A novel hybrid anomaly based intrusion detection method

Existing misuse-based intrusion detection methods are often not sufficient in detecting zero-days attacks. As a result, anomaly or learning based intrusion detection mechanisms have been developed to cope with such attacks. Among variety of anomaly detection approaches, Support Vector Machine (SVM) and Multi Layer Perceptron (MLP) are known to be two of the best machine learning algorithms to classify normal from abnormal behaviors. In this paper a hybrid anomaly-based intrusion detection method is proposed that is based on these two methods. These methods are trained in supervised way. We use the following additional techniques to improve the performance of proposed approach: First, a feature selection technique using the entropy of features is used for extracting optimized information from KDD data set and second, a novel method is proposed to combine the results of these two learning based methods. Lastly, we demonstrate the effectiveness of proposed hybrid approach by using the KDD dataset. The simulation results show that which features of KDD are better to distinguish the normal from abnormal traffics. Also these results show the detection precision of the DoS, Probe, U2R and R2L attacks by using our method are 99%, 100%, 100% and 100% respectively.