure of SSVM classifier based IDS i.e. 97.91%. It has also been calculated that the Overall Detection Accuracy (ODA) of 96.80%, 96.32%, 95.86%, 97.89% and 97.74% is achieved by SVM, PNN, DT, NFC and kNN classifiers in hierarchical structure respectively. The proposed hybrid hierarchical classifier based IDS attained the ODA of 98.79%, which is highest among all experiments ODAs.