Two Layers Multi-class Detection Method for Network Intrusion Detection System

Intrusion Detection Systems (IDSs) are powerful systems which monitor and analyze events in order to detect signs of security problems and take action to stop intrusions. In this paper, the Two Layers Multi-class Detection (TLMD) method used together with the C5.0 method and the Naive Bayes algorithm is proposed for adaptive network intrusion detection, which improves the detection rate as well as the false alarm rate. The proposed TLMD algorithm also addresses some difficulties in data mining situations such as handling imbalance datasets, dealing with continuous attributes, and reducing noise in training dataset. We compared the performance of the proposed TLMD method with that of existing algorithms, using the detection rate, accuracy as well as false alarm rate on the KDDcup99 benchmark intrusion detection dataset. The experimental results prove that the proposed TLMD method has a reduced false alarm rate and a good detection rate based on the imbalanced dataset.