A two-tier network based intrusion detection system architecture using machine learning approach

Abstract

Intrusion detection systems are systems that can detect any kind of malicious attacks, corrupted data or any kind of intrusion that can pose threat to our systems. In our paper, we would like to present a novel approach to build a network based intrusion detection system using machine learning approach. We have proposed a two-tier architecture to detect intrusions on network level. Network behaviour can be classified as misuse detection and anomaly detection. As our analysis depends on the network behaviour, we have considered data packets of TCP/IP as our input data. After, pre-processing the data by parameter filtering, we build a autonomous model on training set using hierarchical agglomerative clustering. Further, data gets classified as regular traffic pattern or intrusions using KNN classification. This reduces cost-overheads. Misuse detection is conducted using MLP algorithm. Anomaly detection is conducted using Reinforcement algorithm where network agents learn from the environment and take decisions accordingly. The TP rate of our architecture is 0.99 and false positive rate is 0.01. Thus, our architecture provides a high level of security by providing high TP and low false positive rate. And, it also analyzes the usual network patterns and learns incrementally (to build autonomous system) to separate normal data and threats.