A Hybrid Model for Anomaly-Based Intrusion Detection System

  • N. UgtakhbayarEmail author
  • B. Usukhbayar
  • S. Baigaltugs
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 157)


Anomaly-based systems have become critical to the fields of information technology. Since last few years, evolution of anomaly-based intrusion detection system (IDS), improving detection accuracy, and training data preprocessing have been getting specifically important to the researchers of this field. In previous years, a lot have been discussed on the problems in using anomaly-based and hybrid IDSs. Anomaly-based approach is comparatively efficient from signature-based in novel attacks on computer network. However, in some cases, signature-based system is quick in identifying attacks from anomaly systems. In this work, authors have applied preprocessing in KDD 99 and have collected dataset using information gain. Authors have named collected dataset NUM15 as some of the features and redundant data are beside the point which decreases processing time and performance of IDS. After that, naive Bayes and Snort are used to classify the compression results and training the machine in parallel model. This hybrid model combines anomaly and signature detection that can accomplish detection of network anomaly. The results show that the proposed hybrid model can increase the accuracy and can detect novel intrusions.


IDS hybrid model IDS Anomaly detection Snort 


  1. 1.
    Reazul Kabir, Md., Onik, A.R., Samad, T.: A network intrusion detection framework based on Bayesian network using wrapper approach. Int. J. Comput. Appl. 166(4), 13–17 (2017)CrossRefGoogle Scholar
  2. 2.
    Ashoor, A.S., Gore, S.: Importance of intrusion detection system (IDS). Int. J. Sci. Eng. Res. 1–7 (2005)Google Scholar
  3. 3.
    Patel, K.K., Buddhadev, B.V.: An architecture of hybrid intrusion detection system. Int. J. Inf. Netw. Secur. 2(2), 197–202 (2013)Google Scholar
  4. 4.
    Ugtakhbayar, N., Usukhbayar, B., Nyamjav, J.: Improving accuracy for anomaly based IDS using signature based system. Int. J. Comput. Sci. Inf. Secur. 14(5), 358–361 (2016)Google Scholar
  5. 5.
    Pathan, A.K.: The state of the Art in Intrusion Prevention and Detection. CRC Press (2014)Google Scholar
  6. 6.
    Pajouh, H.H., Dastghaibyfard, G.H., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 61–74 (2017)CrossRefGoogle Scholar
  7. 7.
    Naga Surya Lakshmi, M., Radhika, Y.: A complete study on intrusion detection using data mining techniques. IJCEA IX(VI) (2015)Google Scholar
  8. 8.
    Stampar, M., et al.: Artificial Intelligence in Network Intrusion DetectionGoogle Scholar
  9. 9.
    Anderson, J.P.: Computer security threat monitoring and surveillance. In: Technical report, James P. Anderson Co., Fort Washington, Pennsylvania (1980)Google Scholar
  10. 10.
    Yorozu, Y., Hirano, M., Oka, K., Tagawa, Y.: Electron spectroscopy studies on magneto-optical media and plastic substrate interface. IEEE Trans. J. Mag. Jpn. 2, 740–741 (1987) [Digests 9th Annual Conference on Magnetics Japan, p. 301, 1982]Google Scholar
  11. 11.
    Zenghui, L., Yingxu, L.: A data mining framework for building Intrusion detection models based on IPv6. In: Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance. Seoul, Korea, Springer-Verlag (2009)Google Scholar
  12. 12.
    Young, M.: The Technical Writer’s Handbook. University Science, Mill Valley, CA (1989)Google Scholar
  13. 13.
    Androulidakis, G., Papavassiliou, S.: Improving network anomaly detection via selective flow-based sampling. Commun. IET 399–409 (2008)CrossRefGoogle Scholar
  14. 14.
    Te-Shun, C., Fan, J., Kia, M.: Ensemble of machine learning algorithms for intrusion detection, pp. 3976–3980Google Scholar
  15. 15.
    Neelam, S., Saurabh, M.: Layered approach for intrusion detection using Naive Bayes classifier. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, India (2012)Google Scholar
  16. 16.
    Gómez, J., Gil, C., Padilla, N., Baños, R., Jiménez, C.: Design of Snort-based hybrid intrusion detection system. In: IWANN 2009, pp. 515–522 (2009)CrossRefGoogle Scholar
  17. 17.
    Cepheli, Ö., Büyükçorak, S., Kurt, G.K.: Hybrid intrusion detection system for DDoS attacks. J. Electr. Comput. Eng. 2016 (2016). Article ID 1075648CrossRefGoogle Scholar
  18. 18.
    Hussein, S.M., Mohd Ali, F.H., Kasiran, Z.: Evaluation effectiveness of hybrid IDS using Snort with Naïve Bayes to detect attacks. In: IEEE DICTAP 2nd International Conference, May 2012Google Scholar
  19. 19.
    Dhakar, M., Tiwari, A.: A novel data mining based hybrid intrusion detection framework. J. Inf. Comput. Sci. 9(1), 37–48 (2014)Google Scholar
  20. 20.
    Veeramachaneni, K., Arnaldo, I., Cuesta-Infante, A., Korrapati, V., Bassias, C., Li, K.: AI2: training a big data machine to defend. In: 2nd IEEE International Conference on Big Data Security (2016)Google Scholar
  21. 21.
    Aburomman, A.A., Reaz, M.B.I.: Review of IDS development methods in machine learning. Int. J. Electr. Comput. Eng. (IJECE) 6(5), 2432–2436 (2016)CrossRefGoogle Scholar
  22. 22.
  23. 23.
    Pachghare, V.K., Khatavkar, V.K., Kulkarni, P.: Pattern based network security using semi-supervised learning. Int. J. Inf. Netw. Secur. 1(3), 228–234 (2012)Google Scholar
  24. 24.
    Hlaing, T.: Feature selection and fuzzy decision tree for network intrusion detection. Int. J. Inform. Commun. Technol. 1(2), 109–118 (2012)Google Scholar
  25. 25.
    Wang, Y., Yang, K., Jing, X., Jin, H.L.: Problems of KDD Cup 99 dataset existed and data preprocessing. Appl. Mech. Mater. 667, 218–225 (2014)CrossRefGoogle Scholar
  26. 26.
  27. 27.
    Olusola, A.A., Oladele, A.S., Abosede, D.O.: Analysis of KDD’99 intrusion detection dataset for selection of relevance features. In: Proceedings of the WCECS 2010, USA (2010)Google Scholar
  28. 28.
    Aslahi-Shahri, B.M., Rahmani, R., Chizari, M., Maralani, A., Eslami, M., Golkar, M.J., Ebrahimi, A.: A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput. Appl. 27(6), 1669–1676 (2016)CrossRefGoogle Scholar
  29. 29.
    Maxion, R.A., Roberts, R.R.: Proper use of ROC curves in intrusion/anomaly detection. Technical report CS-TR-871 (2004)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.National University of MongoliaUlaanbaatarMongolia
  2. 2.Mongolian University of Science and TechnologyUlaanbaatarMongolia

Personalised recommendations