An Active Rule approach for Network Intrusion Detection with NeuroC4.5 Algorithm

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originated inside the organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system cannot be immediately traced. As the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. This paper presents a NeuroC4.5 based approach to network intrusion detection to detect anomalies in the computer networks. Decision tree is with good comprehensibility while neural network is with strong generalization ability. So, these merits are integrated into a novel decision tree algorithm NeuroC4.5. The NeuroC4.5 is employed to derive a set of classification rules from network audit data. The generated rules are then used to detect network intrusions in a real-time environment. Unlike most existing decision tree based approaches, the spawned rules are more effective because the generalization ability of NeuroC4.5 decision trees is better than that of C4.5 decision trees. A comparative evaluation of the proposed NeuroC4.5 model with the classical C4.5 algorithm, on audit data set provided by MIT Lincoln labs, has been presented; superior detection accuracy has been reported by our proposed model