Anomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors

Abstract With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing unnecessary features is a solution to this problem. Using machine learning methods is one of the best ways to design an intrusion detection system. Focusing on this issue, in this paper, we propose a hybrid intrusion detection system using the decision tree and support vector machine (SVM) approaches. In our method, the feature selection is initially done by the C5.0 decision tree pruning, and then the features with the least predictor importance value are removed. After removing each feature, the least square support vector machine (LSSVM) is applied. The set of features having the highest surface area under the Receiver Operating Characteristic (ROC) curve for LSSVM are considered as final features. The experimental results on two KDD Cup 99 and UNSWNB15 data sets show that the proposed approach improves true positive and false positive criteria and accuracy compared to the best prior work.