Use of Decision Trees and Attributional Rules in Incremental Learning of an Intrusion Detection Model

2014 International journal of computer networks and communications security  
Current intrusion detection systems are mostly based on typical data mining techniques. The growing prevalence of new network attacks represents a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a Learnable Model for Anomaly Detection (LMAD), as an ensemble real-time intrusion detection model using incremental supervised machine learning techniques. Such techniques are
more » ... lized to detect new attacks. The proposed model is based on making use of two different machine learning techniques, namely, decision trees and attributional rules classifiers. These classifiers comprise an ensemble that provides bagging for decision making. Our experimental results showed that, the model automatically learns new rules from continuous network stream, such that it can efficiently discriminate between anomaly and normal connections, offering the advantage of being deployed on any environment. The model is intensively tested online and its evaluation showed promising results.
doi:10.47277/ijcncs/2(7)1 fatcat:ha6agyvg5jcwtdneemdasyrjsq