نویسندگان
دانشگاه آزاد اسلامی، واحد تهران جنوب، تهران
چکیده
کلیدواژهها
عنوان مقاله [English]
In this paper, a novel hybrid method is proposed for intrusion detection in computer networks using combination of misuse-based and anomaly-based detection models with the aim of performance improvement. In the proposed hybrid approach, a set of algorithms and models is employed. The selection of input features is performed using shuffled frog-leaping (SFL) algorithm. The misuse detection module is implemented using decision tree. The anomaly detection module is implemented using radial-basis function neural network (RBFNN) or support vector machine (SVM). The optimum training parameters of RBFNN are obtained using particle swarm optimization or genetic algorithms. The proposed method is evaluated by conducting experiments using the NSL-KDD intrusion dataset. The experimental results show the superior performance of the proposed method as compared to misuse-based and anomaly-based systems. In addition, the combination of decision tree and SVM can achieve detection rate (DR) of 97.4 percent using 10 selected input features by SFL algorithm. However, other hybrid systems tested on NSL-KDD achieved DR of 82.3 percent and 83.1 percent by using 33 and 14 selected features, respectively. The execution time of the proposed method is 28 times lower than other competitive simulated models in this paper, as well.
کلیدواژهها [English]