One of the most challenging aspects of a rule-based network intrusion detection system is the high false-positive rate, which makes it unreliable. This research study has developed a new hybrid system based on two-stage intrusion detectors in series to lower the system's high false-positive rate. At first, the rule-based system identifies incoming network packets as intrusion packets or normal packets. The trained machine learning model with feature reduction technique assists the classifiers in classifying the incoming packets as intrusion or normal. For the rule-based system, "Snort" is used, and for the second stage, a classification decision tree is used. A Genetic Algorithm (GA) technique is used for feature selection purposes. The final decision about intrusions is based on the prediction of both the learning systems. The experimental results show that this approach successfully reduces the false positive and false negative rates and increases rule-based NIDS accuracy.
Read full abstract